В маршрутизаторах серии ME имеется возможность как фильтровать маршруты, распространяющиеся из VRF в BGP VPNv4, так и менять при этом атрибуты маршрутов.
По умолчанию все имеющиеся в VRF маршруты отдаются в BGP VPNv4, при этом в качестве атрибутов excommunity передаются атрибуты заданные в конфигурации VRF.
Конфигурация VRF и BGP соседа. На ответной стороне конфигурация идентична
vrf common export route-target 64499:100 import route-target 64499:100 rd 64499:100 exit router bgp 64499 address-family vpnv4 unicast exit bgp router-id 10.0.0.1 neighbor 10.0.0.2 address-family vpnv4 unicast exit remote-as 64499 send-community send-community-ext update-source 10.0.0.1 exit
Маршруты, установленные в VRF common:
0/ME5100revX:R-main# show route vrf common Fri Nov 10 17:35:44 2023 Codes: C - connected, S - static, O - OSPF, B - BGP, L - local IA - OSPF inter area, EA - OSPF intra area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, LE1 - IS-IS level1 external, LE2 - IS-IS level2 external BI - BGP internal, BE - BGP external, BV - BGP vpn, BL - BGP labeled, R - RIP S 172.16.100.0/24 via 192.168.100.130 [1/1], 01h18m36s, te0/0/15.100 S 172.16.150.0/24 via 192.168.100.130 [1/1], 01h18m36s, te0/0/15.100 S 172.16.200.0/24 via 192.168.100.130 [1/1], 01h18m36s, te0/0/15.100 S 172.16.250.0/24 via 192.168.100.130 [1/1], 01h18m36s, te0/0/15.100 L 192.168.100.0/32 is directly connected, 02h49m02s, lo100 C 192.168.100.128/25 is directly connected, 01h24m37s, te0/0/15.100 L 192.168.100.129/32 is directly connected, 01h24m37s, te0/0/15.100 Total entries: 7
Маршруты, передающиеся в BGP VPNv4 на маршрутизаторе R-main и полученные на маршрутизаторе R-branch
0/ME5100revX:R-main# show bgp vpnv4 Fri Nov 10 17:36:20 2023 BGP router identifier 10.0.0.1, local AS number 64499 Graceful Restart is disabled BGP table state: active BGP scan interval: 120 secs Status codes: d damped, h history, > best, b backup, S stale, * active, u untracked, i internal Origin codes: i igp, e egp, ? incomplete Route Distinguisher IP Prefix Next hop Metric Label LocPrf Weight Path -------------------------- --------------------- ---------------- ------- ----------- ------- ------- ----- u> 64499:100 172.16.100.0/24 0 79 100 32768 ? u> 64499:100 172.16.150.0/24 0 79 100 32768 ? u> 64499:100 172.16.200.0/24 0 79 100 32768 ? u> 64499:100 172.16.250.0/24 0 79 100 32768 ? u> 64499:100 192.168.100.0/32 0 79 100 32768 ? u> 64499:100 192.168.100.128/25 0 79 100 32768 ? 0/ME5200:R-branch# show bgp vpnv4 Fri Nov 10 17:59:40 2023 BGP router identifier 10.0.0.2, local AS number 64499 Graceful Restart is disabled BGP table state: active BGP scan interval: 120 secs Status codes: d damped, h history, > best, b backup, S stale, * active, u untracked, i internal Origin codes: i igp, e egp, ? incomplete Route Distinguisher IP Prefix Next hop Metric Label LocPrf Weight Path -------------------------- --------------------- ---------------- ------- ----------- ------- ------- ----- u>i 64499:100 172.16.100.0/24 10.0.0.1 0 79 100 0 ? u>i 64499:100 172.16.150.0/24 10.0.0.1 0 79 100 0 ? u>i 64499:100 172.16.200.0/24 10.0.0.1 0 79 100 0 ? u>i 64499:100 172.16.250.0/24 10.0.0.1 0 79 100 0 ? u>i 64499:100 192.168.100.0/32 10.0.0.1 0 79 100 0 ? u>i 64499:100 192.168.100.128/25 10.0.0.1 0 79 100 0 ? 0/ME5100revX:R-main# show bgp vpnv4 unicast rd 64499:100 192.168.100.0/32 Fri Nov 10 17:38:02 2023 BGP router identifier 10.0.0.1, local AS number 64499 BGP routing table entry for 192.168.100.0/32 Path #0 AS path: RD 64499:100 (10.0.0.1), Source VRF: common Local Label: 79 Origin incomplete, metric 0, local-pref 100, weight 32768, not-tracked, best Address family: ipv4/vpn NLRI pathID: 0 Aggregator AS: 0, Address: 0.0.0.0, Atomic aggregate: absent Extended Community: RT 64499:100 (0.0.0.100) <============= Атрибут RT, указанный при конфигурации VRF Is not stale, is not history Route flap penalty: 0, flap count 0, is not suppressed Route flap time left: 00:00:00, time start: never Route is not ECMP Total entries: 1
Однако, в некоторых случаях требуется изменить атрибуты RT в части префиксов, или вовсе не передавать префиксы в BGP VPNv4.
