В маршрутизаторах серии ME имеется возможность как фильтровать маршруты, распространяющиеся из VRF в BGP VPNv4, так и менять при этом атрибуты маршрутов.
По умолчанию все имеющиеся в VRF маршруты отдаются в BGP VPNv4, при этом в качестве атрибутов excommunity передаются атрибуты заданные в конфигурации VRF.
Конфигурация VRF и BGP соседа. На ответной стороне конфигурация идентична
vrf common
export route-target 64499:100
import route-target 64499:100
rd 64499:100
exit
router bgp 64499
address-family vpnv4 unicast
exit
bgp router-id 10.0.0.1
neighbor 10.0.0.2
address-family vpnv4 unicast
exit
remote-as 64499
send-community
send-community-ext
update-source 10.0.0.1
exit
Маршруты, установленные в VRF common:
0/ME5100revX:R-main# show route vrf common
Fri Nov 10 17:35:44 2023
Codes: C - connected, S - static, O - OSPF, B - BGP, L - local
IA - OSPF inter area, EA - OSPF intra area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2,
LE1 - IS-IS level1 external, LE2 - IS-IS level2 external
BI - BGP internal, BE - BGP external, BV - BGP vpn,
BL - BGP labeled, R - RIP
S 172.16.100.0/24 via 192.168.100.130 [1/1], 01h18m36s, te0/0/15.100
S 172.16.150.0/24 via 192.168.100.130 [1/1], 01h18m36s, te0/0/15.100
S 172.16.200.0/24 via 192.168.100.130 [1/1], 01h18m36s, te0/0/15.100
S 172.16.250.0/24 via 192.168.100.130 [1/1], 01h18m36s, te0/0/15.100
L 192.168.100.0/32 is directly connected, 02h49m02s, lo100
C 192.168.100.128/25 is directly connected, 01h24m37s, te0/0/15.100
L 192.168.100.129/32 is directly connected, 01h24m37s, te0/0/15.100
Total entries: 7
Маршруты, передающиеся в BGP VPNv4 на маршрутизаторе R-main и полученные на маршрутизаторе R-branch
0/ME5100revX:R-main# show bgp vpnv4
Fri Nov 10 17:36:20 2023
BGP router identifier 10.0.0.1, local AS number 64499
Graceful Restart is disabled
BGP table state: active
BGP scan interval: 120 secs
Status codes: d damped, h history, > best, b backup, S stale, * active, u untracked, i internal
Origin codes: i igp, e egp, ? incomplete
Route Distinguisher IP Prefix Next hop Metric Label LocPrf Weight Path
-------------------------- --------------------- ---------------- ------- ----------- ------- ------- -----
u> 64499:100 172.16.100.0/24 0 79 100 32768 ?
u> 64499:100 172.16.150.0/24 0 79 100 32768 ?
u> 64499:100 172.16.200.0/24 0 79 100 32768 ?
u> 64499:100 172.16.250.0/24 0 79 100 32768 ?
u> 64499:100 192.168.100.0/32 0 79 100 32768 ?
u> 64499:100 192.168.100.128/25 0 79 100 32768 ?
0/ME5200:R-branch# show bgp vpnv4
Fri Nov 10 17:59:40 2023
BGP router identifier 10.0.0.2, local AS number 64499
Graceful Restart is disabled
BGP table state: active
BGP scan interval: 120 secs
Status codes: d damped, h history, > best, b backup, S stale, * active, u untracked, i internal
Origin codes: i igp, e egp, ? incomplete
Route Distinguisher IP Prefix Next hop Metric Label LocPrf Weight Path
-------------------------- --------------------- ---------------- ------- ----------- ------- ------- -----
u>i 64499:100 172.16.100.0/24 10.0.0.1 0 79 100 0 ?
u>i 64499:100 172.16.150.0/24 10.0.0.1 0 79 100 0 ?
u>i 64499:100 172.16.200.0/24 10.0.0.1 0 79 100 0 ?
u>i 64499:100 172.16.250.0/24 10.0.0.1 0 79 100 0 ?
u>i 64499:100 192.168.100.0/32 10.0.0.1 0 79 100 0 ?
u>i 64499:100 192.168.100.128/25 10.0.0.1 0 79 100 0 ?
0/ME5100revX:R-main# show bgp vpnv4 unicast rd 64499:100 192.168.100.0/32
Fri Nov 10 17:38:02 2023
BGP router identifier 10.0.0.1, local AS number 64499
BGP routing table entry for 192.168.100.0/32
Path #0
AS path:
RD 64499:100 (10.0.0.1), Source VRF: common
Local Label: 79
Origin incomplete, metric 0, local-pref 100, weight 32768, not-tracked, best
Address family: ipv4/vpn
NLRI pathID: 0
Aggregator AS: 0, Address: 0.0.0.0, Atomic aggregate: absent
Extended Community: RT 64499:100 (0.0.0.100) <============= Атрибут RT, указанный при конфигурации VRF
Is not stale, is not history
Route flap penalty: 0, flap count 0, is not suppressed
Route flap time left: 00:00:00, time start: never
Route is not ECMP
Total entries: 1
Однако, в некоторых случаях требуется именить атрибуты RT в части префиксов, или вовсе не передавать префиксы в BGP VPNv4.
