Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel

MPLS VPN Partioned RR Design with ORF using extcommunity !

Dear All

I am trying to test the use of ORF with extcommunity using "bgp rr-group" to make the PEs not advertise any routes with extcommunity which are not allowed on the RR using " bgp rr-group" command..

I am not sure if I have misinterpreted using "bgp rr-group" for testing ORF at the RR to advertise the list of RTs it wants to receive updates from Route-Reflector-Client PEs..May be there is some other way round for using ORF with extcommunity RT..

I can see on the RR that I am only placing the routes which are permitted under the extcommunity list allowed under "bgp rr-group" config but the PEs are still advertising all the routes and ORF is not working ..Below are my configs

address-family vpnv4

  bgp rr-group 10

  neighbor mp-ibgp send-community extended

  neighbor mp-ibgp route-reflector-client

  neighbor mp-ibgp capability orf prefix-list send

  neighbor mp-ibgp route-map cus1 in

  neighbor 10.0.1.1 activate

  neighbor 10.0.6.1 activate

exit-address-family

!

ip extcommunity-list 10 permit rt 64513:100

!

!

!

route-map cus1 permit 10

match extcommunity 10

!

I am not sure how can I make the RR advertise the set of RTs it is permitting to the PEs so that they can stop advertising the unwanted routes..

I can see on the PE though for ORF capability received but it says for Prefix-List and not extcommunity

edge1.pop1#show ip bgp vpnv4 all neighbors 10.0.2.1

BGP neighbor is 10.0.2.1,  remote AS 64513, internal link

Member of peer-group mp-ibgp for session parameters

  BGP version 4, remote router ID 10.0.2.1

  BGP state = Established, up for 00:06:10

  Last read 00:00:34, last write 00:00:35, hold time is 180, keepalive interval

is 60 seconds

  Neighbor sessions:

    1 active, is multisession capable

  Neighbor capabilities:

    Route refresh: advertised and received(new)

    Four-octets ASN Capability: advertised and received

    Address family VPNv4 Unicast: advertised and received

    Multisession Capability: advertised and received

  Message statistics, state Established:

    InQ depth is 0

    OutQ depth is 0

                         Sent       Rcvd

    Opens:                  1          1

    Notifications:          0          0

    Updates:                4          5

    Keepalives:             7          7

    Route Refresh:          0          0

    Total:                 12         13

  Default minimum time between advertisement runs is 0 seconds

For address family: VPNv4 Unicast

  Session: 10.0.2.1 session 1

  BGP table version 10, neighbor version 10/0

  Output queue size : 0

  Index 15

  Address family not supported notification sent

  15 update-group member

  mp-ibgp peer-group member

  NEXT_HOP is always this router

  AF-dependant capabilities:

    Outbound Route Filter (ORF) type (128) Prefix-list:

      Send-mode: received

Regards

Varma

Everyone's tags (1)
1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

MPLS VPN Partioned RR Design with ORF using extcommunity !

Hi Kishore,

ORF for ext communities -and hence RT- was never implemented.

You could look at RT Constrained route distribution. This is filtering outbound from the RRs to the PEs. You do not have to configure "filters" for this feature, it is automatic.

http://www.cisco.com/en/US/partner/docs/ios/ios_xe/iproute_bgp/configuration/guide/irg_rt_filter_xe.html

Thanks,

Luc

9 REPLIES
Cisco Employee

MPLS VPN Partioned RR Design with ORF using extcommunity !

Hi Varma,

The inbound route filtering, i.e. the rr-group and Route-Target ext-comm list, will work.

Outbound filtering, i.e. ORF, is not supported for Route-Targets. ORF is prefix-list based, not RT-based.

Thanks,

Luc

MPLS VPN Partioned RR Design with ORF using extcommunity !

