Re: Import Routes based on Multiple RT

ranokarno82 · ‎12-28-2009

dear all,

sorry if repost, i've tried to search but can't find the thread.

currently i am trying to import routes within vrf by matching two route-target exported by other PE. is it can be done with cisco router or not. I have tried with couple way but still no hope.

the scenario is , PE#1 will advertise route with VRF ABC and put two RT and the other PE#2 is going to received the routes advertise by PE#1 vrf ABC by matching two RT (it must be two RT) not only one.

I've tried using import map but no clue at all, is there any way to do matching multiple route target within PE#2 to import route vrf ABC from PE#1 by matching every extcommunity [10:111 AND 1:10] ?

Thanks & Regards,

Rano

!

PE#1

ip vrf ABC

rd 1:111

export map exp_map

import map imp_map

!

route-map exp_abc permit 10

set extcommunity rt 10:111 1:10

!

ip extcommunity-list 10 permit rt 10:111
ip extcommunity-list 11 permit rt 1:10

!

route-map imp_abc permit 10
match extcommunity 10 11

!

interface Loopback111
ip vrf forwarding ABC
ip address 1.11.111.1 255.255.255.0

!

PE#2

ip vrf ABC

rd 1:111

import map imp_abc

export map exp_abc

!

route-map exp_abc permit 10

set extcommunity rt 10:111 1:10

!

ip extcommunity-list 10 permit rt 10:111
ip extcommunity-list 11 permit rt 1:10

!

route-map imp_abc permit 10
match extcommunity 10 11

!

interface Loopback111
ip vrf forwarding ABC
ip address 1.22.111.1 255.255.255.0

!

Giuseppe Larosa · ‎12-29-2009

Hello Rano,

I think you should use the extended extcommunity lists for this:

in this way instead of matching any RT of the list of RT extcommunities attributes you are going to match using a regular expression the list of RTs but seen as a text string.

That is you may need to match the whole string "RT:10:111 RT:1:10" using a regular expression.

You may want to match both "RT:10:111 RT:1:10" and "RT:1:10 RT:10:111" to be sure

the ip extended extcommunity list should use an index >= 100

Edit:

with regular expression I mean something like

ip extcommunity 100 permit ^RT:10:111 RT:1:10$

ip extcommunity 100 permit ^RT:1:10 RT:10:111$

where ^ means the beginning of the string and $ means the end of the string without these anchors the following string would be a match

"RT:10:111 RT:1:10 RT:10:200"

some tests have to be done to find the correct notation

see

http://www.cisco.com/en/US/partner/docs/ios/iproute/command/reference/irp_bgp2.html#wp1016299

the right name can be expanded extcommunity list

see this example

IP Extended Community-List Configuration Mode Example

In the following example, an expanded named extended community list is configured in IP Extended community-list configuration mode. A list entry is created with a sequence number 10 that will permit a route target or route origin pattern that matches any network number extended community from autonomous system 65412.

Router(config)# ip extcommunity-list RED

Router(config-extcom-list)# 10 permit 65412:[0-9][0-9][0-9][0-9][0-9]_

Router(config-extcom-list)# exit

Edit2:

I can confirm the notation I've checked some tests I did some years ago

Extended community (expanded) access list 120
permit ^RT:16232:1$

this for example allows to match if the RT is made of only one value and that value is 16232:1

Hope to help

Giuseppe

jcozzupoli · ‎12-29-2009

Again, a truely professional post by Giuseppe! Great stuff!

My only tip is to make sure you know what you're importing and exporting so you don't start allowing everything through, as this would be messy to troubleshoot! I'd be simulating exactly what you plan to do in a lab first to make sure you're spot on and document what you should and shouldn't be expecting to see.

Regards,

Joe.

ranokarno82 · ‎12-29-2009

Hi Joe,

that's correct, thanks for remind me. this is why i must match 2 RT before importing the routes from other PE VPNv4 prefixes. actually we have lots of PE which most of them are non Cisco devices.

feel free to do the lab, here we're expecting successful result for importing vpnv4 prefixes based

on multiple route-target.

thx & rgds

Rano

ranokarno82 · ‎12-29-2009

Hi Giuseppe,

Thanks for pointing the reference it is helpful,

just a silly question, If the command "import map" and "route-map" really work for importing route for specific VRF don't you think that matching a single extcommunity will work. I mean within "ip vrf ABC" command, by putting only one RT "route-target import 1:10" in PE#2 it will directly import routes for every vrf at PE#1 that exporting route with RT:1:10, is it correct? please look for attachment "output#r1.txt"

1. why by using "import map" and standard extcommunity-list (<100) won't importing the route ???

