BGP Virtual Private Network Commands
This chapter describes the BGP Virtual Private Network (VPN) configuration commands.
bgp external-route-leak
Use this command to control the external route leaking. An external imported route (those received from VPN neighbor and imported to an IP-VRF) is further leaked to another IP-VRF. The route-target exports the source VRF, matches the route-target, and imports the destination VRF.
Use the no parameter with this command to disable external route leaking.
External route leaking is only supported for BGP EVPN routes. It is not support for other types of VPN routes.
Command Syntax
bgp external-route-leak
no bgp external-route-leak
Parameters
None
Default
Enable
Command Mode
Router mode
Applicability
This command was introduced in OcNOS version 6.3.4
Examples
OcNOS#configure terminal
(config)#router bgp 100
(config-router)#no bgp external-route-leak
bgp inbound-route-filter
Use this command to control the filtering of received VPN routes with route-target extended community attributes. The inbound route filtering is applicable for both bgp inbound-route-filter and route-target import commands.
When a router is configured as EVPN Route-Reflector, it exchanges VRF routing information with a route distinguisher and route-target extended communities.
By default, OcNOS discards the received routes that does not match the local IP/MAC VRF’s route-target import value. We can use command no bgp inbound-route-filter to override this behavior.
When the local box is acting as a EVPN route-reflector and not in the forwarding path, it may not be
configured with an IP/MAC VRF terminations. In such case, no bgp inbound-route-filter is required to be configured to keep all the routes into RD (route-distinguisher) table.
Command Syntax
bgp inbound-route-filter
no bgp inbound-route-filter
Parameters
None
Default
By default, OcNOS does not import routing information that does not match the local IP or MAC VRF’s route-target import value.
Command Mode
Router mode
Applicability
This command was introduced before OcNOS version 1.3.
Examples
#configure terminal
(config)#router bgp 100
(config-router)#bgp inbound-route-filter
export map
This command assigns a route map to the VRF. This map is applied for routing information exported to another PE or VRF.
Use this command when an application requires finer control over the routes exported to another VRF or PE than provided by the import and export extended communities. You can filter routes that are eligible for export to another VRF or PE through the use of a route map. The route map can deny access to selected routes from a community that is on the export list.
Note: Only match rules (deny/permit) are applied for exported routes, set rules will not apply.
Use the no command to remove the map.
Command Syntax
export map WORD
no export map
Parameters
WORD
Route map
Default
No default value is specified
Command Mode
VRF mode
Applicability
This command was introduced in OcNOS version 4.1.
Examples
(config)#ip vrf myVRF
(config-vrf)#export map set-pref
(config-vrf)#
import map
This command assigns a route map to the VRF. This map is applied for routing information imported from another PE or VRF.
Use this command when an application requires finer control over the routes imported into a VRF than provided by the import and export extended communities. You can filter routes that are eligible for import into a VRF through the use of a route map.The route map can deny access to selected routes from a community that is on the import list.
Use the no option with this command to remove the map.
Command Syntax
import map WORD
no import map
Parameters
WORD
Route map
Default
No default value is specified
Command Mode
VRF mode
Applicability
This command was introduced before OcNOS version 1.3.
Examples
(config)#ip vrf myVRF
(config-vrf)#import map set-pref
(config-vrf)#
ip vrf
Use this command to assign a VPN Routing Forwarding (VRF) instance.
Use the no option with this command to remove the VRF from the instance.
Command Syntax
ip vrf WORD
no ip vrf WORD
Parameter
WORD
Name of the VRF instance
Default
No default value is specified
Command Mode
Configure mode
Applicability
This command was introduced before OcNOS version 1.3.
Command Example
(config)#ip vrf myVRF
(config-vrf)#
neighbor allow-ebgp-vpn
Use this command to allow an eBGP neighbor to be a VPN peer. By default, BGP VPN functionality is allowed only for iBGP peers.
Use the no parameter with this command to remove the configuration.
Command Syntax
neighbor (A.B.C.D|X:X::X:X|WORD) allow-ebgp-vpn
no neighbor (A.B.C.D|X:X::X:X|WORD) allow-ebgp-vpn
Parameters
A.B.C.D
Address of the BGP neighbor in IPv4 format
X:X::X:X
Address of the BGP neighbor in IPv6 format
WORD
Name of a BGP peer group created with the
neighbor WORD peer-group command. When you specify this parameter, the command applies to all peers in the group.
Default
By default, BGP VPN functionality is allowed only for iBGP peers
Command Mode
Address Family-vpnv6 mode
Applicability
This command was introduced before OcNOS version 1.3.
Examples
(config)#router bgp 200
(config-router)#neighbor 66.66.66.66 remote-as 100
(config-router)#neighbor 66.66.66.66 update-source lo
(config-router-af)#neighbor 66.66.66.66 allow-ebgp-vpn
(config-router-af)#neighbor 66.66.66.66 activate
(config-router-af)#exit-address-family
neighbor as-override
Use this command to configure a provider edge (PE) router to override the autonomous system number (ASN) of a site with the ASN of a provider. BGP normally ignores routes from the same autonomous system. However, this command is used so that the Customer Edge (CE) routers router accepts and installs routes from the same autonomous system.
Typically, this command is used when CE routers have the same ASN in some or all sites. As per BGP requirement, a BGP speaker rejects a route that has the same ASN as itself in the AS_PATH attribute. Thus the CE routers having the same ASN do not accept routes from each other. Giving this command on the PE router removes the CE neighbor’s ASN from the AS_PATH attribute allowing CE routers with the same ASN to accept routes from each other.
Use the no parameter with this command to remove VPN IPv4 prefixes from a specified router.
