It may be because your configuration is making use of
vrf-import
which controls what
BGP VPNv4 prefixes get imported into the VRF's Routing Table by matching Route-Targets.
The BGP route displayed in C2-H.inet.0 seems not to be there via BGP VPNv4 (received from within the MPLS) but most likely is coming from the BGP session with the CPE via ge-0/0/7.311.
If you wish not to see any BGP entry in C2-H.inet.0, can you give a try with the regular
import [ policy-names ];
in your BGP configuration?
------------------------------
Hector Gustavo Serrano Gutierrez
------------------------------
Original Message:
Sent: 12-24-2021 13:19
From: Unknown User
Subject: VRF policy questions
I have the following:set policy-options policy-statement C2-H-import term 1 then rejectset routing-instances C2-H instance-type vrfset routing-instances C2-H interface ge-0/0/7.311set routing-instances C2-H interface lo0.1set routing-instances C2-H vrf-import C2-H-importset routing-instances C2-H vrf-export C2-H-exportset routing-instances C2-H protocols bgp group ce peer-as 64600set routing-instances C2-H protocols bgp group ce neighbor 192.168.0.42root@R1# run show route 172.31.76.0/24C2-H.inet.0: 7 destinations, 7 routes (7 active, 0 holddown, 0 hidden)+ = Active Route, - = Last Active, * = Both172.31.76.0/24 *[BGP/170] 00:01:28, localpref 100 AS path: 64600 54591 54591 I, validation-state: unverified > to 192.168.0.42 via ge-0/0/7.311bgp.l3vpn.0: 4 destinations, 4 routes (4 active, 0 holddown, 0 hidden)+ = Active Route, - = Last Active, * = Both172.30.5.7:6:172.31.76.0/24 *[BGP/170] 08:40:57, localpref 100, from 172.30.5.41 AS path: 64600 I, validation-state: unverified to 172.30.0.2 via ae0.0, Push 299936, Push 299888(top) > to 172.30.0.10 via ge-0/0/2.118, Push 299936, Push 299840(top)
The import rejects everything, does that mean no routes learnt from l3vpn should not go to VRF route table ? I do not understand why 172.31.76.0/24 shows in the vrf route table.
thanks !!