Ниже задача и пример её решения.
Как видно из схемы, требуется часть маршрутов из VRF common на маршрутизаторе R-main перераспределить по нескольким VRF на маршрутизаторе R-branch.
Последовательность достижения цели в нашем примере будет выглядеть так:
- Создаются prefix-list , в которых группируются сети для разных VRF
prefix-list common-to-part1
seq-num 10
prefix 172.16.100.0/24
exit
exit
prefix-list common-to-part2
seq-num 10
prefix 172.16.150.0/24
exit
exit
prefix-list common-to-part3
seq-num 10
prefix 172.16.200.0/24
exit
seq-num 20
prefix 172.16.250.0/24
exit
exit
- Создаётся route-map, в которой описывается порядок назначения атрибутов
route-map common-export
seq-num 10
match prefix-list destination common-to-part1
set extcommunity set-specific rt value 64499:101
exit
seq-num 20
match prefix-list destination common-to-part2
set extcommunity set-specific rt value 64499:102
exit
seq-num 30
match prefix-list destination common-to-part3
set extcommunity set-specific rt value 64499:103
exit
exit
- Отменяется правило автоматической редистрибуции маршрутов из VRF в BGP VPNv4. Команда применяется глобально, после её применения передача маршрутов будет происходить только в соответствиями с правилами редистрибуции для всех VRF
router bgp 64499
address-family vpnv4 unicast
redistribution manual
exit
- В конфигурации VRF отменяется назначение атрибута export RT, в противном случае при редистрибуции префикс будет иметь два атрибута RT. Так же добавляем список атрибутов префиксов, которые будут попадать в VRF от соседних маршрутизаторов
vrf common import route-target 64499:100 import route-target 64499:101 import route-target 64499:102 import route-target 64499:103 rd 64499:100 exit
- Формируется правило редистрибуции маршрутов в соответствии с route-map
address-family vpnv4 unicast
redistribution manual
redistribution static vrf-common
match vrf common
route-map common-export
exit
exit
Иллюстрация полученных результатов:
Маршруты в соответствующих VRF на маршрутизаторе R-branch
0/ME5200:R-branch# show route vrf part1
Tue Nov 14 15:55:13 2023
Codes: C - connected, S - static, O - OSPF, B - BGP, L - local
IA - OSPF inter area, EA - OSPF intra area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2,
LE1 - IS-IS level1 external, LE2 - IS-IS level2 external
BI - BGP internal, BE - BGP external, BV - BGP vpn,
BL - BGP labeled, R - RIP
B BV 172.16.100.0/24 via 10.0.0.1 [200/0], 03h58m13s
L 192.168.101.0/32 is directly connected, 03d23h43m, lo101
C 192.168.101.128/25 is directly connected, 03d23h43m, te0/0/15.101
L 192.168.101.129/32 is directly connected, 03d23h43m, te0/0/15.101
Total entries: 4
0/ME5200:R-branch# show route vrf part2
Tue Nov 14 15:55:16 2023
Codes: C - connected, S - static, O - OSPF, B - BGP, L - local
IA - OSPF inter area, EA - OSPF intra area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2,
LE1 - IS-IS level1 external, LE2 - IS-IS level2 external
BI - BGP internal, BE - BGP external, BV - BGP vpn,
BL - BGP labeled, R - RIP
B BV 172.16.150.0/24 via 10.0.0.1 [200/0], 00h00m34s
L 192.168.102.0/32 is directly connected, 03d23h43m, lo102
C 192.168.102.128/25 is directly connected, 03d23h43m, te0/0/15.102
L 192.168.102.129/32 is directly connected, 03d23h43m, te0/0/15.102
Total entries: 4
0/ME5200:R-branch# show route vrf part3
Tue Nov 14 15:55:18 2023
Codes: C - connected, S - static, O - OSPF, B - BGP, L - local
IA - OSPF inter area, EA - OSPF intra area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2,
LE1 - IS-IS level1 external, LE2 - IS-IS level2 external
BI - BGP internal, BE - BGP external, BV - BGP vpn,
BL - BGP labeled, R - RIP
B BV 172.16.200.0/24 via 10.0.0.1 [200/0], 00h00m36s
B BV 172.16.250.0/24 via 10.0.0.1 [200/0], 03h58m18s
L 192.168.103.0/32 is directly connected, 03d23h43m, lo103
C 192.168.103.128/25 is directly connected, 03d23h43m, te0/0/15.103
L 192.168.103.129/32 is directly connected, 03d23h43m, te0/0/15.103
Total entries: 5
Список маршрутов, полученных в BGP VPNv4 и атрибуты RT на них
0/ME5200:R-branch# show bgp vpnv4
Tue Nov 14 15:56:19 2023
BGP router identifier 10.0.0.2, local AS number 64499
Graceful Restart is disabled
BGP table state: active
BGP scan interval: 120 secs
Status codes: d damped, h history, > best, b backup, S stale, * active, u untracked, i internal
Origin codes: i igp, e egp, ? incomplete
Route Distinguisher IP Prefix Next hop Metric Label LocPrf Weight Path
-------------------------- --------------------- ---------------- ------- ----------- ------- ------- -----
u>i 64499:100 172.16.100.0/24 10.0.0.1 0 72 100 0 ?