Ниже задача и пример её решения.
Как видно из схемы, требуется часть маршрутов из VRF common на маршрутизаторе R-main перераспределить по нескольким VRF на маршрутизаторе R-branch.
Последовательность достижения цели в нашем примере будет выглядеть так:
- Создаются prefix-list , в которых группируются сети для разных VRF
prefix-list common-to-part1 seq-num 10 prefix 172.16.100.0/24 exit exit prefix-list common-to-part2 seq-num 10 prefix 172.16.150.0/24 exit exit prefix-list common-to-part3 seq-num 10 prefix 172.16.200.0/24 exit seq-num 20 prefix 172.16.250.0/24 exit exit
- Создаётся route-map, в которой описывается порядок назначения атрибутов
route-map common-export seq-num 10 match prefix-list destination common-to-part1 set extcommunity set-specific rt value 64499:101 exit seq-num 20 match prefix-list destination common-to-part2 set extcommunity set-specific rt value 64499:102 exit seq-num 30 match prefix-list destination common-to-part3 set extcommunity set-specific rt value 64499:103 exit exit
- Отменяется правило автоматической редистрибуции маршрутов из VRF в BGP VPNv4. Команда применяется глобально, после её применения передача маршрутов будет происходить только в соответствиями с правилами редистрибуции для всех VRF
router bgp 64499 address-family vpnv4 unicast redistribution manual exit
- В конфигурации VRF отменяется назначение атрибута export RT, в противном случае при редистрибуции префикс будет иметь два атрибута RT. Так же добавляем список атрибутов префиксов, которые будут попадать в VRF от соседних маршрутизаторов
vrf common import route-target 64499:100 import route-target 64499:101 import route-target 64499:102 import route-target 64499:103 rd 64499:100 exit
- Формируется правило редистрибуции маршрутов в соответствии с route-map
address-family vpnv4 unicast redistribution manual redistribution static vrf-common match vrf common route-map common-export exit exit
Иллюстрация полученных результатов:
Маршруты в соответствующих VRF на маршрутизаторе R-branch
0/ME5200:R-branch# show route vrf part1 Tue Nov 14 15:55:13 2023 Codes: C - connected, S - static, O - OSPF, B - BGP, L - local IA - OSPF inter area, EA - OSPF intra area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, LE1 - IS-IS level1 external, LE2 - IS-IS level2 external BI - BGP internal, BE - BGP external, BV - BGP vpn, BL - BGP labeled, R - RIP B BV 172.16.100.0/24 via 10.0.0.1 [200/0], 03h58m13s L 192.168.101.0/32 is directly connected, 03d23h43m, lo101 C 192.168.101.128/25 is directly connected, 03d23h43m, te0/0/15.101 L 192.168.101.129/32 is directly connected, 03d23h43m, te0/0/15.101 Total entries: 4 0/ME5200:R-branch# show route vrf part2 Tue Nov 14 15:55:16 2023 Codes: C - connected, S - static, O - OSPF, B - BGP, L - local IA - OSPF inter area, EA - OSPF intra area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, LE1 - IS-IS level1 external, LE2 - IS-IS level2 external BI - BGP internal, BE - BGP external, BV - BGP vpn, BL - BGP labeled, R - RIP B BV 172.16.150.0/24 via 10.0.0.1 [200/0], 00h00m34s L 192.168.102.0/32 is directly connected, 03d23h43m, lo102 C 192.168.102.128/25 is directly connected, 03d23h43m, te0/0/15.102 L 192.168.102.129/32 is directly connected, 03d23h43m, te0/0/15.102 Total entries: 4 0/ME5200:R-branch# show route vrf part3 Tue Nov 14 15:55:18 2023 Codes: C - connected, S - static, O - OSPF, B - BGP, L - local IA - OSPF inter area, EA - OSPF intra area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, LE1 - IS-IS level1 external, LE2 - IS-IS level2 external BI - BGP internal, BE - BGP external, BV - BGP vpn, BL - BGP labeled, R - RIP B BV 172.16.200.0/24 via 10.0.0.1 [200/0], 00h00m36s B BV 172.16.250.0/24 via 10.0.0.1 [200/0], 03h58m18s L 192.168.103.0/32 is directly connected, 03d23h43m, lo103 C 192.168.103.128/25 is directly connected, 03d23h43m, te0/0/15.103 L 192.168.103.129/32 is directly connected, 03d23h43m, te0/0/15.103 Total entries: 5
