Inter-VPRN Routing & Route Leaking
Posted: 21 Dec 2023 15:34
Hello all, I'm setting up a new SR-2S on 22.10 and I'm having issues getting VPRNs to leak routes to eachother using vrf-export and vrf import. I've tried every combination of policy and vrd-target I can think of but nothing has worked. Interestingly enough leaking to GRT does work and so does routing to the GRT. Below is a configuration snippet from VPRN in question along with it's vrf-export and vrd-import policies. Notice though I do have entries in the policies I've set the default action to accept. Any assistance would be greatly appreciated!
*A:OPHE-7750-01>config>service>vprn# info
----------------------------------------------
description "Network Services VPRN"
autonomous-system 22987
interface "To-OPHE-FW-01" create
description "Interface from OPHE-7750-01 to OPHE-FW-01"
address 10.80.88.13/30
sap lag-10:1010.0 create
exit
exit
static-route-entry 0.0.0.0/0
grt
no shutdown
exit
exit
grt-lookup
enable-grt
exit
export-grt "VPRN-2010-GRT-EXPORT"
exit
bgp-ipvpn
mpls
route-distinguisher 10.40.9.1:2010
vrf-import "VPRN-2010-VRF-IMPORT"
vrf-export "VPRN-2010-VRF-EXPORT"
vrf-target export target
2010 import target2005
no shutdown
exit
exit
bgp
group "OPHE-FW-01"
family ipv4
import "OPHE-FW-01_Import"
export "OPHE-FW-01_Export"
peer-as 64999
neighbor 10.80.88.14
exit
exit
no shutdown
exit
no shutdown
----------------------------------------------
*A:OPHE-7750-01# show router policy "VPRN-2010-VRF-EXPORT"
description "Policy statement for VPRN 2010 VRF export."
entry 10
description "From prefix-list NETWORK-SERVICES which will have DHCP, DNS, NTP subnets"
from
prefix-list "NETWORK-SERVICES"
exit
action accept
community add "2010"
exit
exit
entry 20
description "Allow directly connected"
from
protocol direct
exit
action accept
community add "2010"
exit
exit
default-action accept
exit
*A:OPHE-7750-01# show router policy "VPRN-2010-VRF-IMPORT"
description "Policy statement for VPRN 2010 VRF import."
entry 10
from
community "2005"
exit
action accept
exit
exit
default-action accept
exit
*A:OPHE-7750-01>config>service>vprn# info
----------------------------------------------
description "Network Services VPRN"
autonomous-system 22987
interface "To-OPHE-FW-01" create
description "Interface from OPHE-7750-01 to OPHE-FW-01"
address 10.80.88.13/30
sap lag-10:1010.0 create
exit
exit
static-route-entry 0.0.0.0/0
grt
no shutdown
exit
exit
grt-lookup
enable-grt
exit
export-grt "VPRN-2010-GRT-EXPORT"
exit
bgp-ipvpn
mpls
route-distinguisher 10.40.9.1:2010
vrf-import "VPRN-2010-VRF-IMPORT"
vrf-export "VPRN-2010-VRF-EXPORT"
vrf-target export target
2010 import target2005no shutdown
exit
exit
bgp
group "OPHE-FW-01"
family ipv4
import "OPHE-FW-01_Import"
export "OPHE-FW-01_Export"
peer-as 64999
neighbor 10.80.88.14
exit
exit
no shutdown
exit
no shutdown
----------------------------------------------
*A:OPHE-7750-01# show router policy "VPRN-2010-VRF-EXPORT"
description "Policy statement for VPRN 2010 VRF export."
entry 10
description "From prefix-list NETWORK-SERVICES which will have DHCP, DNS, NTP subnets"
from
prefix-list "NETWORK-SERVICES"
exit
action accept
community add "2010"
exit
exit
entry 20
description "Allow directly connected"
from
protocol direct
exit
action accept
community add "2010"
exit
exit
default-action accept
exit
*A:OPHE-7750-01# show router policy "VPRN-2010-VRF-IMPORT"
description "Policy statement for VPRN 2010 VRF import."
entry 10
from
community "2005"
exit
action accept
exit
exit
default-action accept
exit