Rd

The VPN prefixes are propagated across the MPLS VPN network by Multiprotocol BGP (MP-BGP). The problem is that when BGP carries these IPv4 prefixes across the service provider network, they must be unique. If the customers had overlapping IP addressing, the routing would be wrong. To solve this problem, the concept of RDs was conceived to make IPv4 prefixes unique. The basic idea is that each prefix from each customer receives a unique identifier (the RD) to distinguish the same prefix from different customers. A prefix derived from the combination of the IPv4 prefix and the RD is called a vpnv4 prefix. MP-BGP needs to carry these vpnv4 prefixes between the PE routers.

NOTE MP-BGP is explained in the section "BGP" later in this chapter.

An RD is a 64-bit field used to make the VRF prefixes unique when MP-BGP carries them. The RD does not indicate which VRF the prefix belongs to. The function of the RD is not that of a VPN identifier, because some more complex VPN scenarios might require more than one RD per VPN. Each VRF instance on the PE router must have one RD assigned to it. This 64-bit value can have two formats: ASN:nn or IP-address:nn, where nn represents a number. The most commonly used format is ASN:nn, where ASN stands for autonomous system number. Usually, the service provider uses ASN:nn, where ASN is the autonomous system number that the Internet Assigned Numbers Authority (IANA) assigns to the service provider and nn is the number that the service provider uniquely assigns to the VRF. The RD does not impose semantics; it is just used to uniquely identify the VPN routes. This is needed because the IPv4 routes from one customer might be overlapping with the IPv4 routes from another. The combination of the RD with the IPv4 prefix provides a vpnv4 prefix, of which the address is 96 bits long. The mask is 32 bits long, just as it is for an IPv4

prefix. If you take an IPv4 prefix 10.1.1.0/24 and an RD 1:1, the vpnv4 prefix becomes 1:1:10.1.1.0/24.

One customer might use different RDs for the same IPv4 route. When a VPN site is connected to two PE routers, routes from the VPN site might get two different RDs, depending on which PE router the routes are received. Each IPv4 route would get two different RDs assigned and would have two completely different vpnv4 routes. This would allow BGP to see them as different routes and apply a different policy to the routes. Example 7-2 shows how to configure the RD in Cisco IOS.

Example 7-2 Configuring an RD

sydney#conf t

Enter configuration commands, one per line. End with CNTL/Z. sydney(config)#ip vrf ?

WORD VPN Routing/Forwarding instance name sydney(config)#ip vrf cust-one sydney(config-vrf)#rd ?

ASN:nn or IP-address:nn VPN Route Distinguisher sydney(config-vrf)#rd 1:1

If RDs were just used to indicate the VPN, communication between sites of different VPNs would be problematic. A site of Company A would not be able to talk to a site of Company B because the RDs would not match. The concept of having sites of Company A being able to talk to sites of Company B is called extranet VPN. The simple case of communication between sites of the same company—the same VPN—is called intranet. The communication between sites is controlled by another MPLS VPN feature called RTs.

An RT is a BGP extended community that indicates which routes should be imported from MP-BGP into the VRF. Exporting an RT means that the exported vpnv4 route receives an additional BGP extended community—this is the RT—as configured under ip vrf on the PE router, when the route is redistributed from the VRF routing table into MP-BGP. Importing an RT means that the received vpnv4 route from MP-BGP is checked for a matching extended community—this is the route target—with the ones in the configuration. If the result is a match, the prefix is put into the VRF routing table as an IPv4 route. If a match does not occur, the prefix is rejected. The command to configure RTs for a VRF is route-target {import I export I both} route-target-ext-community. The keyword both indicates both import and export.

Figure 7-4 shows that the RTs control which routes are imported into which VRFs from the remote PE routers and with which RTs the vpnv4 routes are exported toward the remote PE routers. More than one RT might be attached to the vpnv4 route. For the import into the VRF to be permitted, only one RT from the vpnv4 route needs to be matched with the configuration of the imported RTs under the ip vrf section on the PE router.

