Interconnect virtual routers using BGP

This task enables you to configure BGP settings to leak routes among virtual routers (Global and user-defined virtual routers) by using route targets and route maps to share routes between different virtual routing instances.

You can now configure BGP settings on a device to leak the routes among virtual routers (Global and user-defined virtual routers). The route target of the source virtual router is exported to the BGP table, which, in turn is imported to the destination virtual router. The route map is used to share the Global virtual routes with the user-defined virtual routers and vice versa. Note that all import or export of the routes to the BGP table is configured at the user-defined virtual router, including the Global virtual routes.

Consider the firewall device of a factory is configured with virtual routers and interfaces:

  • Global virtual router is configured with Inside (10.10.1.4/24) and Outside (10.10.0.5/24)

  • VR-S (Sales) virtual router is configured with Inside1 (10.10.10.7/24) and Outside1 (10.10.11.7/24)

  • VR-W (Warehouse) virtual router is configured with Inside2 (10.10.12.7/24) and Outside2 (10.10.13.7/24)

Assume that you want the routes of warehouse (VR-W) to be leaked with sales (VR-S) and Global, and the outside interface routes of VR-S to VR-W. Similarly, you want the outside interface routes of the Global router to be leaked to sales (VR-S). This example demonstrates the BGP configuration procedure to achieve interconnecting the routers:

Interconnect virtual routers using BGP settings
BGP route leak for VRF

Before you begin

Follow these steps to interconnect virtual routers using BGP:

Procedure

Step 1

Configure VR-W to export its routes tagging them with a route target to VR-S:

  1. Choose Devices > Device Management, edit device, and then click the Routing tab.

  2. From the virtual router drop-down, select VR-W. Then click BGP > IPv4 > Route Import/Export.

  3. To leak the VR-W routes to VR-S, tag the routes with a route target, so that the VR-W routes are exported to its BGP table with the route target marked on them. In the Route Targets Export field, enter a value, say, 200:200. Click Add:

  4. From the virtual router drop-down, select VR-S. Then click BGP > IPv4 > Route Import/Export.

  5. To receive the leaked routes from VR-W, configure the Import Route Target to import the VR-W routes that are marked with the route target from the (peer or redistributed) BGP table. In the Route Targets Import field, enter the same route target value that you had configured for VR-W, 200:200. Click Add.

Note

If you want to conditionalize routes to be leaked from VR-W, you can specify the match criteria in the route map object, and choose it in the User Virtual Router Export Route Map. Similarly, if you want to conditionalize the routes to be imported to VR-S from the BGP table, you can use the User Virtual Router Import Route Map. This procedure is explained in Step 3.

Step 2

Configure VR-W to export its routes to the Global virtual router:

  1. You need to create a route map that would allow the VR-W routes to be exported to the Global routing table. Choose Objects > Route Map.

  2. Click Add Route Map, give a name, say Export-to-Global, and then click Add.

  3. Specify a Sequence Number, say 1, and then choose Allow from the Redistribution drop-down list:

  4. Click Save.

    In this example, all the VR-W routes are leaked to the Global routing table. Hence, no match criteria is configured for the route map.

  5. Navigate to the Routing tab of the device, and select VR-W. Click BGP > IPv4 > Route Import/Export.

  6. From the Global Virtual Router Export Route Map drop-down list, choose Export-to-Global:

Step 3

To leak only the Outside1 routes of VR-S to VR-W:

  1. From the virtual router drop-down, select VR-S and then click BGP > IPv4 > Route Import/Export.

  2. To leak the VR-S routes to VR-W, tag the routes with a route target, so that the VR-S routes are exported to its BGP table with the route target marked on them. In the Route Targets Export field, enter a value, say, 100:100. Click Add.

  3. From the virtual router drop-down, select VR-W, and choose BGP > IPv4 > Route Import/Export. To receive the leaked routes from VR-S, configure the Import Route Target to import the VR-S routes that are marked with the route target from the (peer or redistributed) BGP table. In the Route Targets Import field, enter the VR-S route target value, 100:100. Click Add.

  4. Now, you need to conditionalize that only the Outside1 routes of VR-S to be leaked to VR-W. Choose Objects > Prefix Lists > IPv4 Prefix List. Click Add IPv4 Prefix List, give a name, say VRS-Outside1-Only, and then click Add.

  5. Specify a Sequence Number, say 1, and then choose Allow from the Redistribution drop-down list. Enter the IP Address (first two octets) of the VR-S Outside1 interface and then click Save.

  6. Create a route map with the match clause with the prefix list. Click Route Map. Click Add Route Map, give a name, say Import-from-VRS, and then click Add.

  7. Specify a Sequence Number, say 1, and then choose Allow from the Redistribution drop-down list.

  8. In the Match Clause tab, click IPv4. Under Address tab, click Prefix List. Under Available IPv4 Prefix List, select VRS-Outside1-Only, and then click Add.

  9. Navigate to the Routing tab of the device, and select VR-W. Click BGP > IPv4 > Route Import/Export. From the Global Virtual Router Import Route Map drop-down list, choose Import-from-VRS:

Step 4

Configure VR-S to import the Outside routes of Global virtual router:

Note

To leak routes to or from a Global virtual router, you must configure the source or destination user defined virtual router respectively. Thus, in this example, VR-S is the destination router that imports the routes from Outside interface of the Global virtual router.

  1. Choose Objects > Prefix Lists > IPv4 Prefix List.

  2. Click Add IPv4 Prefix List, give a name, say Global-Outside-Only, and then click Add. Specify a Sequence Number, say 1, and then choose Allow from the Redistribution drop-down list.

  3. Enter the IP Address (first two octets) of the Global Outside interface:

    Then click Save.

  4. Click Route Map. Click Add Route Map, give a name, say Import-from-Global, and then click Add.

  5. Specify a Sequence Number, say 1, and then choose Allow from the Redistribution drop-down list.

  6. In the Match Clause tab, click IPv4. Under Address tab, click Prefix List.

  7. Under Available IPv4 Prefix List, select Global-Outside-Only, and then click Add:

    Then click Save.

  8. Navigate to the Routing tab of the device, and select VR-S. Click BGP > IPv4 > Route Import/Export.

  9. From the Global Virtual Router Import Route Map drop-down list, choose Import-from-Global:

Step 5

Save and Deploy.

The BGP configuration is complete and routes are now leaked among the virtual routers according to the configured route targets and route maps. VR-W routes are exported to VR-S and Global, VR-S Outside1 routes are exported to VR-W, and Global Outside routes are imported to VR-S.