Got it
Huawei Enterprise Support Community
Community Forums Routing & Switching
Advertising Default Route...

Advertising Default Route in VRF

Created: Dec 16, 2019 09:52:34Latest reply: Dec 17, 2019 01:46:14 1424 10 0 0 0
  Rewarded HiCoins: 0 (problem resolved)
View the author 1#

Hello there and merry Xmas!


I want to leak a default route into a VRF, so the CE is able to reach Networks (in future, this will be internet-access), on the P-Router (so far, i have no license to run VRF's an the P-Router, so the "Internet Access" is represented by a Loopback interface in the global routing-table.


so i have C, PE and P-Routers in place. The PE has OSPF and iBGP-Connection to the P-Router and the CE and PE have an eBGP-Connection inside the Customer VRF.


My configuration on the PE is:


<PE>display current-configuration configuration vpn-instance
#
ip vpn-instance CustA
 ipv4-family
  route-distinguisher 65000:200
  vpn-target 65000:200 export-extcommunity
  vpn-target 65000:200 import-extcommunity
#
return
<PE>display current-configuration configuration bgp
#
bgp 208968
 router-id 10.178.10.1
 peer 10.178.2.1 as-number 208968
 #
 ipv4-family unicast
  undo synchronization
  import-route direct
  peer 10.178.2.1 enable
 #
 ipv4-family vpn-instance CustA
  router-id 10.178.10.1
  default-route imported <---------------------------------------is this the correct command to make the default route avialable to the VRF?
  network 10.178.0.100 255.255.255.255
  peer 10.178.100.2 as-number 65000
#
return
<PE>displ current-configuration configuration route-static
#
ip route-static vpn-instance CustA 0.0.0.0 0.0.0.0 10.178.2.1 (P-Router direct connected Interface, reachable via Ping from PE)
#
return


ne20ne40vpn-instance

Like (0) Dislike (0) Favorite(0) Share Report
Previous: S5720-28P How to change the password
Next: Problem 6730 collect traffic SNMP
Featured Answers

Best answer

(0) (0)
chenhui
Admin Created Dec 17, 2019 01:46:14

@poperator sorry for the late.
If you mean ping failure from the CE to the P router, it is normal. Because you just import the default route into the BGP, and it will be transferred to the CE router. So the ICMP echo packets initiated on the CE router could reach the P routers, but the echo reply packets cannot reach the CE router, which causing the ping failure.

What you sould do is to add another static route which towards to the network on the CE router, and import this static route into the BGP, so that the P router could learn the route. You can refer the command below.

ip route-static 10.1.12.0 255.255.255.0 vpn-instance CE_VPN-INSTANCE 10.1.12.2 //configure the static route. 10.1.12.2 is the interconnection IP address of the CE router connects to the PE router.
bgp 100
ipv4-family unicast
import-route static // import the static route configured above, so that the P router could learn the route.
View more
  • x
  • convention:

poperator
poperator Created Dec 17, 2019 09:29:39 (0) (0)
Thank you. Now it kinda works. But i'm not sure if this is the solution for what i'm trying to achieve here. I want many customers from different VRF's to be able to reach the Internet (default route towards internet). But for this one CE, it works now.  

Recommended answer

(0) (0)
chenhui
Admin Created Dec 16, 2019 10:43:41

@poperator hi,
to import default routes, you need to run both the default-route imported command and the import-route (BGP) command.

So, if you want to import the default route and advertise it to the CE router, you should import the static route firstly.


View more
  • x
  • convention:
All Answers
(0) (0)
2#
chenhui
chenhui Admin Created Dec 16, 2019 10:43:41

@poperator hi,
to import default routes, you need to run both the default-route imported command and the import-route (BGP) command.

So, if you want to import the default route and advertise it to the CE router, you should import the static route firstly.


View more
  • x
  • convention:
(0) (0)
3#
chenhui
chenhui Admin Created Dec 16, 2019 10:58:19

Hi, @poperator
I checked your configuration once again, and I got some problems.
Can the default route in the VPN-instance you configured works normally? I rembered that the static route wouldn't take effect if the next-hop of the static route is not reachable. As in your situation, IP 10.178.2.1 is obviously unreachable from the VPN-instance.
View more
  • x
  • convention:

poperator
poperator Created Dec 16, 2019 11:51:36 (0) (0)
Hi chanhui!

Yes, that ist actually my problem. How do i make a target avialable from within a VRF, when it is in the global routing table? Ithought by putting the static route with the next hop in the global routing table, would it make possible. What am i missing?  
(0) (0)
4#
chenhui
chenhui Admin Created Dec 16, 2019 11:59:13

@poperator hi, 

what is the model of your router? 

A simple way to make that static route taking effect, please refer the configuration below

ip route-stat 0.0.0.0 0 G0/0/1   //configure the next-hop with outward interface rather than the IP address.

View more
  • x
  • convention:

poperator
poperator Created Dec 16, 2019 12:49:43 (0) (0)
@chenhui i have a NE40 (P) a NE20 (PE) and a NE05 (CE).

Now i put in the static route with Interface and no next-hop. I can see the route in the routing table for the VRF, but ping is still not working.  
(0) (0)
5#
Gashu
Gashu Created Dec 16, 2019 15:27:52

PLEASE IMPORT IBGP command
View more
  • x
  • convention:

poperator
poperator Created Dec 17, 2019 09:27:22 (0) (0)
What do you mean?  
(0) (0)
6#
Saqib123
Saqib123 Created Dec 16, 2019 16:56:21

hmmm
View more
  • x
  • convention:
(0) (0)
7#
chenhui
chenhui Admin Created Dec 17, 2019 01:46:14

@poperator sorry for the late.
If you mean ping failure from the CE to the P router, it is normal. Because you just import the default route into the BGP, and it will be transferred to the CE router. So the ICMP echo packets initiated on the CE router could reach the P routers, but the echo reply packets cannot reach the CE router, which causing the ping failure.

What you sould do is to add another static route which towards to the network on the CE router, and import this static route into the BGP, so that the P router could learn the route. You can refer the command below.

ip route-static 10.1.12.0 255.255.255.0 vpn-instance CE_VPN-INSTANCE 10.1.12.2 //configure the static route. 10.1.12.2 is the interconnection IP address of the CE router connects to the PE router.
bgp 100
ipv4-family unicast
import-route static // import the static route configured above, so that the P router could learn the route.
View more
  • x
  • convention:

poperator
poperator Created Dec 17, 2019 09:29:39 (0) (0)
Thank you. Now it kinda works. But i'm not sure if this is the solution for what i'm trying to achieve here. I want many customers from different VRF's to be able to reach the Internet (default route towards internet). But for this one CE, it works now.  
Back to list

Comment

Advanced
B Color Image Link Quote Code Smilies
You need to log in to comment to the post Login | Register
Comment

Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " User Agreement."

My Followers

Login and enjoy all the member benefits

Login
Huawei Website Support About Huawei Privacy User Agreement Terms of Use Cookies Cookie Settings
Huawei Enterprise Huawei Carrier Forum Training & Certification

Contact Us: e_online@huawei.com Copyright © 2022 Huawei Technologies Co., Ltd. All rights reserved.

APP

Block
Are you sure to block this user?
Users on your blacklist cannot comment on your post,cannot mention you, cannot send you private messages.
Reminder
Please bind your phone number to obtain invitation bonus.