Re: MPLS VPN Route Target Rewrite

From: Carlos G Mendioroz <tron_at_huapi.ba.ar>
Date: Mon, 31 Jan 2011 19:47:39 -0300

Tom Kacprzynski @ 31/01/2011 19:33 -0300 dixit:
> Carlos,
> Thank you again for your response. I think i'm following what you are
> saying. I guess my main question is why R6 that receives a 172.16.5.0/24
> <http://172.16.5.0/24> MP-BGP routes with a RT set to 100:55 is
> displayed in the MP-BGP table for VRF VPN_A where that VRF does not have
> an import of RT 100:55?

It is not the "MP-BGP table for vrf VPN_A", but the MP-BGP subset
with RD corresponding to vrf VPN_A in this router.

Subtle, but important difference.
What is a VPN is your design decision. What is a VRF is something that
cisco has defined how it works.

> I understand that this route is not imported (by design) to the actual
> forwarding table for VRF VPN_A and only appears in VRF VPN_B; to me it
> seems that both the BGP table and the ip forwarding tables should show
> corresponding data.

Well, they have corresponding data, not the same data because you have
the ability to filter what goes from BGP vpnv4 (global) to BGP vrf
unicast, and then to vrf RIB.

Pay attention, you have actually 2 172.16.5.0/24 routes in vpnv4!
Ready for more confusion ? Don't think so, so this goes rot13:

Vs lbh unq qvssrerag EQf sbe E5 naq E6, lbh jbhyq unir 3 be 4 pbcvrf
bs gung ebhgr vafgrnq bs whfg 2.

