Import

Scenario to verify BGP import vrf functionality, with and without route-map filtering, for both iBGP and eBGP sessions.

The import vrf main command allows routes learned via BGP in the main VRF to be imported into another VRF (VRF1), making them available in the VRF1 routing table. This is useful for service isolation where different VRFs need controlled access to routes from the global routing table.

Optionally, an import route-map can be applied to filter which routes are imported into the target VRF. This provides granular control over inter-VRF route leaking.

The test covers four scenarios:

  • iBGP import vrf: Direct import without filtering (same AS).

  • eBGP import vrf: Import via transit router without filtering (different AS).

  • iBGP import route-map: Import with route-map filtering applied (same AS).

  • eBGP import route-map: Import via transit with route-map filtering (different AS).

../../../../_images/topologyimportvrf1.svg

Test BGP Import VRF

Description

Test BGP import vrf: basic (routes imported into VRF1) and route-map (routes imported with filtering). Each variant tested with iBGP and eBGP.

Scenario

Example 1

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.10.0.100/24
set protocols bgp 20 neighbor DUT1 remote-address 10.10.0.200
set protocols bgp 20 neighbor DUT1 remote-as 20
set protocols vrf VRF1 bgp 20 import vrf main
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
set system vrf VRF1
set system vrf main

Step 2: Set the following configuration in DUT1 :

set interfaces dummy dum0 address 1.1.1.1/24
set interfaces ethernet eth0 address 10.10.0.200/24
set protocols bgp 20 neighbor DUT0 remote-address 10.10.0.100
set protocols bgp 20 neighbor DUT0 remote-as 20
set protocols bgp 20 redistribute connected route-map REDIS
set protocols route-map REDIS rule 1 action permit
set protocols route-map REDIS rule 1 match interface dum0
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Attention

Verify that iBGP session is established.

Step 3: Run command protocols bgp show ip summary at DUT0 and check if output matches the following regular expressions:

10.10.0.200.*Established
Show output
IPv4 Unicast Summary:
BGP router identifier 10.10.0.100, local AS number 20 VRF default vrf-id 0
BGP table version 0
RIB entries 0, using 0 bytes of memory
Peers 1, using 24 KiB of memory

Neighbor        LocalAddr       V         AS   MsgRcvd   MsgSent   TblVer  InQ OutQ  Up/Down        State   PfxRcd   PfxSnt Desc
10.10.0.200     10.10.0.100     4         20         4         4        0    0    0 00:00:01  Established        0        0 FRRouting/10.4.1

Total number of neighbors 1

Attention

Verify that DUT0 receives route 1.1.1.0/24 via BGP in main VRF.

Step 4: Run command protocols bgp show ip at DUT0 and check if output matches the following regular expressions:

[*]>i\s+1.1.1.0/24
Show output
BGP table version is 1, local router ID is 10.10.0.100, vrf id 0
Default local pref 100, local AS 20
local address -
Status codes:  s suppressed, d damped, h history, u unsorted, * valid, > best, = multipath,
               i internal, r RIB-failure, S Stale, R Removed
Nexthop codes: @NNN nexthop's vrf id, < announce-nh-self
Origin codes:  i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

     Network          Next Hop            Metric LocPrf Weight Path
 *>i 1.1.1.0/24       10.10.0.200              0    100      0 ?

Displayed 1 routes and 1 total paths

Step 5: Run command protocols ip show route at DUT0 and check if output matches the following regular expressions:

B>[*]\s+1.1.1.0/24
Show output
Codes: K - kernel route, C - connected, L - local, S - static,
       R - RIP, O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
       T - Table, v - VNC, V - VNC-Direct, A - Babel, F - PBR,
       f - OpenFabric, t - Table-Direct,
       > - selected route, * - FIB route, q - queued, r - rejected, b - backup
       t - trapped, o - offload failure

IPv4 unicast VRF default:
B>* 1.1.1.0/24 [200/0] via 10.10.0.200, eth0, weight 1, 00:00:01
C>* 10.10.0.0/24 is directly connected, eth0, weight 1, 00:00:04
K * 10.10.0.0/24 [0/0] is directly connected, eth0, weight 1, 00:00:04
L>* 10.10.0.100/32 is directly connected, eth0, weight 1, 00:00:04

Attention

Verify that route is imported into VRF1.

