Re: MPLS Route Targets

hahahahaha

On Mon, Aug 23, 2010 at 12:13 PM, Paul Negron <negron.paul_at_gmail.com> wrote:

> Carlos,
>
> I think you understand it just fine. The point is, you do not want the
> Operations guy supporting MPLS VPN's to see routes that they should not be
> able to see. However, you are correct practically in saying that this is an
> unpleasant surprise to those of us who fat finger numbers. (I believe that
> is ALL of us).
>
> P Routers do not normally participate with the updates unless configuring
> INTER-AS VPN and CSC but if they should, you are also correct in noticing
> that this problem would exist ANYTIME a router does not have the
> route-targets configured.
>
> Now the confusion points:
>
> 1) The RD is BGP related, so be careful with the statement that it is only
> RT related. I'm sure you understand this. It just sounded weird and I want
> to make sure I understood you correctly.
>
> 2) I did not say "required to send". I said " This proves that the
> route-target filter command is NOT required to be configured to send BGP
> information to a BGP peer. Even when they are EBGP peers that DO NOT have
> the RT's configured.
>
> 3) This is a control plane thing that allows the P routers to use an inner
> label that they did not originate for the use of FORWARDING traffic from
> one
> AS to another. (This is the DATA PLANE INTERACTION that is strange to
> some.)
> If this did not take place. The DATA PLANE would be broken as there is no
> TOP label to hide the MPLS VPN label between AS's.
>
> Paul
> --
> Paul Negron
> CCIE# 14856 CCSI# 22752
> Senior Technical Instructor
> www.micronicstraining.com
>
>
>
> > From: Carlos G Mendioroz <tron_at_huapi.ba.ar>
> > Date: Sun, 22 Aug 2010 22:26:33 -0300
> > To: Paul Negron <negron.paul_at_gmail.com>
> > Cc: Adam Booth <adam.booth_at_gmail.com>, Brad Edgeworth <
> edgie512_at_gmail.com>,
> > Cisco certification <ccielab_at_groupstudy.com>
> > Subject: Re: MPLS Route Targets
> >
> > Sorry, I don't get a clear message from you, although I think I do
> > understand what the command does :-/
> >
> > Confusion items:
> > * You put in the bag RDs and RTs, and AFAIK, this is only RT related.
> > * You talk about being required to send... and that make no sense to me.
> > * You even talk about LDP and second label, when AFAIK this is a control
> > plane thing, BGP only.
> >
> > What my understanding is now is that this is an implicit filter based on
> > import targets to reduce the BGP table size of PEs.
> > And a nasty surprise if your PE talks eBGP to someone that wants that
> > information, or if the router is a reflector, or confed intra AS
> boundary.
> > Or said another way, this filter is designed for leaf PEs that only care
> > about prefixes for their VRFs, and you'd better disable it if the router
> > is in a BGP transit path.
> >
> > -Carlos
> >
> >
> > Paul Negron @ 22/08/2010 3:16 -0300 dixit:
> >> Man I almost confused myself. Here is the answer simplified.
> >>
> >> By default, a router that DOES NOT have the RT and RD information will
> >> reject the routes as not supporting the extended-community value and
> will
> >> NOT be visible in the bRIB.
> >>
> >> The route-target filter allows a VPNv4 participating router to view both
> the
> >> route-target and the RD information even when it does not have the RT or
> RD
> >> information defined.
> >>
> >> The newly learned RT and RD information can then be shared with ANOTHER
> >> VPNv4 (E)BGP peer. When the route-target filter is removed from the new
> EBGP
> >> peer, the bRIB learns the RD and RT information from the Originating
> EBGP
> >> peer.
> >>
> >> This proves that the route-target filter command is not required to send
> BGP
> >> information. It is ONLY used to reveal information that was at one time
> >> rejected. This also allows the BGP peer to advertise these routes to
> another
> >> peer.