-Carlos
>
>
> Output for reference:
>
> Rack1R6#*show ip bgp vpnv4 all*
> BGP table version is 41, local router ID is 150.1.6.6
> Status codes: s suppressed, d damped, h history, * valid, > best, i -
> internal,
> r RIB-failure, S Stale
> Origin codes: i - IGP, e - EGP, ? - incomplete
>
> Network Next Hop Metric LocPrf Weight Path
> Route Distinguisher: 100:1 (*default for vrf VPN_A*)
> <----- VPN_A, why is it displayed here, 100:55 RT is not imported into
> this VRF, and it does not have the RT 100:1 set as an extended community
> on the advertised route.
> *>i155.1.58.0/24 150.1.5.5 0 100 0 ?
> *> 155.1.67.0/24 <http://155.1.67.0/24> 0.0.0.0 0
> 32768 ?
> **>i172.16.5.0/24 150.1.5.5 0 100 0 ?
> <*---- 172.16.5.0/24 <http://172.16.5.0/24>
> *> 172.16.7.0/24 <http://172.16.7.0/24> 155.1.67.7 0
> 32768 ?
>
> Route Distinguisher: 100:2 (default for vrf VPN_B)
> <----- VPN_B
> *>i155.1.5.0/24 150.1.5.5 0 100 0 ?
> *> 155.1.76.0/24 <http://155.1.76.0/24> 0.0.0.0 0
> 32768 ?
> **>i172.16.5.0/24 150.1.5.5 0 100 0 ?**
> <*---- 172.16.5.0/24 <http://172.16.5.0/24>
> *> 192.168.6.0 0.0.0.0 0 32768 ?
> *> 192.168.7.0 155.1.76.7 0 32768 ?
>
>
>
> Rack1R6#*show ip bgp vpnv4 vrf VPN_A*
> BGP table version is 41, local router ID is 150.1.6.6
> Status codes: s suppressed, d damped, h history, * valid, > best, i -
> internal,
> r RIB-failure, S Stale
> Origin codes: i - IGP, e - EGP, ? - incomplete
>
> Network Next Hop Metric LocPrf Weight Path
> Route Distinguisher: 100:1 (*default for vrf VPN_A*)
> <----- no 172.16.5.0/24 <http://172.16.5.0/24> route (see below)
> *>i155.1.58.0/24 150.1.5.5 0 100 0 ?
> *> 155.1.67.0/24 <http://155.1.67.0/24> 0.0.0.0 0
> 32768 ?
> *> 172.16.7.0/24 <http://172.16.7.0/24> 155.1.67.7 0
> 32768 ?
>
>
> Thank you for you help on this.
>
> TK
>
>
>
> On Sun, Jan 30, 2011 at 12:23 PM, Carlos G Mendioroz <tron_at_huapi.ba.ar
> <mailto:tron_at_huapi.ba.ar>> wrote:
>
> Tom,
> RDs make part of the route identifier, i.e., the update object that
> MP-BGP transmits. RTs are communities, i.e., information elements
> that go with the update.
>
> You are seeing the 100:1:172.16.5.0/24 <http://172.16.5.0/24> in
> both R5 and R6, and it has
> the RT 100:55.
>
> Now, at R6, you can see this route with "show ip bgp vpnv4 all" because
> you are asking for ALL vpnv4 routes.
> It is even listed under the 100:1 section, wich is VPN_A RD at R6
> (and R5, which is generating this route).
>
> But at R6, you are importing only RT 100:1 into VPN_A, and this route
> does not have this RT, so the route does not make it into vrf VPN_A.
>
> Makes sense ?
> Some guys will advise you not to use the same RD at different routers,
> so you will not get this confusing states. In production, I would
> actually agree. But for the IE, I'd prefer to have it very clear how
> it works.
>
> -Carlos
>
> Tom Kacprzynski @ 30/01/2011 12:49 -0300 dixit:
>
> Carlos,
> Thank you for your reply. My configuration is below, but
> basically i'm
> trying to take the route 172.16.5.0/24 <http://172.16.5.0/24>
> from VPN_A on R5, rewrite its
> extended community route tag to 100:55 and have that route-tag
> imported into
> VPN_B on R6. I have to say that it does work in terms that only
> VPN_B sees
> it, but i don't understand why it shows that route in both BGP
> VPNv4 tables
> for VPN_A and VPN_B.
>
> R6#
> ip vrf VPN_A
> rd 100:1
> route-target export 100:1
> route-target import 100:1
> ip vrf VPN_B
> rd 100:2
> route-target export 100:2
> route-target import 100:2
> * route-target import 100:55*
>
> R5#
> ip vrf VPN_A
> rd 100:1
> export map VPN-A-EXPORT
> route-target export 100:1
> route-target import 100:1
> route-target import 100:55
> ip vrf VPN_B
> rd 100:2
> route-target export 100:2
> route-target import 100:2
>
>
> R5#sh route-map VPN-A-EXPORT
> route-map VPN-A-EXPORT, permit, sequence 10
> Match clauses:
> ip address prefix-lists: LO101
> Set clauses:
> extended community RT:100:55
> Policy routing matches: 0 packets, 0 bytes
> route-map VPN-A-EXPORT, permit, sequence 100
> Match clauses:
> Set clauses:
> extended community RT:100:1
> Policy routing matches: 0 packets, 0 bytes
>
> Thank you.
>
> TK
>
>
> On Sat, Jan 29, 2011 at 11:45 AM, Carlos G Mendioroz
> <tron_at_huapi.ba.ar <mailto:tron_at_huapi.ba.ar>>wrote:
>
> Sounds like a problem with the import RT for vrf VPN_A ?
> The route is there with RT 100:55. What are you importing ?
> -Carlos
>
> Tom Kacprzynski @ 29/01/2011 14:23 -0300 dixit:
>
> Hello experts,
> Doing a lab wiht MP-BGP and can't seem to figure out how
> is it possible to
> get this output. When I do *show ip bgp vpnv4 vrf VPN_A
> *I don't see
> 172.16.5.0/24 <http://172.16.5.0/24> route, but when i
> do *show ip bgp vpnv4 all *I see that
> same
> route. Shouldn't both of them show the same information.
> I this lab (INE
> 14.5) I'm asked to rewrite that prefix's route target
> and export it from
> one VRF table to the VPN_A table.
>
> Rack1R6#*show ip bgp vpnv4 vrf VPN_A*
> BGP table version is 41, local router ID is 150.1.6.6
> Status codes: s suppressed, d damped, h history, *
> valid, > best, i -
> internal,
> r RIB-failure, S Stale
> Origin codes: i - IGP, e - EGP, ? - incomplete
>
> Network Next Hop Metric LocPrf
> Weight Path
> Route Distinguisher: 100:1 (*default for vrf VPN_A*)
> <----- no 172.16.5.0/24 <http://172.16.5.0/24> route
> (see below)
> *>i155.1.58.0/24 150.1.5.5 0 100
> 0 ?
> *> 155.1.67.0/24 <http://155.1.67.0/24> 0.0.0.0
> 0 32768 ?
> *> 172.16.7.0/24 <http://172.16.7.0/24> 155.1.67.7
> 0 32768 ?
>
>
> Rack1R6#*show ip bgp vpnv4 all*
> BGP table version is 41, local router ID is 150.1.6.6
> Status codes: s suppressed, d damped, h history, *
> valid, > best, i -
> internal,
> r RIB-failure, S Stale
> Origin codes: i - IGP, e - EGP, ? - incomplete
>
> Network Next Hop Metric LocPrf
> Weight Path
> Route Distinguisher: 100:1 (*default for vrf VPN_A*)
> *>i155.1.58.0/24 150.1.5.5 0 100
> 0 ?
> *> 155.1.67.0/24 <http://155.1.67.0/24> 0.0.0.0
> 0 32768 ?
> **>i172.16.5.0/24 150.1.5.5 0 100
> 0 ?
> <*---- 172.16.5.0/24 <http://172.16.5.0/24>
> *> 172.16.7.0/24 <http://172.16.7.0/24> 155.1.67.7
> 0 32768 ?
> Route Distinguisher: 100:2 (default for vrf VPN_B)
> *>i155.1.5.0/24 150.1.5.5 0 100
> 0 ?
> *> 155.1.76.0/24 <http://155.1.76.0/24> 0.0.0.0
> 0 32768 ?
> **>i172.16.5.0/24 150.1.5.5 0 100
> 0 ?**
> <*---- 172.16.5.0/24 <http://172.16.5.0/24>
> *> 192.168.6.0 0.0.0.0 0
> 32768 ?
> *> 192.168.7.0 155.1.76.7 0
> 32768 ?
>
>
>
>
> Rack1R6#*show ip bgp vpnv4 all 172.16.5.0*
> BGP routing table entry for 100:1:172.16.5.0/24
> <http://172.16.5.0/24>, version 31
> Paths: (1 available, best #1, *no table*)
> Not advertised to any peer
> Local
> 150.1.5.5 (metric 66) from 150.1.4.4 (150.1.4.4)
> Origin incomplete, metric 0, localpref 100, valid,
> internal, best
> Extended Community: RT:100:55
> Originator: 150.1.5.5, Cluster list: 150.1.4.4
> mpls labels in/out nolabel/25
> BGP routing table entry for 100:2:172.16.5.0/24
> <http://172.16.5.0/24>, version 34
> Paths: (1 available, best #1, table *VPN_B*)
> Not advertised to any peer
> Local, imported path from 100:1:172.16.5.0/24
> <http://172.16.5.0/24>
> 150.1.5.5 (metric 66) from 150.1.4.4 (150.1.4.4)
> Origin incomplete, metric 0, localpref 100, valid,
> internal, best
> Extended Community: RT:100:55
> Originator: 150.1.5.5, Cluster list: 150.1.4.4
> mpls labels in/out nolabel/25
>
>
> Thank you for any help.. i'm really stuck on this and
> can't figure it out.
> I
> fee like i'm missing some piece of information.
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>
>
>
>
> --
> Carlos G Mendioroz <tron_at_huapi.ba.ar
> <mailto:tron_at_huapi.ba.ar>> LW7 EQI Argentina
>
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>
>
>
>
> --
> Carlos G Mendioroz <tron_at_huapi.ba.ar <mailto:tron_at_huapi.ba.ar>>
> LW7 EQI Argentina
>
> 

-- 
Carlos G Mendioroz  <tron_at_huapi.ba.ar>  LW7 EQI  Argentina
Blogs and organic groups at http://www.ccie.net
Received on Mon Jan 31 2011 - 19:47:39 ART

This archive was generated by hypermail 2.2.0 : Tue Feb 01 2011 - 07:39:17 ART