IOS XE 15.5
IOS XR 5.3
The topology for this demo:
The context of this post will be leveraging MP-BGP, VRF leaking, route-maps and prefix-lists to leak routes from one VRF to another, specifically the Global RIB to the VRF RIB and vice versa. We will be doing this on the CEs of R13 and R14. The intention is to leak routes, like a default route in the global RIB into the MPLS VPN BGP VRF to propagate that to other sites. Think of this as a variation in "central services" VPN where a CE is already learning the routes it needs to and can propagate any additional routes by simply importing the route(s) into that VRF.
The first demo will be bringing routes from a VRF into the global RIB.
R13
ip prefix-list HOST_ROUTES seq 5 permit 0.0.0.0/0 le 32
!
route-map VRF_TO_GLOBAL permit 10
match ip address prefix-list HOST_ROUTES
!
vrf definition BGP
rd 20:50693
!
address-family ipv4
export ipv4 unicast map VRF_TO_GLOBAL
R13#sh bgp ipv4 unicast | b Network
Network Next Hop Metric LocPrf Weight Path
*> 10.10.10.0/24 131.0.0.1 0 50693 10 ?
*> 11.0.0.0/24 0.0.0.0 0 32768 i
*> 13.13.13.0/24 0.0.0.0 0 32768 ?
*> 59.0.0.0/24 131.0.0.1 0 50693 9 i
*> 83.0.0.0/24 131.0.0.1 0 50693 8 i
*> 106.0.0.0/24 131.0.0.1 0 50693 10 i
*> 112.0.0.0/24 131.0.0.1 0 50693 127 i
These routes are here as a result of the VRF BGP to Global RIB import. I say import when it was really an export, so we exported all the routes from the BGP VRF and they are now in the global RIB. Which is effectively a way for a Central Service or Managed Services Providier to learn the routes on their CE device.
R13#sh bgp ipv4 unicast 59.0.0.0/24
BGP routing table entry for 59.0.0.0/24, version 60
Paths: (1 available, best #1, table default)
Not advertised to any peer
Refresh Epoch 1
50693 9, imported path from 20:50693:59.0.0.0/24 (BGP)
131.0.0.1 from 131.0.0.1 (192.168.1.1)
Origin IGP, localpref 100, valid, external, best
Extended Community: RT:20:50693
rx pathid: 0, tx pathid: 0x0
The output above looks like a standard BGP output with the exception of the "import path" from the (BGP) table. This is a good sign,
R13#sh ip route 59.0.0.0
Routing entry for 59.0.0.0/24, 1 known subnets
B 59.0.0.0 [20/0] via 131.0.0.1 (BGP), 12:15:18
The real test is seeing that same route in the Global RIB as we see it. We can now go ahead and test reachability to R9.
R13#ping 59.0.0.9 source 11.0.0.13
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 59.0.0.9, timeout is 2 seconds:
Packet sent with a source address of 11.0.0.13
!!!!!
The key thing is we have to source the ping from a route that is in the global RIB, the 11.0.0.0/24 network happens to be there. It also needs to be a route that R9 will know how to reach,
Now let's go the opposite direction, from the Global RIB to the BGP VRF.
R13
ip prefix-list 11_ROUTE seq 5 permit 11.0.0.0/24
!
route-map 11_ROUTE permit 10
match ip address prefix-list 11_ROUTE
!
vrf definition BGP
rd 20:50693
!
address-family ipv4
import ipv4 unicast map 11_ROUTE
R13#sh bgp vpnv4 unicast vrf BGP | b Network
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 20:50693 (default for vrf BGP)
Import Map: 11_ROUTE, Address-Family: IPv4 Unicast, Pfx Count/Limit: 1/1000
Export Map: VRF_TO_GLOBAL, Address-Family: IPv4 Unicast, Pfx Count/Limit: 19/1000
*> 11.0.0.0/24 0.0.0.0 0 32768 i
We can see that the 11.0.0.0/24 has been learned in the VPNv4 BGP table.
R13#sh bgp vpnv4 unicast vrf BGP 11.0.0.0/24
BGP routing table entry for 20:50693:11.0.0.0/24, version 76
Paths: (1 available, best #1, table BGP)
Advertised to update-groups:
2
Refresh Epoch 1
Local, imported path from 11.0.0.0/24 (global)
0.0.0.0 (via default) from 0.0.0.0 (131.0.0.13)
Origin IGP, metric 0, localpref 100, weight 32768, valid, external, no-import, no-import, best
rx pathid: 0, tx pathid: 0x0
Expanding the route out we have learned the route from the (global) table and it shows that the route was indeed imported.
R13#sh ip route vrf BGP 11.0.0.0
Routing Table: BGP
Routing entry for 11.0.0.0/8, 2 known subnets
Attached (2 connections)
Variably subnetted with 2 masks
B 11.0.0.0/24 is directly connected, 12:28:29, GigabitEthernet1.10
L 11.0.0.13/32 is directly connected, GigabitEthernet1.10
As you can see, we are learning the route in the BGP VRF table, we can see that we have learned the route from the Global RIB and now in the BGP VRF RIB.
We don't have to test this piece out as we've already proven that the reachability is in place and working.
Thanks for stopping by!
Rob Riker, CCIE #50693
No comments:
Post a Comment