2. do we need to put "route-target import xx:yy" command conjugated with "import map .." command?

I also tried your proposed way, by using extcommunity-list, but it is still not importing any route. please look for attachment "output#2.txt", do please correct me if i am putting wrong command there, thx

thanks & regards

Rano

Giuseppe Larosa · ‎12-29-2009

Hello Rano,

multiple routers are needed to perform the tests.

You can have on PE1 two VRFs: VRFA exports only one RT and VRF B exports with two RTs

on PE2 you will have VRF C that uses an import map where you use as a match the extended community list, the result should be that only VPNv4 routes of VRF B are imported in VRFC on PE2.

to make more simple on PE1 I would use simple route-targets commands

ip VRFA

route-target export RT1

ip VRFB

route-target export RT1

route-target export RT2

I'm not sure you can set RT multiple values with

set extcommunity rt 10:111 1:10

I would look for an additive option like the one present for standard community

set extcommunity RT 100:101 ?
ASN:nn or IP-address:nn VPN extended community
additive Add to the existing extcommunity

you can also use set extcomm-list :

set extcomm-l ?
<1-99> Extended community-list number (standard)
<100-500> Extended community-list number (expanded)

and of course a VPNv4 iBGP session between PE1 and Pe2 is needed with sending extended communities enabled.

I use both option to enable also BGP standard communities

PE1:

router bgp XX

address-family vpnv4

neigh PE2:loop:ipaddr activate

neigh PE2:loop:ipaddr send-community both

PE2:

router bgp XX

address-family vpnv4

neigh PE1:loop:ipaddr activate

neigh PE1:loop:ipaddr send-community both

before applying the filters see how the RT string appears on PE2 with

sh ip bgp vpnv4

your questions:

1. why by using "import map" and standard extcommunity-list (<100) won't importing the route ???

2. do we need to put "route-target import xx:yy" command conjugated with "import map .." command?

1) check if you have used send-community extended or send-community both under vpnv4 AF

2) I see the import map as an additional command that doesn't replace the route-targets commands, import map is more selective and can override or can add (when using the additive keyword for example)

Hope to help

Giuseppe

ranokarno82 · ‎12-29-2009

Hi Giuseppe,

thanks for your explanation,

1) check if you have used send-community extended or send-community both under vpnv4 AF?

-> yes indeed, i already activate send-community extended, but now i reconfigure it to used send-community both just to ensure more. and i clear the iBGP session.

2) I see the import map as an additional command that doesn't replace the route-targets commands, import map is more selective and can override or can add (when using the additive keyword for example)?

-> what i mean is if i already put "import map imp_abc" where route-map imp_abc > match RT 10:111 , do i still need to put config "route-target import 10:111" within ip vrf ABC configuration.

Quote: I'm not sure you can set RT multiple values with set extcommunity rt 10:111 1:10

-> yes it is exported by 2 RT

#show ip bgp vpnv4 all 1.11.111.0
BGP routing table entry for 1:111:1.11.111.0/24, version 13
Paths: (1 available, best #1, table ABC)
Advertised to update-groups:
        1
Local
    0.0.0.0 from 0.0.0.0 (150.1.3.33)
      Origin incomplete, metric 0, localpref 100, weight 32768, valid, sourced, best
      Extended Community: RT:1:10 RT:10:11
      mpls labels in/out 28/aggregate(ABC)t

-> i am using addictive now,

#show route-map
route-map exp_abc, permit, sequence 10
Match clauses:
Set clauses:
extended community RT:1:10 RT:10:111 additive
Policy routing matches: 0 packets, 0 bytes

!

#show ip bgp vpnv4 all 1.11.111.0

BGP routing table entry for 1:111:1.11.111.0/24, version 24

Paths: (1 available, best #1, table ABC)

Advertised to update-groups:

1

Local

0.0.0.0 from 0.0.0.0 (150.1.3.33)

Origin incomplete, metric 0, localpref 100, weight 32768, valid, sourced, best

Extended Community: RT:1:10 RT:10:111

mpls labels in/out 28/aggregate(ABC)

actually in the configuration i already have multiple VRF configured with diff RD and RT, please look at attached file. i also put debug bgp vpnv4 unicast update in PE#2 at attached file.

I am going to try your scenario more with more PEs, and i'll update soon

thanks & regards,

Rano

federico.olivieri · ‎05-09-2016

Hi Giuseppe,

Can you please help me with this extcommunity issue that I'm facing?

https://supportforums.cisco.com/discussion/13017421/extcommunity-list-no-matches

Thank You

Federico