Route Reflection and ORF Capability

Vaibhava Varma · ‎01-02-2012

Dear All

I am trying to test the use of ORF with extcommunity using "bgp rr-group" to make the PEs not advertise any routes with extcommunity which are not allowed on the RR using " bgp rr-group" command..

I am not sure if I have misinterpreted using "bgp rr-group" for testing ORF at the RR to advertise the list of RTs it wants to receive updates from Route-Reflector-Client PEs..May be there is some other way round for using ORF with extcommunity RT..

I can see on the RR that I am only placing the routes which are permitted under the extcommunity list allowed under "bgp rr-group" config but the PEs are still advertising all the routes and ORF is not working ..Below are my configs

address-family vpnv4

bgp rr-group 10

neighbor mp-ibgp send-community extended

neighbor mp-ibgp route-reflector-client

neighbor mp-ibgp capability orf prefix-list send

neighbor mp-ibgp route-map cus1 in

neighbor 10.0.1.1 activate

neighbor 10.0.6.1 activate

exit-address-family

!

ip extcommunity-list 10 permit rt 64513:100

!

route-map cus1 permit 10

match extcommunity 10

!

I am not sure how can I make the RR advertise the set of RTs it is permitting to the PEs so that they can stop advertising the unwanted routes..

I can see on the PE though for ORF capability received but it says for Prefix-List and not extcommunity

edge1.pop1#show ip bgp vpnv4 all neighbors 10.0.2.1

BGP neighbor is 10.0.2.1, remote AS 64513, internal link

Member of peer-group mp-ibgp for session parameters

BGP version 4, remote router ID 10.0.2.1

BGP state = Established, up for 00:06:10

Last read 00:00:34, last write 00:00:35, hold time is 180, keepalive interval

is 60 seconds

Neighbor sessions:

1 active, is multisession capable

Neighbor capabilities:

Route refresh: advertised and received(new)

Four-octets ASN Capability: advertised and received

Address family VPNv4 Unicast: advertised and received

Multisession Capability: advertised and received

Message statistics, state Established:

InQ depth is 0

OutQ depth is 0

Sent Rcvd

Opens: 1 1

Notifications: 0 0

Updates: 4 5

Keepalives: 7 7

Route Refresh: 0 0

Total: 12 13

Default minimum time between advertisement runs is 0 seconds

For address family: VPNv4 Unicast

Session: 10.0.2.1 session 1

BGP table version 10, neighbor version 10/0

Output queue size : 0

Index 15

Address family not supported notification sent

15 update-group member

mp-ibgp peer-group member

NEXT_HOP is always this router

AF-dependant capabilities:

Outbound Route Filter (ORF) type (128) Prefix-list:

Send-mode: received

Regards

Varma

Luc De Ghein · ‎01-03-2012

Hi Kishore,

ORF for ext communities -and hence RT- was never implemented.

You could look at RT Constrained route distribution. This is filtering outbound from the RRs to the PEs. You do not have to configure "filters" for this feature, it is automatic.

http://www.cisco.com/en/US/partner/docs/ios/ios_xe/iproute_bgp/configuration/guide/irg_rt_filter_xe.html

Thanks,

Luc

View solution in original post

Luc De Ghein · ‎01-03-2012

Hi Varma,

The inbound route filtering, i.e. the rr-group and Route-Target ext-comm list, will work.

Outbound filtering, i.e. ORF, is not supported for Route-Targets. ORF is prefix-list based, not RT-based.

Thanks,

Luc

Vaibhava Varma · ‎01-03-2012

Hi Luc

Thanks a lot for the clarification..I was going through various online documentation where it was mentioned that ORF can be used with extcommunity also ..I did try it as mentioned in my first post but it did not work though

In the book "MPLS and VPN Architectures" -Part2:MPLS-based Virtual Private Networks/Chapter 9 & Chapter 12 its mentioned

Route Reflection and ORF Capability

This solution is provided through use of the ORF capability . Using this capability, each route reflector is preconfigured with a list of route targets that it will accept for reflection to any PE-clients. All the PE-clients are treated as a single peer group, so the ORF capability is used to set the outbound filtering of the PE-client so that it does not send unwanted routes toward the route reflector.

Regards

Varma

Kishore Chennupati · ‎01-03-2012

Varma,

In your config you are using the inbound route filtering for the RT's on the RR. so I take it that its working on the RR.

It's only the PE's that are still advertising all the routes right?

Kishore

Kishore Chennupati · ‎01-03-2012

Hi Varma,

I do see you point

As per the link below it says that it ORF supports extended communities. This link is taken from MPLS and VPN Architecutures Vol II

http://etutorials.org/Networking/MPLS+VPN+Architectures/Part+2+MPLS-based+Virtual+Private+Networks/Chapter+9.+MPLS+VPN+Architecture+Operation/Outbound+Route+Filtering+ORF+and+Route+Refresh+Features/

Table 9-3. ORF?ORF-type Definitions
ORF-type	ORF-type Value	Description
NLRI	1	The NLRI ORF-type provides address prefixes based on route filtering.
Communities	2	The Communities ORF-type provides communities-based route filtering.
Extended Communities	3	The Extended Communities ORF-type provides extended community-based route filtering.
Prefix-list	129	The Prefix-list ORF-type provides prefix-list route filtering.

However, as Luc mentioned I have always seen ORF for prefix-list.In fact even in the IOS there is no provision or option to use anything else other than a prefix-list. Ivan is a distinguished engineer surely there might have been some implementations in the past or something..

Luc, do you think you can please confirm if at any stage the ORF for RT's was ever used. I know you can get the inside story.

Appreciate your help

Regards

Kishore

Luc De Ghein · ‎01-03-2012

Hi Kishore,

ORF for ext communities -and hence RT- was never implemented.

You could look at RT Constrained route distribution. This is filtering outbound from the RRs to the PEs. You do not have to configure "filters" for this feature, it is automatic.

http://www.cisco.com/en/US/partner/docs/ios/ios_xe/iproute_bgp/configuration/guide/irg_rt_filter_xe.html

Thanks,

Luc

Vaibhava Varma · ‎01-03-2012

Hi Luc

Thanks a lot for clarifying the ORF feature for extcommunity-RT..Yes I did see for the IOS-XE implementation.

Hey Kishore

Nice to see you again Yes that was the problems of PE still advertsing all routes but now it all makes sense after Luc's explaination.

Thanks again to both of you.

Regards

Varma

Peter Paluch · ‎01-03-2012

Hi Varma,

It is almost a futile attempt to add anything to Luc's and Kishore's answers... just wanted to add that for currently existing ORF types, the IANA is maintaining a ORF type list here:

http://www.iana.org/assignments/bgp-parameters/bgp-parameters.xml#bgp-parameters-9

Currently, the prefix-based ORF has the type number 64. Other are currently unassigned.

Best regards,

Peter

Vaibhava Varma · ‎01-03-2012

Hi Peter

Thanks much for sharing the link

Regards

Varma

chintan-shah · ‎01-03-2012

Hi Luc,

Do you konw if it is going to be supported in near future on IOS-XR at least ?

The feature is really good to be used on IOS-XE ( ASR1K as RR and PE ) but can't take full benefit unless other PE like 12K supports this so was curious when can we see in XR ?

Regards,

Chintan

MPLS VPN Partioned RR Design with ORF using extcommunity !

Route Reflection and ORF Capability

Table 9-3. ORF?ORF-type Definitions