Step 6: Run command protocols vrf VRF1 ip show route at DUT0 and check if output matches the following regular expressions:

B>[*]\s+1.1.1.0/24
Show output
Codes: K - kernel route, C - connected, L - local, S - static,
       R - RIP, O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
       T - Table, v - VNC, V - VNC-Direct, A - Babel, F - PBR,
       f - OpenFabric, t - Table-Direct,
       > - selected route, * - FIB route, q - queued, r - rejected, b - backup
       t - trapped, o - offload failure

IPv4 unicast VRF VRF1:
K>* 0.0.0.0/0 [255/8192] unreachable (ICMP unreachable), weight 1, 00:00:04
B>* 1.1.1.0/24 [200/0] via 10.10.0.200, eth0 (vrf default), weight 1, 00:00:01
K>* 127.0.0.0/8 [0/0] is directly connected, VRF1, weight 1, 00:00:04

Example 2

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.10.0.100/24
set protocols bgp 10 neighbor DUT2 remote-address 10.10.0.101
set protocols bgp 10 neighbor DUT2 remote-as 30
set protocols bgp 10 neighbor DUT2 route-map import PERMIT
set protocols route-map PERMIT rule 1 action permit
set protocols vrf VRF1 bgp 10 import vrf main
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
set system vrf VRF1
set system vrf main

Step 2: Set the following configuration in DUT1 :

set interfaces dummy dum0 address 1.1.1.1/24
set interfaces ethernet eth1 address 20.20.0.200/24
set protocols bgp 20 neighbor DUT2 remote-address 20.20.0.201
set protocols bgp 20 neighbor DUT2 remote-as 30
set protocols bgp 20 neighbor DUT2 route-map export PERMIT
set protocols bgp 20 redistribute connected route-map REDIS
set protocols route-map PERMIT rule 1 action permit
set protocols route-map REDIS rule 1 action permit
set protocols route-map REDIS rule 1 match interface dum0
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 3: Set the following configuration in DUT2 :

set interfaces ethernet eth0 address 10.10.0.101/24
set interfaces ethernet eth1 address 20.20.0.201/24
set protocols bgp 30 neighbor DUT0 remote-address 10.10.0.100
set protocols bgp 30 neighbor DUT0 remote-as 10
set protocols bgp 30 neighbor DUT0 route-map export PERMIT
set protocols bgp 30 neighbor DUT0 route-map import PERMIT
set protocols bgp 30 neighbor DUT1 remote-address 20.20.0.200
set protocols bgp 30 neighbor DUT1 remote-as 20
set protocols bgp 30 neighbor DUT1 route-map export PERMIT
set protocols bgp 30 neighbor DUT1 route-map import PERMIT
set protocols route-map PERMIT rule 1 action permit
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Attention

Verify that eBGP session between DUT0 and DUT2 is established.

Step 4: Run command protocols bgp show ip summary at DUT0 and check if output matches the following regular expressions:

10.10.0.101.*Established
Show output
IPv4 Unicast Summary:
BGP router identifier 10.10.0.100, local AS number 10 VRF default vrf-id 0
BGP table version 0
RIB entries 0, using 0 bytes of memory
Peers 1, using 24 KiB of memory

Neighbor        LocalAddr       V         AS   MsgRcvd   MsgSent   TblVer  InQ OutQ  Up/Down        State   PfxRcd   PfxSnt Desc
10.10.0.101     10.10.0.100     4         30         2         2        0    0    0 00:00:00  Established        0 (Policy) N/A

Total number of neighbors 1

Attention

Verify that eBGP session between DUT2 and DUT1 is established.

Step 5: Run command protocols bgp show ip summary at DUT2 and check if output matches the following regular expressions:

20.20.0.200.*Established
Show output
IPv4 Unicast Summary:
BGP router identifier 20.20.0.201, local AS number 30 VRF default vrf-id 0
BGP table version 0
RIB entries 0, using 0 bytes of memory
Peers 2, using 47 KiB of memory

Neighbor        LocalAddr       V         AS   MsgRcvd   MsgSent   TblVer  InQ OutQ  Up/Down        State   PfxRcd   PfxSnt Desc
10.10.0.100     10.10.0.101     4         10         2         2        0    0    0 00:00:00  Established        0        0 N/A
20.20.0.200     20.20.0.201     4         20         2         2        0    0    0 00:00:00  Established        0        0 N/A

Total number of neighbors 2

Attention

Verify that DUT0 receives route 1.1.1.0/24 via BGP in main VRF.