Список маршрутов, полученных в BGP VPNv4 и атрибуты RT на них
0/ME5200:R-branch# show bgp vpnv4 Tue Nov 14 15:56:19 2023 BGP router identifier 10.0.0.2, local AS number 64499 Graceful Restart is disabled BGP table state: active BGP scan interval: 120 secs Status codes: d damped, h history, > best, b backup, S stale, * active, u untracked, i internal Origin codes: i igp, e egp, ? incomplete Route Distinguisher IP Prefix Next hop Metric Label LocPrf Weight Path -------------------------- --------------------- ---------------- ------- ----------- ------- ------- ----- u>i 64499:100 172.16.100.0/24 10.0.0.1 0 72 100 0 ? u>i 64499:100 172.16.150.0/24 10.0.0.1 0 72 100 0 ? u>i 64499:100 172.16.200.0/24 10.0.0.1 0 72 100 0 ? u>i 64499:100 172.16.250.0/24 10.0.0.1 0 72 100 0 ? u> 64499:101 192.168.101.0/32 0 33 100 32768 ? u> 64499:101 192.168.101.128/25 0 33 100 32768 ? u> 64499:102 192.168.102.0/32 0 34 100 32768 ? u> 64499:102 192.168.102.128/25 0 34 100 32768 ? u> 64499:103 192.168.103.0/32 0 35 100 32768 ? u> 64499:103 192.168.103.128/25 0 35 100 32768 ? Total entries: 14 0/ME5200:R-branch# show bgp vpnv4 unicast rd 64499:100 172.16.100.0/24 Tue Nov 14 15:56:45 2023 BGP router identifier 10.0.0.2, local AS number 64499 BGP routing table entry for 172.16.100.0/24 Path #0 AS path: RD 64499:100, 10.0.0.1 from 10.0.0.1 (10.0.0.1), Source VRF: part1 Received Label: 72 Origin incomplete, metric 0, local-pref 100, weight 0, not-tracked, internal, best Address family: ipv4/vpn NLRI pathID: 0 Aggregator AS: 0, Address: 0.0.0.0, Atomic aggregate: absent Extended Community: RT 64499:101 (0.0.0.101) <============= Атрибут RT, назначенный при редистрибуции Is not stale, is not history Route flap penalty: 0, flap count 0, is not suppressed Route flap time left: 00:00:00, time start: never Route is not ECMP Total entries: 1 0/ME5200:R-branch# show bgp vpnv4 unicast rd 64499:100 172.16.250.0/24 Tue Nov 14 15:56:55 2023 BGP router identifier 10.0.0.2, local AS number 64499 BGP routing table entry for 172.16.250.0/24 Path #0 AS path: RD 64499:100, 10.0.0.1 from 10.0.0.1 (10.0.0.1), Source VRF: part3 Received Label: 72 Origin incomplete, metric 0, local-pref 100, weight 0, not-tracked, internal, best Address family: ipv4/vpn NLRI pathID: 0 Aggregator AS: 0, Address: 0.0.0.0, Atomic aggregate: absent Extended Community: RT 64499:103 (0.0.0.103) <============= Атрибут RT, назначенный при редистрибуции Is not stale, is not history Route flap penalty: 0, flap count 0, is not suppressed Route flap time left: 00:00:00, time start: never Route is not ECMP Total entries: 1 0/ME5200:R-branch#
Маршруты в VRF common на маршрутизаторе R-main
0/ME5100revX:R-main# show route vrf common Tue Nov 14 16:04:22 2023 Codes: C - connected, S - static, O - OSPF, B - BGP, L - local IA - OSPF inter area, EA - OSPF intra area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, LE1 - IS-IS level1 external, LE2 - IS-IS level2 external BI - BGP internal, BE - BGP external, BV - BGP vpn, BL - BGP labeled, R - RIP S 172.16.100.0/24 via 192.168.100.130 [1/1], 03d23h47m, te0/0/15.100 S 172.16.150.0/24 via 192.168.100.130 [1/1], 03d23h47m, te0/0/15.100 S 172.16.200.0/24 via 192.168.100.130 [1/1], 03d23h47m, te0/0/15.100 S 172.16.250.0/24 via 192.168.100.130 [1/1], 03d23h47m, te0/0/15.100 L 192.168.100.0/32 is directly connected, 04d01h17m, lo100 C 192.168.100.128/25 is directly connected, 03d23h53m, te0/0/15.100 L 192.168.100.129/32 is directly connected, 03d23h53m, te0/0/15.100 B BV 192.168.101.0/32 via 10.0.0.2 [200/0], 01h09m21s B BV 192.168.101.128/25 via 10.0.0.2 [200/0], 01h09m21s B BV 192.168.102.0/32 via 10.0.0.2 [200/0], 01h09m21s B BV 192.168.102.128/25 via 10.0.0.2 [200/0], 01h09m21s B BV 192.168.103.0/32 via 10.0.0.2 [200/0], 01h09m21s B BV 192.168.103.128/25 via 10.0.0.2 [200/0], 01h09m21s Total entries: 13