Issues propagating Routes over BGP. VRF to VRF for redundant routers

GPEA · June 25, 2025, 5:08am

Hi there,

We have been having an issue with propagating our routes between our Core Datacenter Routers.

Pretty sure this is a simple misconfiguration issue but we have been looking at it for the last few weeks.

We have VRRP’s in place for failover and I believe this issue is that the next hop address is not showing up as the VRF

our BGP setup on both CCR’s looks like the following:

10.10.10.1 is an address on the physical interface, 10.10.10.255 is a loopback address (

     remote.address=10.10.10.254/32 .port=179 
     local.address=10.10.10.255 .role=ibgp 
     connect=yes listen=yes routing-table=main router-id=10.10.10.255 templates=default as=136595 
     nexthop-choice=default address-families=ip,l2vpn,l2vpn-cisco,vpnv4 cisco-vpls-nlri-len-fmt=auto-bits 
     output.redistribute=connected,static,bgp,vpn .network=bgp-networks

bgp VPN:

Flags: X - disabled, I - inactive 
 0   name="bgp-mpls-vpn-1" 
     import.router-id=XXX-VRF .route-targets=136595:4 
     export.route-targets=136595:4 .redistribute=connected,static,vpn 
     route-distinguisher="136595:4" vrf=XXX-VRF label-allocation-policy=per-vrf

I have obfuscated the following addresses:
$NEXT.EBGP is our next hop - its a ip address of our connecting ISP
$L2TP.IP is the public l2tp address of the related remote WAN site address of this client

routing table of second router: (L2tp connection of $XXX.burwood on other router)

Flags: D - dynamic; X - disabled, I - inactive, A - active; 
c - connect, s - static, r - rip, b - bgp, o - ospf, i - is-is, d - dhcp, v - vpn, m - modem, y - bgp-mpls-vp>
H - hw-offloaded; + - ecmp 
 5  As   dst-address=0.0.0.0/0 routing-table=XXX-VRF gateway=10.51.252.250@XXX-VRF 
         immediate-gw=10.51.252.250%VLAN1737.XXXdistance=1 scope=30 target-scope=10 
         vrf-interface=VLAN1737.XXXsuppress-hw-offload=no 

   D y   dst-address=0.0.0.0/0 routing-table=XXX-VRF gateway=10.51.252.250@XXX-VRF 
         immediate-gw=10.51.252.250%VLAN1737.XXXdistance=200 scope=20 target-scope=10 

 6  As   dst-address=10.10.10.254/32 routing-table=XXX-VRF gateway=VLAN1737.XXX@XXX-VRF 
 6  As   dst-address=10.10.10.254/32 routing-table=XXX-VRF gateway=VLAN1737.XXX@XXX-VRF 
         immediate-gw=VLAN1737.XXXdistance=1 scope=30 target-scope=10 suppress-hw-offload=no 

   D y   dst-address=10.10.10.254/32 routing-table=XXX-VRF gateway=XXX-VRF@XXX-VRF immediate-gw=XXX-VRF 
         distance=200 scope=20 target-scope=10 

 7  IsH  dst-address=10.51.11.0/24 routing-table=XXX-VRF gateway=XXX.burwood@XXX-VRF immediate-gw="" 
         distance=1 scope=30 target-scope=10 suppress-hw-offload=no 

   DAyH  dst-address=10.51.11.0/24 routing-table=XXX-VRF gateway=10.10.10.254 distance=200 scope=20 
         target-scope=30 

   DAc   dst-address=10.51.252.0/24 routing-table=XXX-VRF gateway=VLAN1737.XXX@XXX-VRF 
         immediate-gw=VLAN1737.XXXdistance=0 scope=10 target-scope=5 
         local-address=10.51.252.248%VLAN1737.XXX@XXX-VRF 

   D y   dst-address=10.51.252.0/24 routing-table=XXX-VRF gateway=XXX-VRF@XXX-VRF immediate-gw=XXX-VRF 
         distance=200 scope=20 target-scope=10 

   DAyH  dst-address=10.51.252.253/32 routing-table=XXX-VRF gateway=10.10.10.254 distance=200 scope=20 
         target-scope=30 

   DAyH  dst-address=$L2TP.IP/32 routing-table=XXX-VRF gateway=10.10.10.254 distance=200 scope=20 
         target-scope=30

Routing table of first router: (L2TP connection of $XXX.burwood on this router)

Flags: D - dynamic; X - disabled, I - inactive, A - active; 
c - connect, s - static, r - rip, b - bgp, o - ospf, i - is-is, d - dhcp, v - vpn, m - modem, y - bgp-mpls-vpn; 
H - hw-offloaded; + - ecmp 
 0  As   dst-address=0.0.0.0/0 routing-table=XXX-VRF gateway=10.51.252.250@XXX-VRF immediate-gw=10.51.252.250%VLAN1737.XXX
         distance=1 scope=30 target-scope=10 vrf-interface=VLAN1737.XXXsuppress-hw-offload=no 

   D yH  dst-address=0.0.0.0/0 routing-table=XXX-VRF gateway=10.10.10.255 distance=200 scope=20 target-scope=30 

   DAyH  dst-address=10.10.10.254/32 routing-table=XXX-VRF gateway=10.10.10.255 distance=200 scope=20 target-scope=30 

 1  As   dst-address=10.51.11.0/24 routing-table=XXX-VRF gateway=XXX.burwood@XXX-VRF immediate-gw=XXX.burwood distance=1 
         scope=30 target-scope=10 suppress-hw-offload=no 

   DAc   dst-address=10.51.252.0/24 routing-table=XXX-VRF gateway=VLAN1737.XXX@XXX-VRF immediate-gw=VLAN1737.XXXdistance=0 
         scope=10 target-scope=5 local-address=10.51.252.249%VLAN1737.XXX@XXX-VRF 

   D yH  dst-address=10.51.252.0/24 routing-table=XXX-VRF gateway=10.10.10.255 distance=200 scope=20 target-scope=30 

   DAc   dst-address=10.51.252.253/32 routing-table=XXX-VRF gateway=XXX.VRRP@XXX-VRF immediate-gw=XXX.VRRP distance=0 
         scope=10 target-scope=5 local-address=10.51.252.253%XXX.VRRP@XXX-VRF 

   DAc   dst-address=$L2TP.IP/32 routing-table=XXX-VRF gateway=XXX.burwood@XXX-VRF immediate-gw=XXX.burwood distance=0 
         scope=10 target-scope=5 local-address=$NEXT.EBGP%XXX.burwood@XXX-VRF

Currently dropping the VRRP interface from the first router so that it connects on the second router caused the connection to VRRP to failover correctly. However traffic cannot route to the first router’s L2tp interface so the sites connection is dropped. I believe this is due to the next hop on the VRF routing table not being resolvable for the $L2TP.IP connection between the routers over BGP.

Let me know if I can provide any more context around this, really appreciate any help towards this as its been abit of an uphill battle.

Cheers.

Gabe

mrz · June 25, 2025, 11:29am

From console snippets, it is not really clear what exactly you want to do.
If you want to distribute route from VRF via BGP VPN, then your static routing is not correct, routes to remote peer must be in the main table.
If you want to run BGP in a VRF, then BGP connection config is not correct and BGP VPN config is not needed.