As you found out, XR won't forward the traffic using inter-VRF route leaking if it has to do another recursive lookup in the next VRF. It requires specifying the next-hop/interface or leaking the more specific routes into the VRF. So if you have 0/0 pointing to null0 that's not going to work. If you have one pointing somewhere else, then it will. Some Junos platforms won't do this either BTW, it's somewhat dependent on the forwarding hardware.
ABF works but it's more similar to using filter based forwarding in Junos. Thanks, Phil On Tue, Aug 29, 2023 at 12:43 PM Mark Tinka via cisco-nsp < cisco-nsp@puck.nether.net> wrote: > > > On 8/29/23 18:22, Daniël Verlouw wrote: > > > slightly different approach, but I’ve had some success with ACL-based > > VRF select, but it really depends on your use-case: > > > > > https://community.cisco.com/t5/service-providers-knowledge-base/asr9000-xr-abf-acl-based-forwarding/ta-p/3153403 > > > > Something like: > > > > ipv4 access-list FOO > > remark Don’t perform FBF on intra-VRF traffic > > permit ipv4 <intra VRF> > > remark Forward everything else to VRF of your choice, default or > > non-default > > permit ipv4 any any nexthop1 <vrf> > > ! > > > > int x/y/z > > vrf YOURVRF > > ipv4 access-list FOO ingress > > ! > > > > > > Also works on NCS: > > > https://xrdocs.io/ncs5500/tutorials/acl-based-forwarding-and-object-tracking-for-ncs5xx-and-ncs55xx/ > > I did come across a suggestion about using ABF for this, but it > immediately stood out as a 3-legged stool. > > If it is working for you, that's good to bank for the archives. > > Mark. > _______________________________________________ > cisco-nsp mailing list cisco-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ > _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