u>i 64499:100 172.16.150.0/24 10.0.0.1 0 72 100 0 ?
u>i 64499:100 172.16.200.0/24 10.0.0.1 0 72 100 0 ?
u>i 64499:100 172.16.250.0/24 10.0.0.1 0 72 100 0 ?
u> 64499:101 192.168.101.0/32 0 33 100 32768 ?
u> 64499:101 192.168.101.128/25 0 33 100 32768 ?
u> 64499:102 192.168.102.0/32 0 34 100 32768 ?
u> 64499:102 192.168.102.128/25 0 34 100 32768 ?
u> 64499:103 192.168.103.0/32 0 35 100 32768 ?
u> 64499:103 192.168.103.128/25 0 35 100 32768 ?
Total entries: 14
0/ME5200:R-branch# show bgp vpnv4 unicast rd 64499:100 172.16.100.0/24
Tue Nov 14 15:56:45 2023
BGP router identifier 10.0.0.2, local AS number 64499
BGP routing table entry for 172.16.100.0/24
Path #0
AS path:
RD 64499:100, 10.0.0.1 from 10.0.0.1 (10.0.0.1), Source VRF: part1
Received Label: 72
Origin incomplete, metric 0, local-pref 100, weight 0, not-tracked, internal, best
Address family: ipv4/vpn
NLRI pathID: 0
Aggregator AS: 0, Address: 0.0.0.0, Atomic aggregate: absent
Extended Community: RT 64499:101 (0.0.0.101) <============= Атрибут RT, назначенный при редистрибуции
Is not stale, is not history
Route flap penalty: 0, flap count 0, is not suppressed
Route flap time left: 00:00:00, time start: never
Route is not ECMP
Total entries: 1
0/ME5200:R-branch# show bgp vpnv4 unicast rd 64499:100 172.16.250.0/24
Tue Nov 14 15:56:55 2023
BGP router identifier 10.0.0.2, local AS number 64499
BGP routing table entry for 172.16.250.0/24
Path #0
AS path:
RD 64499:100, 10.0.0.1 from 10.0.0.1 (10.0.0.1), Source VRF: part3
Received Label: 72
Origin incomplete, metric 0, local-pref 100, weight 0, not-tracked, internal, best
Address family: ipv4/vpn
NLRI pathID: 0
Aggregator AS: 0, Address: 0.0.0.0, Atomic aggregate: absent
Extended Community: RT 64499:103 (0.0.0.103) <============= Атрибут RT, назначенный при редистрибуции
Is not stale, is not history
Route flap penalty: 0, flap count 0, is not suppressed
Route flap time left: 00:00:00, time start: never
Route is not ECMP
Total entries: 1
0/ME5200:R-branch#
Маршруты в VRF common на маршрутизаторе R-main
0/ME5100revX:R-main# show route vrf common
Tue Nov 14 16:04:22 2023
Codes: C - connected, S - static, O - OSPF, B - BGP, L - local
IA - OSPF inter area, EA - OSPF intra area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2,
LE1 - IS-IS level1 external, LE2 - IS-IS level2 external
BI - BGP internal, BE - BGP external, BV - BGP vpn,
BL - BGP labeled, R - RIP
S 172.16.100.0/24 via 192.168.100.130 [1/1], 03d23h47m, te0/0/15.100
S 172.16.150.0/24 via 192.168.100.130 [1/1], 03d23h47m, te0/0/15.100
S 172.16.200.0/24 via 192.168.100.130 [1/1], 03d23h47m, te0/0/15.100
S 172.16.250.0/24 via 192.168.100.130 [1/1], 03d23h47m, te0/0/15.100
L 192.168.100.0/32 is directly connected, 04d01h17m, lo100
C 192.168.100.128/25 is directly connected, 03d23h53m, te0/0/15.100
L 192.168.100.129/32 is directly connected, 03d23h53m, te0/0/15.100
B BV 192.168.101.0/32 via 10.0.0.2 [200/0], 01h09m21s
B BV 192.168.101.128/25 via 10.0.0.2 [200/0], 01h09m21s
B BV 192.168.102.0/32 via 10.0.0.2 [200/0], 01h09m21s
B BV 192.168.102.128/25 via 10.0.0.2 [200/0], 01h09m21s
B BV 192.168.103.0/32 via 10.0.0.2 [200/0], 01h09m21s
B BV 192.168.103.128/25 via 10.0.0.2 [200/0], 01h09m21s
Total entries: 13