> >>
> >>
> >> Sorry folks. A little late for me to be answering questions.
> >> Hope this helps.
> >>
> >> Paul
> >>
> >> Paul Negron
> >> CCIE# 14856 CCSI# 22752
> >> Senior Technical Instructor
> >> www.micronicstraining.com
> >>
> >>
> >>
> >>> From: Paul Negron <negron.paul_at_gmail.com>
> >>> Date: Sat, 21 Aug 2010 23:15:23 -0600
> >>> To: Carlos G Mendioroz <tron_at_huapi.ba.ar>
> >>> Cc: Adam Booth <adam.booth_at_gmail.com>, Brad Edgeworth <
> edgie512_at_gmail.com>,
> >>> Cisco certification <ccielab_at_groupstudy.com>
> >>> Conversation: MPLS Route Targets
> >>> Subject: Re: MPLS Route Targets
> >>>
> >>> Ah! I think the confusion here is the purpose of the command. The
> purpose is
> >>> to prevent a PE router from making those route-targets visible to ANY
> >>> upstream BGP peer that does not configure the RT that matched the
> Downstream
> >>> PE.
> >>>
> >>> That said, If the 2 EBGP P routers can remove the route-target filter
> and
> >>> use
> >>> the inner most label to send traffic, then the command is NOT REQUIRED
> to
> >>> pass
> >>> on RD and RT information with the (NON-LDP) VPNv4 EBGP peer. Try and
> say
> >>> that
> >>> 10 times. Crap!! :-)
> >>>
> >>> Does this make sense?
> >>>
> >>>
> >>> --
> >>> Paul Negron
> >>> CCIE# 14856 CCSI# 22752
> >>> Senior Technical Instructor
> >>> www.micronicstraining.com
> >>>
> >>>
> >>>
> >>>> From: Carlos G Mendioroz <tron_at_huapi.ba.ar>
> >>>> Date: Sat, 21 Aug 2010 08:02:43 -0300
> >>>> To: Paul Negron <negron.paul_at_gmail.com>
> >>>> Cc: Adam Booth <adam.booth_at_gmail.com>, Brad Edgeworth <
> edgie512_at_gmail.com>,
> >>>> Cisco certification <ccielab_at_groupstudy.com>
> >>>> Subject: Re: MPLS Route Targets
> >>>>
> >>>> Cool.
> >>>> Just one question, as I have never labbed nor have experience in
> >>>> inter-AS mpls vpns: You say "in order to see" the route targets,
> >>>> but my impression of the command (no bgp default route-target filter)
> >>>> is that it actually filters, so for a reflector or a vpnv4 eBGP peer,
> >>>> you would actually need it in order to exchange such routes
> >>>> (those with no RTs used by local VRFs). Is that correct ?
> >>>>
> >>>> Thanks,
> >>>> -Carlos
> >>>>
> >>>> Paul Negron @ 20/08/2010 21:52 -0300 dixit:
> >>>>> All,
> >>>>>
> >>>>> When configuring Inter-AS VPN, The P routers ARE participating in BGP
> >>>>> under
> >>>>> the VPNv4 Address-Family and will use the inner label to switch from
> >>>>> carrier
> >>>>> to carrier. The default route target must be lifted in order to see
> the
> >>>>> route-targets on the P router. The only other way I know of is to
> >>>>> configure
> >>>>> the route-targets on a vrf that is on the P router but not applied to
> any
> >>>>> interfaces.
> >>>>>
> >>>>> A similar problem would take place when using Confederations.
> >>>>>
> >>>>> The command that dumps the information on that P router or ANY router
> that
> >>>>> the route-targets are not configured on, is " no bgp default
> route-target
> >>>>> filter" under the BGP process. All of the RD information is seen.
> Even
> >>>>> more
> >>>>> than a router that has the RT's configured.
> >>>>>
> >>>>>
> >>>>> Paul
> >>>> --
> >>>> Carlos G Mendioroz <tron_at_huapi.ba.ar> LW7 EQI Argentina
> >>
> >>
> >> Blogs and organic groups at http://www.ccie.net
> >>
> >> _______________________________________________________________________
> >> Subscription information may be found at:
> >> http://www.groupstudy.com/list/CCIELab.html
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >
> > --
> > Carlos G Mendioroz <tron_at_huapi.ba.ar> LW7 EQI Argentina
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>
>
>
>

-- 
Narbik Kocharians
CCSI#30832, CCIE# 12410 (R&S, SP, Security)
www.MicronicsTraining.com
Sr. Technical Instructor
YES! We take Cisco Learning Credits!
Training And Remote Racks available
Blogs and organic groups at http://www.ccie.net