when we want to preform a route-leaking using bgp to import/export those routes , it doesn't work if we use as next-hop a recursive route to leak it with other table , however , it works if we use a peer directed connect ( FRR 9.1) , example :
vrf RED set interfaces dummy dum0 address '172.16.20.1/32' set interfaces dummy dum0 vrf 'red' set interfaces ethernet eth3 address '172.16.30.10/24' set interfaces ethernet eth3 description 'BGP-TEST' set interfaces ethernet eth3 hw-id '50:00:00:01:00:03' set interfaces ethernet eth3 mtu '8000' set interfaces ethernet eth3 vrf 'red' set vrf name red protocols bgp address-family ipv4-unicast export vpn set vrf name red protocols bgp address-family ipv4-unicast import vpn set vrf name red protocols bgp address-family ipv4-unicast rd vpn export '65000:2' set vrf name red protocols bgp address-family ipv4-unicast redistribute connected set vrf name red protocols bgp address-family ipv4-unicast redistribute static set vrf name red protocols bgp address-family ipv4-unicast route-target vpn export '65000:2' set vrf name red protocols bgp address-family ipv4-unicast route-target vpn import '65000:3' set vrf name red protocols bgp neighbor 10.1.30.4 address-family ipv4-unicast nexthop-self force set vrf name red protocols bgp neighbor 10.1.30.4 address-family ipv4-unicast soft-reconfiguration inbound set vrf name red protocols bgp neighbor 10.1.30.4 disable-connected-check set vrf name red protocols bgp neighbor 10.1.30.4 remote-as '65550' set vrf name red protocols bgp neighbor 10.1.30.4 timers holdtime '30' set vrf name red protocols bgp neighbor 10.1.30.4 timers keepalive '10' set vrf name red protocols bgp neighbor 10.1.30.4 update-source 'dum0' set vrf name red protocols bgp parameters log-neighbor-changes set vrf name red protocols bgp parameters router-id '172.16.20.1' set vrf name red protocols bgp system-as '65000' set vrf name red protocols static route 10.1.30.4/32 next-hop 172.16.30.50 set vrf name red table '300' vrf BLUE - leaking : set vrf name blue protocols bgp address-family ipv4-unicast export vpn set vrf name blue protocols bgp address-family ipv4-unicast import vpn set vrf name blue protocols bgp address-family ipv4-unicast rd vpn export '65000:3' set vrf name blue protocols bgp address-family ipv4-unicast redistribute connected set vrf name blue protocols bgp address-family ipv4-unicast route-target vpn export '65000:3' set vrf name blue protocols bgp address-family ipv4-unicast route-target vpn import '65000:2' set vrf name blue protocols bgp parameters router-id '172.16.20.1' set vrf name blue protocols bgp system-as '65000' set vrf name blue table '100' set interfaces bridge br0 address '10.10.10.1/28' set interfaces bridge br0 description 'test' set interfaces bridge br0 member interface eth2 set interfaces bridge br0 vrf 'blue'
routing view :
vyos@vyos-hub-ipsec:~$ show ip route vrf red
Codes: K - kernel route, C - connected, S - static, R - RIP,
O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
T - Table, v - VNC, V - VNC-Direct, A - Babel, F - PBR,
f - OpenFabric,
> - selected route, * - FIB route, q - queued, r - rejected, b - backup
t - trapped, o - offload failure
VRF red:
S>* 10.1.30.4/32 [1/0] via 172.16.30.50, eth3, weight 1, 02:37:26
B>* 10.10.10.0/28 [20/0] is directly connected, br0 (vrf blue), weight 1, 00:28:32
C>* 172.16.20.1/32 is directly connected, dum0, 03:28:33
C>* 172.16.30.0/24 is directly connected, eth3, 03:24:11
B> 192.168.100.0/24 [20/0] via 10.1.30.4 (recursive), weight 1, 00:26:41
* via 172.16.30.50, eth3, weight 1, 00:26:41
vyos@vyos-hub-ipsec:~$ show ip route vrf blue
Codes: K - kernel route, C - connected, S - static, R - RIP,
O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
T - Table, v - VNC, V - VNC-Direct, A - Babel, F - PBR,
f - OpenFabric,
> - selected route, * - FIB route, q - queued, r - rejected, b - backup
t - trapped, o - offload failure
VRF blue:
B>* 10.1.30.4/32 [20/0] via 172.16.30.50, eth3 (vrf red), weight 1, 00:29:31
C>* 10.10.10.0/28 is directly connected, br0, 02:19:02
B>* 172.16.20.1/32 [20/0] is directly connected, dum0 (vrf red), weight 1, 00:29:31
B>* 172.16.30.0/24 [20/0] is directly connected, eth3 (vrf red), weight 1, 00:29:31
B 192.168.100.0/24 [20/0] via 10.1.30.4 (vrf red) inactive, weight 1, 00:27:40ping
# route-leaking direct connected : vyos@vyos-host:~$ ping 172.16.30.50 source-address 10.10.10.10 PING 172.16.30.50 (172.16.30.50) from 10.10.10.10 : 56(84) bytes of data. 64 bytes from 172.16.30.50: icmp_seq=1 ttl=63 time=1.49 ms 64 bytes from 172.16.30.50: icmp_seq=2 ttl=63 time=1.04 ms ^C --- 172.16.30.50 ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 1002ms rtt min/avg/max/mdev = 1.044/1.266/1.488/0.222 ms # route-leaking recursive route : vyos@vyos-host:~$ ping 192.168.100.10 source-address 10.10.10.10 PING 192.168.100.10 (192.168.100.10) from 10.10.10.10 : 56(84) bytes of data. From 10.10.10.1 icmp_seq=1 Destination Net Unreachable From 10.10.10.1 icmp_seq=2 Destination Net Unreachable From 10.10.10.1 icmp_seq=3 Destination Net Unreachable From 10.10.10.1 icmp_seq=4 Destination Net Unreachable ^C --- 192.168.100.10 ping statistics --- 4 packets transmitted, 0 received, +4 errors, 100% packet loss, time 3046m `