vrf-lite on a CE with exchanging RT to neighbor CE

omeuter · ‎02-25-2012

Hi to all,

actually this forum is intended to not do what I want to do, but I think here should be the best knowledge to answer my question. I've to CEs configured with vrf lite. Now I need to exchange RTs with each other. When I configure a standard BGP peering under the "address-family ipv4 vrf ..." the receiving CE will drop the transmitted RTs. When I use MP-BGP, than I have to use MPLS between the both CEs, this is what I need to avoid. So here comes the question, is there either a functionality to disable the dropping/overwriting of the RTs on the "standard" BGP peering, or can I get MP-BGP running without labels?

Actually the reason why I want to avoid having labels is, that I have to do this on a Nexus7k and the cust doesn't have a MPLS license.

My current idea is only to tag the NLRIs with standard communities and the RTs on the VRF with an export map.

best regards

Oliver

rsimoni · ‎02-26-2012

Hi Oliver,

RT is a BGP extended communities. Did you enable send and receive extended communities on your BGP peering?

Personally I have seen nobody doing what you want to try to achieve, but I would check on the community config first to see if your idea might work.

Riccardo

omeuter · ‎02-26-2012

Hi Riccardo,

yep, extended communities are enabled. On a trace you can see that they are passed, but on the receiving site they are rewritten.

I'll agree that the idea is a little bit strange and abuse the feature. With enabling MPLS it's a peace of cake to solve it :-)

regards

Oliver

rsimoni · ‎02-26-2012

I have an idea that what you see is expected and there is no way to do what you want to do... but let's see if somebody else adds some info on this as I might be wrong.

Peter Paluch · ‎02-27-2012

Hello Riccardo and Oliver,

To my own surprise, the RFC 4364, Section 4.3.1 does seem to indicate that it is theoretically allowed for a CE, under controlled condition, to attach its own RTs (I originally thought the converse was true):

   If the PE and the CE are themselves BGP peers (see Section 7), then
   the SP may allow the customer, within limits, to specify how its
   routes are to be distributed.  The SP and the customer would need to
   agree in advance on the set of RTs that are allowed to be attached to
   the customer's VPN routes.  The CE could then attach one or more of
   those RTs to each IP route that it distributes to the PE.  This gives
   the customer the freedom to specify in real time, within agreed-upon
   limits, its route distribution policies.  If the CE is allowed to
   attach RTs to its routes, the PE MUST filter out all routes that
   contain RTs that the customer is not allowed to use.  If the CE is
   not allowed to attach RTs to its routes, but does so anyway, the PE
   MUST remove the RT before converting the customer's route to a VPN-
   IPv4 route.

The very last statement describes the behavior Oliver is currently observing. However, I do not know if Cisco actually implements the possibility to accept RTs from a CE router. More insight on this, anyone?

Best regards,

Peter

rsimoni · ‎02-28-2012

Hey Peter,

before replying to Oliver I checked RFC 4364 but I have to confess that I did not read it that deep

Will check later the Cisco implementation of what is described there, which I agree seems a good match of what Oliver saw.

I am kind of super busy lately so if in the meantime somebody else wish to step in he is more than welcome.

Riccardo