Solved: help understanding route-targets

John Blakley · ‎07-30-2009

All,

I've set up an mpls network in gns, and I had a question about route-targets. I'm assuming that a route-target is nothing more than an arbitrary number that matches other route-targets. If it doesn't match, then the routes don't get injected into the vrf table.

If that's the case, are the import and export commands used to be able to say if that particular router will import a route from a matching RT, and export a route from a matching RT, and if I said I only wanted to import a route from a matching RT, would that keep me from advertising a route from the vrf table if I haven't specified to export? (Long winded, I know.) :)

Thanks,

John

HTH, John *** Please rate all useful posts ***

Peter Paluch · ‎07-30-2009

John,

You are absolutely right in your assumption. The Blue VRF exports all its locally-injected networks with a set of two RTs: 100:100 and 100:200. The Black VRF imports all routes that have their RT equal to either 100:100 or 100:200 (or even both but it suffices to match at least one). Therefore, the Black VRF will know about all routes in the Blue VRF.

And also it won't work the other way round. The Black VRF exports all its locally-injected networks with a single RT set to 100:200. The Blue VRF imports networks only with the RT equal to 100:100, so no match will be found here and the Blue VRF will know nothing about Black VRF's networks.

Best regards,

Peter

View solution in original post

Reza Sharifi · ‎07-30-2009

Peter and John,

In the above scenario under vrf blue you do not need route-target export 100:200

you only need the import under vrf black.

Here is the config:

ip vrf black

rd 100:200

route-target export 100:200

route-target import 100:200

route-target import 100:100

!

ip vrf blue

rd 100:100

route-target export 100:100

route-target import 100:100

T-1#sh run int lo100

Building configuration...

Current configuration : 97 bytes

!

interface Loopback100

ip vrf forwarding blue

ip address 100.100.100.100 255.255.255.255

end

T-1#sh run int lo200

Building configuration...

Current configuration : 98 bytes

!

interface Loopback200

ip vrf forwarding black

ip address 200.200.200.200 255.255.255.255

end

T-1#sh ip rou vrf black

Routing Table: black

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2

i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

ia - IS-IS inter area, * - candidate default, U - per-user static route

o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

200.200.200.0/32 is subnetted, 1 subnets

C 200.200.200.200 is directly connected, Loopback200

100.0.0.0/32 is subnetted, 1 subnets

B 100.100.100.100 is directly connected, 00:19:16, Loopback100

T-1#sh ip rou vrf blue

Routing Table: blue

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2

i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

ia - IS-IS inter area, * - candidate default, U - per-user static route

o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

100.0.0.0/32 is subnetted, 1 subnets

C 100.100.100.100 is directly connected, Loopback100

T-1#

vrf black has both 100.100.100.100 and 200.200.200.200

But vrf blue has only 100.100.100.100

Thanks,

Reza

View solution in original post

Peter Paluch · ‎07-30-2009

John,

The Route Target (RT in short) is basically a BGP attribute that can be assigned to networks in a particular VRF. Multiple RTs can be assigned to a single route when advertising it to a peer, and they can of course be compared to a set of allowed RTs when importing it into a VRF.

The RTs are usually set using the "route-target" command in the VRF configuration. This command has two uses:

1.) As route-target export, it defines what RTs will be set on networks exported from that particular VRF to your BGP peers. In other words, it defines into which VRFs can these networks be imported.

2.) As route-target import, it defines what RTs (at least one) must a network have in order to be imported into that particular VRF. In other words, it defines which networks (according to their RT) will be imported, provided that it was allowed by the "route-target export" in the previous step.

The "route-target export" does not work as a filter. It is only a statement that says what RT or a set of RTs should a locally originated route have when advertising it to BGP peers. However, this command does not do any filter of the advertised networks, and also, if the networks already have RTs set, it will not change it.

I don't know if this fully answers your question. Please ask further.

Best regards,

Peter

John Blakley · ‎07-30-2009

Peter,

That's a great explanation.

