I have been experiencing issue on my lab demonstration that my edge router having one VRF RED and other is a global route table.
From my router to firewall ASA is directly connected link using sub interfaces.
Router side:
Sub interface Gig0/1 .253
Ip address 10.253.8.66/24
Sub interface Gig0/1.254
Ip address 10.254.8.66/24
Asa firewall side:
Sub interface gig0/1.253
Ip address 10.253.8.65/24
Sub interface gig0/1.254
Ip address 10.254.8.65/24
Router and ASA firewall running EIGRP routing.
Router side:
Under vrf RED
EIGRP 100 is running
Autonomous system vrf RED 7
Network 10.254.8.64.0/24
Ip Route 0.0.0.0/0 via isp rtr ip
Ip route 10.73.8.0/24 via 10.253.8.65
(asa firewall sub interface ip)
Asa firewall side:
EIGRP 7 is running
network 10.254.8.64/24
redistribute static
Exit
Route 10.73.9.0 /24 via 10.73.5.5
(core switch ip address for vlan1 )
The issue here is when I show ip route from edge router I can see two different paths to single destination that is to 10.73.8.0/24 subnet
Via 10.253.8.65
D EX 10.254.8.65
It takes two paths. I am not able to ping the ip address of 10.73.8.254 ip which is the SVI of vlan 8 in core switch.
Also pc connected to switch port access vlan 8 doesnāt get internet or not able to reach gateway ip address of edge router or firewall interface ip .
Is the redistribution creating asymmetric route issue or something else.
I am not quite clear on your configuration and your topology. You mention that you see two paths to the single destination. Are both paths learned from EIGRP? And if so, are both paths in the same VRF? Itās not clear in your explanation.
Also, if you cannot ping either from or to the intended host, you should also examine the firewall rules that have been configured. Sometimes although routing may be working correctly, you may find that the ASA may be blocking some of the traffic.
Can you share with us a little more information about your topology? Also, can you share the output of the show ip route command so we can see the routing table? This will help us help you further.
Hi Team ,
the course is great. I have a question if an internet link was connected to a G0/3 port of the ISP router. how I configure the ISP router to allow clients of the RED and cient of BLUE router to access the internet on ISP router
If you have a third interface Gi0/3 on the ISP Router that connects to the Internet, then you can route traffic to the Internet using the global routing table. Letās assume that we have a router connected to that Gi0/3 interface with an IP address of 10.10.10.1. Then you would create two static routes within the ISP router like so:
ISP(config)#ip route vrf RED 0.0.0.0 0.0.0.0 10.10.10.1 global
ISP(config)#ip route vrf BLUE 0.0.0.0 0.0.0.0 10.10.10.1 global
This would route all traffic from both the RED and BLUE VRFs to the global routing table that routes traffic to the router connected to Gi0/3. Does that make sense?
In the ISP router, we look at two BGP tables, one for RED and one for BLUE. Without the redistribution of static and directly connected (and the related RD/RT configurations) you would only see two routes in each BGP table. But now you see four, the two that belong to the local VRF and the other two that were redistributed from the other VRF.
When you then look at the routing tables of each VRF, and you look at ONLY the BGP routes, you only see the redistributed routes.
So for the routing table of VRF RED, the only BGP routes you see are 3.3.3.3/32 and 192.168.23.0/24, which are the redistributed routes from VRF Blue.
Similarly, for the routing table of VRF BLUE, the only BGP routes you see are 1.1.1.1/32 and 192.168.12.0/24, which are the redistributed routes from VRF Red.
The other two routes that are in the local VRF in each case are not BGP routes, but directly connected or static, which means they have a better Administrative Distance than the routes in the BGP table, thus they are used instead of the BGP routes. Does that make sense?
But why they have ā*>ā symbol in BGP routing table? Shouldnāt they have RIB failure symbol if there are routes with better administrative distance?
I did a bit more digging and labbed this one up to see the behaviorā¦ It turns out that this behavior has nothing to do with the VRFs. It has everything to do with the source of the BGP information.
I created a BGP instance in a router, created a static route, and redistributed that static route into BGP. The result is that the static route appears in the routing table, and the static route also appears as a valid and best path (*>) in the BGP table.
Why? If you have a static route to a particular destination, and you then redistribute that static route into BGP using the redistribute static command under the BGP configuration mode, that installed static route is not considered to be āin conflictā with the information provided by BGP. This is because BGP received that info from that particular static route. So even though the static route does have a lower AD than the BGP route, it is not considered a RIB failure. Does that make sense?