cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
7161
Views
10
Helpful
5
Replies

Route-Distinguisher (RD), Route-Target (RT), VPNv4 and how updates run

Hi everyone,

I´m a little confused about MPLS-VPNs and MP-iBGP. So I have a few questions:

1. Why do I need the RD. I know it makes my unique VPNv4 Address in combination with my IPv4-Adress. But why do I need to save it on my router? By importing routes through the RT into my vrf I have the routes in my vrf. So why is it necessary to save the vpnv4 address in the global process?

2. Until yesterday, I thought, that I need the vpnv4 address to save all vpnv4-adresses on every PE-router. And if a customer connects to a PE-router, he was previously not connected to, I don´t need to send new updates and he can just import all needed vpnv4 prefixes. However, yesterday, after debugging it, it looks like, if an existing customer connects to another PE-router, he has not been connected to before, all updates for the customer are send to the new site of the customer.

3. Last question: will MP-iBGP establish a new own adjacency for every vpnv4 vrf? If a customer gets a new site on an existing PE router will the PE-Router ask every other PE router in the core if they have updates for him? (This is what it looks like to me, if I activate the debug commands)

Thx for your help!

5 Replies 5

Victor Acevedo
Cisco Employee
Cisco Employee

Hello Schubert,

1) The RD is needed to uniquely identify your customer's routes. For example, let's say you have CustomerA and CustomerB. Both customers are advertising 1.1.1.0/24 to you. Without an RD being appended to them, we would send them to our remote PE which will not be able to differentiate between them since you are sending them via the global VPNv4 BGP session. The remote PE will then see two "equal" routes to 1.1.1.0/24 and hence only install 1 of these routes based on the import RT. 

To fix this, we introduce this concept of a RD so now we will advertise 1:1:1.1.1.0/24 and 2:2:1.1.1.0/24 to our remote PE which will now see two different VPNv4 prefixes and distinguish between the two customers. CustomerA has RD of 1:1 and CustomerB has an RD of 2:2. 

The RT is only used to import them into the VRF table, but cannot distinguish between the two updates as described above. 

2) Yes, if a customer moves from one PE to another PE, that new PE now has to get the updates and import the VPNv4 prefixes into this VRF. 

3) No, we only establish 1 MP-BGP session for the VPNv4 address-family between 2 PE routers. Within this MP-BGP session, we will then advertise all of our routes from each of our configured VRF address-families. 

thx so far,

in general it´s clear but i don´t understand it in detail.

If i have 3 locations. Location 1 with customer A, location 2 witch customer A abd B, and location 3 with customer B. If my PE-Router on location 1 learn Routes from customer A he will send it to location 2 and 3 right? and both will save the vpnv4 address? and with the RT customer A on location 2 will import the routes. 

what happens if customer A gets a new site on location 3? will location 1 and 2 need to send the updates again to location 2?

thx

Hey Schubert, 

Great questions!

To answer your questions, I have created 3 "sites" denoted by hostnames PE_A, PE_AB and PE_B which all serves the customers/VRFs in the hostnames.

Now, with this initial setup, when a route is learnt in VRF A, PE_A will send a VPNv4 update to both PE_AB and PE_B. However, only PE_AB will import this route due to it having a customer in this VRF. PE_B will receive the update but will end up dropping it due to not having that VRF defined here. You can get away with this by configuring "retail route-target all" or by making this a RR for VPNv4. 

PE_A(config)#int lo20
PE_A(config-if)#vrf forwarding A
*Jun 20 18:48:51.480: %LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback20, changed state to upip addr
PE_A(config-if)#ip address 20.1.1.1 255.255.255.0
PE_A(config-if)#no shut
*Jun 20 18:48:58.013: vpn[4]: prefix init 1:1:20.1.1.0/24
*Jun 20 18:48:58.013: BGP: Applying map to find origin for 20.1.1.0/24nd

PE_AB#
*Jun 20 18:48:57.461: BGP(4): Incoming path from 192.168.0.4
*Jun 20 18:48:57.461: vpn[4]: prefix init 1:1:20.1.1.0/24

*Jun 20 18:48:58.153: BGP(4): Incoming path from 192.168.0.4

PE_AB#sh bgp vpnv4 unicast all sum
BGP router identifier 192.168.0.3, local AS number 1
BGP table version is 4, main routing table version 4
1 network entries using 156 bytes of memory
1 path entries using 80 bytes of memory
1/1 BGP path/bestpath attribute entries using 160 bytes of memory
1 BGP extended community entries using 24 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 420 total bytes of memory
BGP activity 1/0 prefixes, 1/0 paths, scan interval 60 secs

Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
192.168.0.2 4 1 9 9 4 0 0 00:06:30 0
192.168.0.4 4 1 16 16 4 0 0 00:10:43 1   <<< Route is installed 