Can you share routes between customers by importing their route target information?

ip vrf Blue

rd 100:100

route-target both 100:100

route-target export 100:200

ip vrf Black

rd 100:200

route-target both 100:200

route-target import 100:100

Would the above work? I don't have gns to play with now, but I'd like to test this. I'm assuming, and that's a BIG assumption, that the above would allow Black to see Blue's routes. Is this not the case? (It may even be totally invalid.)

Thanks!

John

HTH, John *** Please rate all useful posts ***

Peter Paluch · ‎07-30-2009

John,

You are absolutely right in your assumption. The Blue VRF exports all its locally-injected networks with a set of two RTs: 100:100 and 100:200. The Black VRF imports all routes that have their RT equal to either 100:100 or 100:200 (or even both but it suffices to match at least one). Therefore, the Black VRF will know about all routes in the Blue VRF.

And also it won't work the other way round. The Black VRF exports all its locally-injected networks with a single RT set to 100:200. The Blue VRF imports networks only with the RT equal to 100:100, so no match will be found here and the Blue VRF will know nothing about Black VRF's networks.

Best regards,

Peter

John Blakley · ‎07-30-2009

Awesome! That's the understanding I needed! Thanks Peter!

John

HTH, John *** Please rate all useful posts ***

Reza Sharifi · ‎07-30-2009

Peter and John,

In the above scenario under vrf blue you do not need route-target export 100:200

you only need the import under vrf black.

Here is the config:

ip vrf black

rd 100:200

route-target export 100:200

route-target import 100:200

route-target import 100:100

!

ip vrf blue

rd 100:100

route-target export 100:100

route-target import 100:100

T-1#sh run int lo100

Building configuration...

Current configuration : 97 bytes

!

interface Loopback100

ip vrf forwarding blue

ip address 100.100.100.100 255.255.255.255

end

T-1#sh run int lo200

Building configuration...

Current configuration : 98 bytes

!

interface Loopback200

ip vrf forwarding black

ip address 200.200.200.200 255.255.255.255

end

T-1#sh ip rou vrf black

Routing Table: black

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2

i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

ia - IS-IS inter area, * - candidate default, U - per-user static route

o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

200.200.200.0/32 is subnetted, 1 subnets

C 200.200.200.200 is directly connected, Loopback200

100.0.0.0/32 is subnetted, 1 subnets

B 100.100.100.100 is directly connected, 00:19:16, Loopback100

T-1#sh ip rou vrf blue

Routing Table: blue

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2

i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

ia - IS-IS inter area, * - candidate default, U - per-user static route

o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

100.0.0.0/32 is subnetted, 1 subnets

C 100.100.100.100 is directly connected, Loopback100

T-1#

vrf black has both 100.100.100.100 and 200.200.200.200

But vrf blue has only 100.100.100.100

Thanks,

Reza

Peter Paluch · ‎07-30-2009

Reza,

Thank you for your insight. Of course, you are right. I just took John's example and explained what would happen if he configured it the way he suggested. However, you are completely correct, in this case there is no need to set two export RTs on the Blue VRF.

Thank you for updating this topic.

Best regards,

Peter

John Blakley · ‎07-30-2009

Thanks Reza! I appreciate it!

John

HTH, John *** Please rate all useful posts ***

Reza Sharifi · ‎07-30-2009

Peter,

I noticed that even though I see the route from the blue vrf in black, but I can't ping the loopback address of the blue (100.100.100.100).

Now, of course if I use the import command for both vrfs, they can see each others route and also can ping either loopback interfaces

I wonder, if I need to add vrf select/receive command to the blue loopback interface to get it to work.

Thanks,

Reza

Peter Paluch · ‎07-30-2009

Hello Reza,

I think you have pretty much explained it yourself. You may be pinging the Blue loopback but the Blue VRF does not have the route back to the Black VRF. They need to see each other.

Best regards,

Peter

help understanding route-targets

Understanding VRF, RD, ROUTE-TARGET EXPORT/IMPORT, IBGP

Re: Understanding the differences between the Cisco password \ secret

export-import route-target

Re: Understanding BGP Best Path Selection & Manipulation

Understanding VRF Lite