Step 6: Run command protocols bgp show ip at DUT0 and check if output matches the following regular expressions:

[*]>\s+1.1.1.0/24
Show output
BGP table version is 1, local router ID is 10.10.0.100, vrf id 0
Default local pref 100, local AS 10
local address -
Status codes:  s suppressed, d damped, h history, u unsorted, * valid, > best, = multipath,
               i internal, r RIB-failure, S Stale, R Removed
Nexthop codes: @NNN nexthop's vrf id, < announce-nh-self
Origin codes:  i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

     Network          Next Hop            Metric LocPrf Weight Path
 *>  1.1.1.0/24       10.10.0.101                            0 30 20 ?

Displayed 1 routes and 1 total paths

Step 7: Run command protocols ip show route at DUT0 and check if output matches the following regular expressions:

B>[*]\s+1.1.1.0/24
Show output
Codes: K - kernel route, C - connected, L - local, S - static,
       R - RIP, O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
       T - Table, v - VNC, V - VNC-Direct, A - Babel, F - PBR,
       f - OpenFabric, t - Table-Direct,
       > - selected route, * - FIB route, q - queued, r - rejected, b - backup
       t - trapped, o - offload failure

IPv4 unicast VRF default:
B>* 1.1.1.0/24 [20/0] via 10.10.0.101, eth0, weight 1, 00:00:02
C>* 10.10.0.0/24 is directly connected, eth0, weight 1, 00:00:07
K * 10.10.0.0/24 [0/0] is directly connected, eth0, weight 1, 00:00:07
L>* 10.10.0.100/32 is directly connected, eth0, weight 1, 00:00:07

Attention

Verify that route is imported into VRF1.

Step 8: Run command protocols vrf VRF1 ip show route at DUT0 and check if output matches the following regular expressions:

B>[*]\s+1.1.1.0/24
Show output
Codes: K - kernel route, C - connected, L - local, S - static,
       R - RIP, O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
       T - Table, v - VNC, V - VNC-Direct, A - Babel, F - PBR,
       f - OpenFabric, t - Table-Direct,
       > - selected route, * - FIB route, q - queued, r - rejected, b - backup
       t - trapped, o - offload failure

IPv4 unicast VRF VRF1:
K>* 0.0.0.0/0 [255/8192] unreachable (ICMP unreachable), weight 1, 00:00:07
B>* 1.1.1.0/24 [20/0] via 10.10.0.101, eth0 (vrf default), weight 1, 00:00:02
K>* 127.0.0.0/8 [0/0] is directly connected, VRF1, weight 1, 00:00:07

Example 3

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.10.0.100/24
set protocols bgp 20 neighbor DUT1 remote-address 10.10.0.200
set protocols bgp 20 neighbor DUT1 remote-as 20
set protocols route-map RM_IMPORT rule 1 action permit
set protocols vrf VRF1 bgp 20 import route-map RM_IMPORT
set protocols vrf VRF1 bgp 20 import vrf main
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
set system vrf VRF1
set system vrf main

Step 2: Set the following configuration in DUT1 :

set interfaces dummy dum0 address 1.1.1.1/24
set interfaces ethernet eth0 address 10.10.0.200/24
set protocols bgp 20 neighbor DUT0 remote-address 10.10.0.100
set protocols bgp 20 neighbor DUT0 remote-as 20
set protocols bgp 20 redistribute connected route-map REDIS
set protocols route-map REDIS rule 1 action permit
set protocols route-map REDIS rule 1 match interface dum0
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Attention

Verify that iBGP session is established.

Step 3: Run command protocols bgp show ip summary at DUT0 and check if output matches the following regular expressions:

10.10.0.200.*Established
Show output
IPv4 Unicast Summary:
BGP router identifier 10.10.0.100, local AS number 20 VRF default vrf-id 0
BGP table version 0
RIB entries 0, using 0 bytes of memory
Peers 1, using 24 KiB of memory

Neighbor        LocalAddr       V         AS   MsgRcvd   MsgSent   TblVer  InQ OutQ  Up/Down        State   PfxRcd   PfxSnt Desc
10.10.0.200     10.10.0.100     4         20         3         4        0    0    0 00:00:01  Established        0        0 FRRouting/10.4.1

Total number of neighbors 1

Attention

Verify that DUT0 receives route 1.1.1.0/24 via BGP in main VRF.

