Concept Guide
DellEMC# show ip route vrf VRF-Shared
O 11.1.1.1/32 via VRF-Red:111.1.1.1 110/0 00:00:10
C 111.1.1.0/24 Direct, VRF-Red:Te 1/11 0/0 22:39:59
O 22.2.2.2/32 via VRF-Blue:122.2.2.2 110/0 00:00:11
C 122.2.2.0/24 Direct, VRF-Blue:Te 1/22 0/0 22:39:61
O 44.4.4.4/32 via 144.4.4.4 110/0
00:00:11
C 144.4.4.0/24 Direct, Te 1/4 0/0 00:32:36
Important Points to Remember
• If the target VRF conatins the same prex as either the sourced or Leaked route from some other VRF, then route Leaking for that
particular prex fails and the following error-log is thrown.
SYSLOG (“Duplicate prefix found %s in the target VRF %d”, address, import_vrf_id) with
The type/level is EVT_LOGWARNING.
• The source routes always take precedence over leaked routes. The leaked routes are deleted as soon as routes are locally learnt by the
VRF using other means.
• For recovery, you must take appropriate action either by deleting the unwanted prexes or issuing clear command or both.
• In the target VRF, you cannot leak routes that are imported through the route leaking feature.
• The leaked route points to the next-hop of the source routes. You cannot do any modications to the next-hop of the leaked route in
the destination VRF.
• IPv6 link local routes will never be leaked from one VRF to another.
Conguring Route Leaking with Filtering
When you initalize route leaking from one VRF to another, all the routes are exposed to the target VRF. If the size of the source VRF's RTM
is considerablly large, an import operation results in the duplication of the target VRF's RTM with the source RTM entries. To mitigate this
issue, you can use route-maps to lter the routes that are exported and imported into the route targets based on certain matching criteria.
These match criteria include, prex matches and portocol matches.
You can use the match source-protocol or match ip-address commands to specify matching criteria for importing or exporting
routes between VRFs.
NOTE
: You must use the match source-protocol or match ip-address commands in conjunction with the route-map command to
be able to dene the match criteria for route leaking.
Consider a scenario where you have created two VRF tables VRF-red and VRF-blue. VRF-red exports routes with the
export_ospfbgp_protocol route-map to VRF-blue. VRF-blue imports these routes into its RTM.
For leaking these routes from VRF-red to VRF-blue, you can use the ip route-export route-map command on VRF-red (source VRF, that is
exporting the routes); you must also specify a match criteria for these routes using the match source-protocol command. When you leak
these routes into VRF-blue, only the routes (OSPF and BGP) that satisfy the matching criteria dened in route-map
export_ospfbgp_protocol are exposed to VRF-blue.
While importing these routes into VRF-blue, you can further specify match conditions at the import end to dene the ltering criteria based
on which the routes are imported into VRF-blue. You can dene a route-map import_ospf_protocol and then specify the match criteria as
OSPF using the match source-protocol ospf command.
You can then use the ip route-import route-map command to import routes matching the ltering criteria dened in the
import_ospf_protocol route-map. For a reply communication, VRF-blue is congured with a route-export tag. This value is then congured
as route-import tag on the VRF-Red.
To congure route leaking using ltering criteria, perform the following steps:
1 Congure VRF-red:
ip vrf vrf-red
1196
Virtual Routing and Forwarding (VRF)