Figure 7-4 RTs

Cer Mica Campaniforme

Import 1:100

Example 7-3 shows how to configure RTs in Cisco IOS.

Example 7-3 Configuring RTs sydney#conf t

Enter configuration commands, one per line. End with CNTL/Z. sydney(config)#ip vrf cust-one sydney(config-vrf)#route-target ? ASN:nn or IP-address:nn Target VPN Extended Community both Both import and export Target-VPN community export Export Target-VPN community import Import Target-VPN community sydney(config-vrf)#route-target both 1:1

The RD and the RTs then define the VRF cust-one, as you can see in Example 7-4. Example 7-4 VRF Configuration ip vrf cust-one rd 1:1

route-target export 1:1 route-target import 1:1

When configuring a VRF with several sites that belong to one VPN, without having to communicate to sites belonging to another VPN, you just need to configure one RT to be imported and exported on all the PE routers with a site belonging to that VRF. This is the simple case of an intranet. When you have sites belonging to one VPN that need to be able to communicate with sites from another VPN (the extranet case), pay attention to the way to configure the RTs correctly. Figure 7-5 shows an extranet example.

Figure 7-5 Extranet Example

Figure 7-5 Extranet Example

Obviously, Site A and Site B from the VRF cust-one should be able to communicate with each other. The same holds true for Sites A and B of the VRF cust-two. The RT that VPN cust-one uses is 1:1. The RT that VPN cust-two uses is 1:2. Now imagine that Site A only of VRF cust-one needs to talk to Site A only of VRF cust-two. This is perfectly possible and is determined by configuring the RTs accordingly. The RT 100:1 is imported and exported for Site A of vrf cust-one and cust-two on PE1 and PE2 to achieve this. This is called an extranet. Figure 7-6 shows the same network as in Figure 7-5, but with the RTs.

Figure 7-6 Extranet Example with RTs

Figure 7-6 Extranet Example with RTs

Look at Example 7-5 for the configuration needed on the PE routers.

Example 7-5 Configuring RTs for Extranet

PE1:

ip vrf cust-one

Example 7-5 Configuring RTs for Extranet

PE1:

ip vrf cust-one

rd 1:1

route

target

export

1 : 1

route

target

export

100:1

route

target

import

1:1

route

target

import

PE2:

! continues

Example 7-5 Configuring RTs for Extranet (Continued)

ip vrf cust-two rd 1:2

route-target export 1:2

route-target export 100:1

route-target import 1:2

route-target import 100:1

Example 7-6 shows a route 10.10.100.1/32. It is a route with RD 1:1 (VRF cust-one) that is imported into the VRF cust-two and becomes a vpnv4 route with RD 1:2.

Example 7-6 Extranet Route

PE1#show ip bgp vpnv4 all 10.10.100.1

BGP routing table entry for 1:1:10.10.100.1/32, version 40 Paths: (1 available, best #1, table cust-one) Advertised to update-groups: 3

65001

Origin IGP, metric 0, localpref 100, valid, external, best Extended Community: RT:1:1 RT:100:1, mpls labels in/out 45/nolabel BGP routing table entry for 1:2:10.10.100.1/32, version 41 Paths: (1 available, best #1, table cust-two) Not advertised to any peer

65001, imported path from 1:1:10.10.100.1/32 10.10.2.1 from 10.10.2.1 (192.168.1.1)

Origin IGP, metric 0, localpref 100, valid, external, best Extended Community: RT:1:1 RT:100:1

You might not want two VRFs to exchange all the routes. The number of routes leaked from one VRF to another can be limited by configuring an import or export map under ip vrf, which uses a route map to further filter routes. Refer to the later section "CE Management" for more details on how to set this up.

Micro Expression Master

Micro Expression Master

If You Could Read Everyone Life A Book You Can Have Better Career, Great Relationships And Become Successful. This Book Is One Of The Most Valuable Resources In The World When It Comes To Reading the smallest and tiniest body Language and know what people are thinking about.

Get My Free Ebook


Post a comment