PE_B#

PE_B#sh bgp vpnv4 unicast all sum
BGP router identifier 192.168.0.2, local AS number 1
BGP table version is 1, main routing table version 1

Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
192.168.0.3 4 1 10 9 1 0 0 00:06:37 0
192.168.0.4 4 1 10 11 1 0 0 00:06:42 0   <<<<< route is not installed 

For your second question, as soon as we configure VRF A on PE_B, then we will send a route-refresh to both PE_A and PE_AB so that they can update us on all routes known for VRF A: 


VRF A customer is now in PE_B:

PE_B(config)#vrf definition A
PE_B(config-vrf)# rd 1:1
PE_B(config-vrf)# address-family ipv4
PE_B(config-vrf-af)# route-target export 1:1
PE_B(config-vrf-af)# route-target import 1:1
PE_B(config-vrf-af)# exit-address-family

PE_B(config-vrf)#router bgp 1
PE_B(config-router)# address-family ipv4 vrf A
PE_B(config-router-af)# redistribute connected


*Jun 20 18:56:13.181: vpn(4): ROUTE-REFRESH scheduled for nbr 192.168.0.3,
*Jun 20 18:56:13.181: vpn(4): ROUTE-REFRESH scheduled for nbr 192.168.0.4,
*Jun 20 18:56:13.243: BGP: 192.168.0.3 sending REFRESH_REQ(5) for afi/safi: 1/128, refresh code is 0
*Jun 20 18:56:13.243: BGP: 192.168.0.4 sending REFRESH_REQ(5) for afi/safi: 1/128, refresh code is 0
*Jun 20 18:56:13.246: BGP: 192.168.0.3 rcv message type 5, length (excl. header) 4
*Jun 20 18:56:13.246: BGP: 192.168.0.3 rcvd REFRESH_REQ for afi/safi: 1/128, refresh code is 1
*Jun 20 18:56:13.247: BGP: 192.168.0.4 rcv message type 5, length (excl. header) 4
*Jun 20 18:56:13.247: BGP: 192.168.0.4 rcvd REFRESH_REQ for afi/safi: 1/128, refresh code is 1
*Jun 20 18:56:13.247: BGP: 192.168.0.3 rcv message type 5, length (excl. header) 4
*Jun 20 18:56:13.247: BGP: 192.168.0.3 rcvd REFRESH_REQ for afi/safi: 1/128, refresh code is 2
*Jun 20 18:56:13.247: BGP(4): Incoming path from 192.168.0.4
*Jun 20 18:56:13.248: vpn[4]: prefix init 1:1:20.1.1.0/24


*Jun 20 18:56:13.248: BGP: 192.168.0.4 rcv message type 5, length (excl. header) 4
*Jun 20 18:56:13.248: BGP: 192.168.0.4 rcvd REFRESH_REQ for afi/safi: 1/128, refresh code is 2
*Jun 20 18:56:13.248: BGP: topo B:VPNv4 Unicast:base Aggregation processing not requiredit-address-family
PE_B(config-router)#
*Jun 20 18:56:13.248: BGP: topo A:VPNv4 Unicast:base Aggregation processing not required
*Jun 20 18:56:13.249: BGP_Router: unhandled major event code 128, minor 0

At this point, PE_B gets the VPNv4 update again from PE_A but now we are able to import this route into our VRF and keep this route: 

PE_B#sh bgp vpnv4 unicast all sum
BGP router identifier 192.168.0.2, local AS number 1
BGP table version is 4, main routing table version 4
1 network entries using 156 bytes of memory
1 path entries using 80 bytes of memory
1/1 BGP path/bestpath attribute entries using 160 bytes of memory
1 BGP extended community entries using 24 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 420 total bytes of memory
BGP activity 2/1 prefixes, 2/1 paths, scan interval 60 secs

Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
192.168.0.3 4 1 24 23 4 0 0 00:18:05 0
192.168.0.4 4 1 25 24 4 0 0 00:18:10 1    <<<< Route is now installed from PE_A

Let me know if this clears up your confusion or if you still have some remaining queries. 

Thx,

Victor Hugo Acevedo

Route Distinguisher

  • It is a 64 bit prepended prefix used to convert client non unique 32 bit ipv4 address into a unique 96 bit vpnv4 address to enable transport between PE Routers
  • RD is locally significant to a router
  • A VRF is not operational unless you configure an RD
  • You can use ASN:nn
  • Each vrf in a PE Router must have a unique RD

Route Target

  • It is a 64 bit extended BGP community that is attached to VPNV4 BGP Route to indicate its VPN Membership

Hi,

How I can block VPNV4 routes for a specific VRF going to RR. I am running internet traffic within VRF and trying to block VPNV4 routes for Internet vrf. Internet routes overloads my RRs

Thank you

Regards

Amir