cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3972
Views
25
Helpful
21
Replies

Route Distingusher and its usage

moament
Level 1
Level 1

Dear all,

I really need to understand the usage of the RD that used with MPLS/VPN implementations.

As I know it is define the VPN, but the routet target can define the VPN, so I need to understand how the RD solve the conflicts betwwen routes and when I should use it.

Also I need to know Exactlly!!! , How is the MP-BGP selection process is done and

* is the routes compared with RD attached in it or the RD is removed then routes is compared

Thanks & BR

Moamen

21 Replies 21

Harold Ritter
Level 12
Level 12

The sole purpose of the route distinguisher is, as its name indicates, to make sure that routes from different VPNs will be seen as different in the MPLS VPN core. The value of route distinguisher (64 bits) is prepended to the IPv4 prefixes (32 bits) to create a VPNv4 prefixes exchanged between PE routers. The RD should be unique through out the MPLS VPN network.

On the other hand the route-target is carried as an extended attribute and help deciding which prefixes should be imported in a given VRF. The RT and RD can be the same both don't necessarily need to be. You can have more than one RT per prefix. Two VPNs can share the same RT for the purpose of exchanging routes sometimes referred to as an extranet.

Hope this helps,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

Thanks Very much,

I just also need to know:

1- Is the RD must be the same for every VRF that belong to the same VPN, or no

2- I know that the MP-BGP before it starts to select the best path, it compare only the routes with the same RT, is that right, so i think no conflict will happen,and if 2 different vrfs export to the same VRF, as in Extranet, so they can't use the same ip addresses and RD will not help in this case, because if we use RD and the routes is compared it must at end choose only one and the other will lost

On the other hand , I heared before that the RD is useful for the P routers in the core , that don't have VRFs on it, is that right, and how if the P routers do not running BGP at all

Please if you can give me real example on how

1- RD is selected

2- RD is helping in solving conflicts

3- MP-BGP select the best routes within the MPLS/VPN network

it will help me too much

Thanks again

Moamen

1- In general, the RD is the same on all VRFs belonging to the same VPN. I have seen in some corner cases, a need to have different RDs for VRFs belonging to the same VPN.

2- MP-BGP actually compares VPNv4 prefixes (RD+IPV4 prefix). The route-target is only used to decide which prefixes to import in a local VRF.

The P routers are not VPN aware so don't have anything to do with the RD.

Real examples:

1- RD is selected from the "ip vrf" configuration. Is that what you meant?

2- If you have many VPN customers all using the same addresses (most likely rfc1918), the fact that they have different RDs and that the PE prepends the RD to the prefixes exchanged between PEs will make the same prefixes different in the MPLS VPN core

cust1 advertises 192.168.1.0/24 with RD 1:1 therefore

VPNv4 prefix is 1:1:192.168.1.0

cust2 advertises 192.168.1.0/24 with RD 1:2 therefore

VPNv4 prefix is 1:2:192.168.1.0

3- MP-BGP only compares VPNv4 prefixes and uses the same algorithm that is used for IPv4 prefixes. Once the best VPNv4 path is selected it is imported in the VRF if one of the RT extended communities match one of the import RT configured for the VRF.

Let me know if you have more questions,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

I have something puzzle about RT .

1> If routes from VRF2 with same export RT as the VRF1's import RT, the routes will be lead into VRF1?

2> If 1> come into existence, what's the RD of routes

lead into VRF1,the RD assigned in original VRF2 or

the VRF1's RD?

Thanks

1> Yes.

2> The RD is not part of the prefixes imported in the VRF.

Hope this help,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

Thanks ,hritter.

Is it means that the routes from VRF1 imported into VRF2,will prepend RD of VRF2? Then,All traffic from VRF2 destined to VRF1 will stream to the PE who does import functions.But How does this PE lead traffic back to VRF1?(Is the bottom label of traffic indicate the right outbound interface & destination VRF?----These information should has losen when import routes)

Thanks a lot for your help!again :)

There is really two things here, the control plane and the forwarding plane.

At the control plane level, routes from VRF1 will be prepended with VRF1s RD to create VPNv4 prefixes and will then be propagated using mBGP. The export RT configured for VRF1 is also added to the BGP update as an extended community. Once the VPNv4 prefixes are received on the PE where VRF2 resides, any prefix matching the import RT configured for VRF2 are imported in this VRF regardless of what the RD is. The RD does not have any role to play in the import/export of the prefix.

At the forwarding plane level only labels are used to forward traffic (top label to get from ingress PE to egress PE and bottom label to forward the packet to the appropriate VRF on the egress PE).

Hope this helps,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

It's a so clear view!

If a packet souced from VRF2 network to the VRF1 prefix which was imported from VRF1 to VRF2 before,this packet will be prepend the top and bottom label at ingress PE . The bottem label indicates that the destination vrf is VRF1 because when prefix imported from VRF1 to VRF2,the RD of VRF1 is reserved for that imported prefix and this VRF1 VPNv4 prefix is propaged through VRF2.

Is that right ?

Thanks much for your helps!

The value of the RD is not used whatsoever for the import export process. Only the value of the RT is used. Apart from this you summary is correct.

The value of the RD is only used to make VPNv4 prefixes unique in the Service Provider core.

Hope this helps,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

Just my 5 cent:

Assigning a unique RD to each VRF helps tracking the originator (i.e. the PE Router) of every single route.

Regards,

David

It does indeed and it also helps achieving loadbalancing when a customer site is attached to more than one PE, which is not possible if all of the PEs use the same RD for a given VPN instance.

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

hritter,

Please explain more on that.

The RD is used to make VPNv4 unique in the SP core. When you use the same RD on all PE for the same VPN, prefixes from the multihomed site will be originated from both PEs as the same VPNv4 prefixes. As most SP are using route reflectors, only one BGP path will be selected by the RRs and advertised to the rest of the PEs thus denying the possibility to loadshare.

On the other hand if you use dirrent RDs, RRs will receive two different VPNv4 prefixes and advertise them both to the rest of the PEs.

Hope this helps,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

I understand that it is not a fix and hard rule, but read somewhere that 2 recommended formats for RDs are ASN:NN and IP:NNN, where ASN is the autonomous system number of the SP and IP is the Global IP of the PE. In the light of the discussion, would you recommend using the ip address format?

Are there any other pros and cons to it?