Step 4: Run command protocols bgp show ip at DUT0 and check if output matches the following regular expressions:

[*]>i\s+1.1.1.0/24
Show output
BGP table version is 1, local router ID is 10.10.0.100, vrf id 0
Default local pref 100, local AS 20
local address -
Status codes:  s suppressed, d damped, h history, u unsorted, * valid, > best, = multipath,
               i internal, r RIB-failure, S Stale, R Removed
Nexthop codes: @NNN nexthop's vrf id, < announce-nh-self
Origin codes:  i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

     Network          Next Hop            Metric LocPrf Weight Path
 *>i 1.1.1.0/24       10.10.0.200              0    100      0 ?

Displayed 1 routes and 1 total paths

Step 5: Run command protocols ip show route at DUT0 and check if output matches the following regular expressions:

B>[*]\s+1.1.1.0/24
Show output
Codes: K - kernel route, C - connected, L - local, S - static,
       R - RIP, O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
       T - Table, v - VNC, V - VNC-Direct, A - Babel, F - PBR,
       f - OpenFabric, t - Table-Direct,
       > - selected route, * - FIB route, q - queued, r - rejected, b - backup
       t - trapped, o - offload failure

IPv4 unicast VRF default:
B>* 1.1.1.0/24 [200/0] via 10.10.0.200, eth0, weight 1, 00:00:01
C>* 10.10.0.0/24 is directly connected, eth0, weight 1, 00:00:04
K * 10.10.0.0/24 [0/0] is directly connected, eth0, weight 1, 00:00:04
L>* 10.10.0.100/32 is directly connected, eth0, weight 1, 00:00:04

Attention

Verify that route is imported into VRF1.

Step 6: Run command protocols vrf VRF1 ip show route at DUT0 and check if output matches the following regular expressions:

B>[*]\s+1.1.1.0/24
Show output
Codes: K - kernel route, C - connected, L - local, S - static,
       R - RIP, O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
       T - Table, v - VNC, V - VNC-Direct, A - Babel, F - PBR,
       f - OpenFabric, t - Table-Direct,
       > - selected route, * - FIB route, q - queued, r - rejected, b - backup
       t - trapped, o - offload failure

IPv4 unicast VRF VRF1:
K>* 0.0.0.0/0 [255/8192] unreachable (ICMP unreachable), weight 1, 00:00:04
B>* 1.1.1.0/24 [200/0] via 10.10.0.200, eth0 (vrf default), weight 1, 00:00:01
K>* 127.0.0.0/8 [0/0] is directly connected, VRF1, weight 1, 00:00:04

Example 4

Step 1: Set the following configuration in DUT0 :

set interfaces ethernet eth0 address 10.10.0.100/24
set protocols bgp 10 neighbor DUT2 remote-address 10.10.0.101
set protocols bgp 10 neighbor DUT2 remote-as 30
set protocols bgp 10 neighbor DUT2 route-map import PERMIT
set protocols route-map PERMIT rule 1 action permit
set protocols route-map RM_IMPORT rule 1 action permit
set protocols vrf VRF1 bgp 10 import route-map RM_IMPORT
set protocols vrf VRF1 bgp 10 import vrf main
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'
set system vrf VRF1
set system vrf main

Step 2: Set the following configuration in DUT1 :

set interfaces dummy dum0 address 1.1.1.1/24
set interfaces ethernet eth1 address 20.20.0.200/24
set protocols bgp 20 neighbor DUT2 remote-address 20.20.0.201
set protocols bgp 20 neighbor DUT2 remote-as 30
set protocols bgp 20 neighbor DUT2 route-map export PERMIT
set protocols bgp 20 redistribute connected route-map REDIS
set protocols route-map PERMIT rule 1 action permit
set protocols route-map REDIS rule 1 action permit
set protocols route-map REDIS rule 1 match interface dum0
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Step 3: Set the following configuration in DUT2 :

set interfaces ethernet eth0 address 10.10.0.101/24
set interfaces ethernet eth1 address 20.20.0.201/24
set protocols bgp 30 neighbor DUT0 remote-address 10.10.0.100
set protocols bgp 30 neighbor DUT0 remote-as 10
set protocols bgp 30 neighbor DUT0 route-map export PERMIT
set protocols bgp 30 neighbor DUT0 route-map import PERMIT
set protocols bgp 30 neighbor DUT1 remote-address 20.20.0.200
set protocols bgp 30 neighbor DUT1 remote-as 20
set protocols bgp 30 neighbor DUT1 route-map export PERMIT
set protocols bgp 30 neighbor DUT1 route-map import PERMIT
set protocols route-map PERMIT rule 1 action permit
set system login user admin authentication encrypted-password '$6$GSjsCj8gHLv$/VcqU6FLi6CT2Oxn0MJQ2C2tqnRDrYKNF8HIYWJp68nvXvPdFccDsT04.WtigUONbKYrgKg8d6rEs8PjljMkH0'

Attention

Verify that eBGP session between DUT0 and DUT2 is established.

