From: Pavel Bykov (slidersv@gmail.com)
Date: Fri Nov 07 2008 - 10:33:53 ARST
Marko,
It's not necessarily wrong, it is a matter of interpretation.
If you assign same RTs to different VRFs on different systems(both import
and export for purpose of simplicity), you will effectively interconnect
those VRFs.
http://www.cisco.com/en/US/docs/switches/wan/mgx/mgx_8850/software/mgx_r3/rpm/rpm_r1.1/configuration/guide/rpmch7.html#wp1020485
"Associated with each VRF is an import list of route-target communities,
which defines values to be verified by the VRF table before a route is
deemed eligible for import into the VPN routing instance"
If you assign same RDs to different VRFs on different systems, you will not
interconnect them, and it does not necessarily introduce problems in case of
overlapping networks. If you have two same VPNv4 addresses (overlapping
address space and same RDs on system A and system B) and they arrived on
system C, VPNv4 prefixes will be same, but other attributes will not. After
receiving VPNv4 information system C uses RT to decide to which VRF update
belongs to.
On Thu, Nov 6, 2008 at 2:37 PM, Marko Milivojevic <markom@markom.info>wrote:
> On Wed, Nov 5, 2008 at 16:10, Pavel Bykov <slidersv@gmail.com> wrote:
> > As Ivan pointed out, RD is a system significant parameter, meaning it has
> to
> > be unique on the system only. It is also a mandatory parameter, without
> > which VRF will not function. RT is the domain wide parameter which you
> need
> > to keep unique. And by domain-wide i mean reeealy wide.
> > Basically RT is the extended community that decides on the VRF.
>
> Well, neither are truly correct, I'm afraid.
>
> RD: It is relevant on the local system in a sense that VRF won't work
> without it. However, it's also a globally significant, as in the
> network running L3VPN's you "can't" have two VPN's sharing the same RD
> and have overlapping addresses. As long as VPN's don't have
> overlapping address space, this doesn't apply, but one should have it
> in mind.
>
> When it comes to RT, it is true that it is used as a sort of a "hint"
> to determine VRF, but in a light of what can be done with RT's, it's a
> gross simplification. You can make certain prefix part of multiple
> VRF's based on RT's, you can restrict prefix from becoming part of
> certain VRF, etc. One thing that is not true about RT is that it needs
> to be unique. Depending on what is that you need to do with certain
> VPN, you will have RT unique per VRF, per box, or per "domain".
>
> One thing that needs to be clear is:
>
> RD: This is a parameter that makes IP address unique and prevents
> address overlap between VPN's.
> RT: This is an extended community that helps determine VPN membership
> of a prefix it's attached to.
>
> Neither need to be unique globally, but RD needs to be unique on each
> box - you can't have multiple VRF's sharing it. You can have multiple
> VRF's on a single box importing and exporting the same RT's.
>
> --
> Marko
> CCIE #18427 (SP)
> My network blog: http://cisco.markom.info/
>
-- Pavel Bykov ------------------------------------------------- Stop the braindumps! http://www.stopbraindumps.com/Blogs and organic groups at http://www.ccie.net
This archive was generated by hypermail 2.1.4 : Mon Dec 01 2008 - 08:18:29 ARST