Hi Luc

Thanks a lot for the clarification..I was going through various online documentation where it was mentioned that ORF can be used with extcommunity also ..I did try it as mentioned in my first post but it did not work though

In the book "MPLS and VPN Architectures" -Part2:MPLS-based Virtual Private Networks/Chapter 9 & Chapter 12 its mentioned

Route Reflection and ORF Capability

This solution is provided through use of the ORF capability . Using this capability, each route reflector is preconfigured with a list of route targets that it will accept for reflection to any PE-clients. All the PE-clients are treated as a single peer group, so the ORF capability is used to set the outbound filtering of the PE-client so that it does not send unwanted routes toward the route reflector.


Regards

Varma

MPLS VPN Partioned RR Design with ORF using extcommunity !

Varma,

In your config you are using the inbound route filtering for the RT's on the RR. so I take it that its working on the RR.

It's only the PE's that are still advertising all the routes right?

Kishore

MPLS VPN Partioned RR Design with ORF using extcommunity !

Hi Varma,

I do see you point

As per the link below it says that it ORF supports extended communities. This link is taken from MPLS and VPN Architecutures Vol II

http://etutorials.org/Networking/MPLS+VPN+Architectures/Part+2+MPLS-based+Virtual+Private+Networks/Chapter+9.+MPLS+VPN+Architecture+Operation/Outbound+Route+Filtering+ORF+and+Route+Refresh+Features/

Table 9-3. ORF?ORF-type Definitions

ORF-type

ORF-type Value

Description

NLRI

1

The NLRI ORF-type provides address prefixes based on route filtering.

Communities

2

The Communities ORF-type provides communities-based route filtering.

Extended Communities

3

The Extended Communities ORF-type provides extended community-based route filtering.

Prefix-list

129

The Prefix-list ORF-type provides prefix-list route filtering.

However,  as Luc mentioned I have always seen ORF for prefix-list.In fact even in the IOS there is no provision or option to use anything else other than a prefix-list. Ivan is a distinguished engineer surely there might have been some implementations in the past or something..

Luc, do you think you can please confirm if at any stage the ORF for RT's was ever used. I know you can get the inside story.

Appreciate your help

Regards

Kishore

Cisco Employee

MPLS VPN Partioned RR Design with ORF using extcommunity !

Hi Kishore,

ORF for ext communities -and hence RT- was never implemented.

You could look at RT Constrained route distribution. This is filtering outbound from the RRs to the PEs. You do not have to configure "filters" for this feature, it is automatic.

http://www.cisco.com/en/US/partner/docs/ios/ios_xe/iproute_bgp/configuration/guide/irg_rt_filter_xe.html

Thanks,

Luc

MPLS VPN Partioned RR Design with ORF using extcommunity !

Hi Luc

Thanks a lot for clarifying the ORF feature for extcommunity-RT..Yes I did see for the IOS-XE implementation.

Hey Kishore

Nice to see you again Yes that was the problems of PE still advertsing all routes but now it all makes sense after Luc's explaination.

Thanks again to both of you.

Regards

Varma

Cisco Employee

Re: MPLS VPN Partioned RR Design with ORF using extcommunity !

Hi Varma,

It is almost a futile attempt to add anything to Luc's and Kishore's answers... just wanted to add that for currently existing ORF types, the IANA is maintaining a ORF type list here:

http://www.iana.org/assignments/bgp-parameters/bgp-parameters.xml#bgp-parameters-9

Currently, the prefix-based ORF has the type number 64. Other are currently unassigned.

Best regards,

Peter

Re: MPLS VPN Partioned RR Design with ORF using extcommunity !

Hi Peter

Thanks much for sharing the link

Regards

Varma

Community Member

MPLS VPN Partioned RR Design with ORF using extcommunity !

Hi Luc,

Do you konw if it is going to be supported in near future on IOS-XR at least ?

The feature is really good to be used on IOS-XE ( ASR1K as RR and PE ) but can't take full benefit unless other PE like 12K supports this so was curious when can we see in XR ?

Regards,

Chintan

2072
Views
10
Helpful
9
Replies
CreatePlease to create content