Posted on January 14, 2020 6:08 pm
 |  Asked by Kishan Patel
Print Friendly, PDF & Email


I’m trying to route leak from a VRF to default and from default to VRF (for the return traffic).
I have followed the instructions here:
I have the routes correctly leaking via a VPN table but when i send traffic across it, it seems to be getting dropped.

Topology: R1—OSPF—eth1(default)Core-1(vrf-A)eth3.100—eBGP—R2

R1 has loopback0 interface which redistributes into OSPF to Core-1.
R2 has lookback0 interface which is redistributed into eBGP to Core-1 VRF-a.

R1 has learnt via OSPF
R2 has learnt from eBGP.

I want to ping from Both of these are Cisco IOS devices and have very simple configuration.

I’m running this in GNS3 with Version 4.22.0F

core-1 config:

service routing protocols model multi-agent
hostname CORE-1
vrf instance VRF-A
interface Ethernet1
description TO_R1
no switchport
ip address
ip ospf network point-to-point
interface Ethernet3
description TO_R2
no switchport
interface Ethernet3.100
encapsulation dot1q vlan 100
vrf VRF-A
ip address
ip routing
ip routing vrf VRF-A
ip prefix-list SERVICES
seq 10 permit
ip prefix-list VRF-A_TO_DEFAULT
seq 10 permit
mpls ip
route-map VRF-A_TO_DEFAULT permit 10
match ip address prefix-list VRF-A_TO_DEFAULT
route-map OSPF_TO_BGP permit 10
match ip address prefix-list SERVICES
router bgp 12345
redistribute ospf match external route-map OSPF_TO_BGP
vrf VRF-A
rd 12345:1
route-target import vpn-ipv4 300:0
route-target export vpn-ipv4 300:0
route-target import vpn-ipv4 route-map OSPF_TO_BGP
route-target export vpn-ipv4 route-map VRF-A_TO_DEFAULT
neighbor remote-as 65203
vrf default
rd 12345:2
route-target import vpn-ipv4 300:0
route-target export vpn-ipv4 300:0
route-target import vpn-ipv4 route-map VRF-A_TO_DEFAULT
route-target export vpn-ipv4 route-map OSPF_TO_BGP
router ospf 100
redistribute bgp
network area

CORE-1#show ip route

C is directly connected, Ethernet1
O E2 [110/20] via, Ethernet1
B E L [200/0] (source VRF VRF-A) via, Ethernet3.100

CORE-1#show ip route vrf VRF-A

C is directly connected, Ethernet3.100
O E2 L [200/0] (source VRF default) via, Ethernet1
B E [200/0] via, Ethernet3.100

CORE-1#show bgp vpn-ipv4
Router identifier, local AS number 12345
Network Next Hop Metric LocPref Weight Path
* > RD: 12345:2 IPv4 prefix
– – – 0 i
* > RD: 12345:1 IPv4 prefix
– 0 100 0 65203 ?

R2#ping source lo0

tcpdump interface ethernet3 on CORE-1 shows the ECHO REQUESTs coming in from R2 but no response.
tcpdump interface ethernet1 on CORE-1 to R1 does not show the ECHO REQUEST leaving this switch.

Posted by Aniket Bhowmick
Answered on January 15, 2020 4:14 pm

Hi Kishan,

What we need to check right now is whether the routes are programmed in Hardware properly and if there are no drop rules for those routes.

Can you please confirm which platform you are using. You can check it in "show version".

If the platform is 7280R, 7500R, or 7020R series, then:

- show platform fap ip route | grep ""
- show platform fap ip route | grep ""

If it is 7050 or 7060 series, then:

- show platform trident l3 shadow routes lpm | grep ""
- show platform trident l3 shadow routes host | grep ""

It will be good if you can send us the output of "show tech-support | no" from the switch. Additionally you can also open a case with Arista TAC by sending an email to


Posted by Michael Pergament
Answered on January 15, 2020 4:34 pm

As of now this feature is not supported on vEOS. It is work in progress to extend current vEOS forwarding agent to support it in the future.

Thanks Michael. Do you know when this will be released on vEOS?
(Kishan Patel at January 17, 2020 4:40 pm)
Posted by Kishan Patel
Answered on January 16, 2020 10:17 am

Hi Aniket,

I'm currently labbing this in GNS3 using vEOS.
Is there an equivalent command?

If not, and a tech-info is required, i'll raise a case (as i have replaced all my real ip addresses in the lab with the dummy ones above)

Post your Answer

You must be logged in to post an answer.