Step 4: Run command protocols bgp show ip summary at DUT0 and check if output matches the following regular expressions:

10.10.0.101.*Established
Show output
IPv4 Unicast Summary:
BGP router identifier 10.10.0.100, local AS number 10 VRF default vrf-id 0
BGP table version 0
RIB entries 0, using 0 bytes of memory
Peers 1, using 24 KiB of memory

Neighbor        LocalAddr       V         AS   MsgRcvd   MsgSent   TblVer  InQ OutQ  Up/Down        State   PfxRcd   PfxSnt Desc
10.10.0.101     10.10.0.100     4         30         2         2        0    0    0 00:00:01  Established        0 (Policy) N/A

Total number of neighbors 1

Attention

Verify that eBGP session between DUT2 and DUT1 is established.

Step 5: Run command protocols bgp show ip summary at DUT2 and check if output matches the following regular expressions:

20.20.0.200.*Established
Show output
IPv4 Unicast Summary:
BGP router identifier 20.20.0.201, local AS number 30 VRF default vrf-id 0
BGP table version 0
RIB entries 0, using 0 bytes of memory
Peers 2, using 47 KiB of memory

Neighbor        LocalAddr       V         AS   MsgRcvd   MsgSent   TblVer  InQ OutQ  Up/Down        State   PfxRcd   PfxSnt Desc
10.10.0.100     10.10.0.101     4         10         2         2        0    0    0 00:00:00  Established        0        0 N/A
20.20.0.200     20.20.0.201     4         20         2         2        0    0    0 00:00:00  Established        0        0 N/A

Total number of neighbors 2

Attention

Verify that DUT0 receives route 1.1.1.0/24 via BGP in main VRF.

Step 6: Run command protocols bgp show ip at DUT0 and check if output matches the following regular expressions:

[*]>\s+1.1.1.0/24
Show output
BGP table version is 1, local router ID is 10.10.0.100, vrf id 0
Default local pref 100, local AS 10
local address -
Status codes:  s suppressed, d damped, h history, u unsorted, * valid, > best, = multipath,
               i internal, r RIB-failure, S Stale, R Removed
Nexthop codes: @NNN nexthop's vrf id, < announce-nh-self
Origin codes:  i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

     Network          Next Hop            Metric LocPrf Weight Path
 *>  1.1.1.0/24       10.10.0.101                            0 30 20 ?

Displayed 1 routes and 1 total paths

Step 7: Run command protocols ip show route at DUT0 and check if output matches the following regular expressions:

B>[*]\s+1.1.1.0/24
Show output
Codes: K - kernel route, C - connected, L - local, S - static,
       R - RIP, O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
       T - Table, v - VNC, V - VNC-Direct, A - Babel, F - PBR,
       f - OpenFabric, t - Table-Direct,
       > - selected route, * - FIB route, q - queued, r - rejected, b - backup
       t - trapped, o - offload failure

IPv4 unicast VRF default:
B>* 1.1.1.0/24 [20/0] via 10.10.0.101, eth0, weight 1, 00:00:01
C>* 10.10.0.0/24 is directly connected, eth0, weight 1, 00:00:07
K * 10.10.0.0/24 [0/0] is directly connected, eth0, weight 1, 00:00:07
L>* 10.10.0.100/32 is directly connected, eth0, weight 1, 00:00:07

Attention

Verify that route is imported into VRF1.

Step 8: Run command protocols vrf VRF1 ip show route at DUT0 and check if output matches the following regular expressions:

B>[*]\s+1.1.1.0/24
Show output
Codes: K - kernel route, C - connected, L - local, S - static,
       R - RIP, O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
       T - Table, v - VNC, V - VNC-Direct, A - Babel, F - PBR,
       f - OpenFabric, t - Table-Direct,
       > - selected route, * - FIB route, q - queued, r - rejected, b - backup
       t - trapped, o - offload failure

IPv4 unicast VRF VRF1:
K>* 0.0.0.0/0 [255/8192] unreachable (ICMP unreachable), weight 1, 00:00:07
B>* 1.1.1.0/24 [20/0] via 10.10.0.101, eth0 (vrf default), weight 1, 00:00:01
K>* 127.0.0.0/8 [0/0] is directly connected, VRF1, weight 1, 00:00:07