Command Syntax
neighbor (A.B.C.D|X:X::X:X|WORD) as-override
no neighbor (A.B.C.D|X:X::X:X|WORD) as-override
Parameters
A.B.C.D
Address of the BGP neighbor in IPv4 format
X:X::X:X
Address of the BGP neighbor in IPv6 format
WORD
Name of a BGP peer group created with the
neighbor WORD peer-group command. When you specify this parameter, the command applies to all peers in the group.
Default
By default, neighbor as override is disabled
Command Mode
Address Family-vrf mode
Applicability
This command was introduced before OcNOS version 1.3.
Examples
#configure terminal
(config)#router bgp 7657
(config-router)#address-family ipv4 vrf VRF_A
(config-router-af)#neighbor 10.10.0.1 as-override
#configure terminal
(config)#router bgp 7657
(config-router)#address-family ipv6 vrf VRF_A
(config-router-af)#neighbor 3ffe:15:15:15:15::0 as-override
neighbor send-community
Use this command to send the extended-community attribute to a customer edge router. In VPN, the route-distinguisher and route-target are encoded in BGP extended-community.
Command Syntax
no neighbor (A.B.C.D|X:X::X:X|WORD) send-community
no neighbor (A.B.C.D|X:X::X:X|WORD) send-community (both|extended|standard)
neighbor (A.B.C.D|X:X::X:X|WORD) send-community
neighbor (A.B.C.D|X:X::X:X|WORD) send-community (both|extended|standard)
Parameters
A.B.C.D
Address of the BGP neighbor in an IPv4 format
X:X::X:X
Address of the BGP neighbor in an IPv6 format
WORD
Name of a BGP peer group created with the
neighbor WORD peer-group command. When you specify this parameter, the command applies to all peers in the group.
both
Send standard and extended community attributes
extended
Send extended community attributes
standard
Send standard community attributes
Default
By default, both communities (standard and extended) are sent to every BGP neighbor.
Command Mode
Address Family Unicast mode and Address Family VRF mode.
Applicability
This command was introduced before OcNOS version 1.3.
Examples
(config)#router bgp 100
(config-router)#address-family ipv4 vrf VRF_A
(config-router-af)#neighbor 10.10.10.1 remote-as 200
(config-router-af)#no neighbor 10.10.0.1 send-community extended
neighbor soo
Use this command to enable the site-of-origin (SOO) feature. If the customer AS is multi-homed to the ISP, this command ensures that the PE does not advertise the routes back to the same AS.
Use the no parameter with this command to disable this feature.
Command Syntax
neighbor (A.B.C.D|X:X::X:X|WORD) soo AS:nn_or_IP:nn
no neighbor (A.B.C.D|X:X::X:X|WORD) soo
Parameters
A.B.C.D
Address of the BGP neighbor in IPv4 format
X:X::X:X
Address of the BGP neighbor in IPv6 format
WORD
Name of a BGP peer group created with the
neighbor WORD peer-group command. When you specify this parameter, the command applies to all peers in the group.
ASN:nn_or_IP-address:nn
An AS number and an arbitrary number (for example, 100:1), or a 32-bit IP address and an arbitrary number (for example, 192.16.10.1:1).
Default
By default, the site-of-origin (SOO) feature is disabled.
Command Mode
Address Family VRF mode
Applicability
This command was introduced before OcNOS version 1.3.
Examples
(config)#router bgp 100
(config-router)#address-family ipv4 vrf VRF_A
(config-router-af)#neighbor 1.1.1.1 remote-as 200
(config-router-af)#neighbor 10.10.0.1 soo 100:1
rd (route distinguisher)
Use this command to assign a route distinguisher (RD) for the VRF. The route distinguisher value must be a unique value on the router.
This command creates routing and forwarding tables and specifies the default RD for a VPN. The RD is added to the customer's IPv4 prefixes, changing them into globally unique VPN-IPv4 prefixes.
Use no form command to remove the RD configuration.
Note: RD configuration cannot be changed, it needs to be removed and added back with new value. When RD configuration is removed the RT configuration is also lost and needs to be reconfigured.
Command Syntax
rd ASN:nn_or_IP-address:nn
no rd ASN:nn_or_IP-address:nn
Parameters
ASN:nn_or_IP-address:nn
AS number and an arbitrary number (for example, 100:1). Otherwise, specify a 32-bit IP address and an arbitrary number (for example, 192.16.10.1:1).
Default
No default value is specified
Command Mode
VRF mode
Applicability
This command was introduced before OcNOS version 1.3.
Examples
(config)#ip vrf VRF_A
(config-vrf)#rd 100:1
route-target
Use this command to add a list of import and export route-target extended communities to the VRF.
This command creates lists of import and export route-target extended communities for the VRF. It specifies a target VPN extended community. Execute the command once for each community. All routes with the specific route-target extended community are imported into all VRFs with the same extended community as an import route-target.
Use the no parameter with this command to delete a route target.
Command Syntax
route-target (import|export|both) ASN:nn_or_IP-address:nn
no route-target (import|export|both) ASN:nn_or_IP-address:nn
Parameters
import
Import routing information
export
Export routing information
both
Import and export routing information
ASN:nn_or_IP-address:nn
AS number and an arbitrary number (for example, 100:1). Otherwise, specify a 32-bit IP address and an arbitrary number (for example, 192.16.10.1:1).
Default
No default value is specified
Command Mode
VRF mode
Applicability
This command was introduced before OcNOS version 1.3.
Examples
(config)#ip vrf VRF_A
(config-vrf)#route-target both 100:10
(config)#ip vrf VRF_A
(config-vrf)#route-target import 100:20