BGP Virtual Private Network Commands

OcNOS DC : Layer 3 Guide : Border Gateway Protocol Command Reference : BGP Virtual Private Network Commands

This chapter describes the BGP Virtual Private Network (VPN) configuration commands.

• address-family (see address-family in Chapter 1, BGP Commands)

• bgp inbound-route-filter

• exit-address-family (see exit-address-family in Chapter 1, BGP Commands)

• export map

• import map

• ip vrf

• neighbor activate (see neighbor activate in Chapter 1, BGP Commands)

• neighbor allow-ebgp-vpn

• neighbor allowas-in (see neighbor allowas-in in Chapter 1, BGP Commands)

• neighbor as-origination-interval (see neighbor as-origination-interval in Chapter 1, BGP Commands)

• neighbor as-override

• neighbor description (see neighbor description in Chapter 1, BGP Commands)

• neighbor remote-as (see neighbor remote-as in Chapter 1, BGP Commands)

• neighbor send-community (see neighbor send-community in Chapter 1, BGP Commands)

• neighbor shutdown (see neighbor shutdown in Chapter 1, BGP Commands)

• neighbor soo

• redistribute (see redistribute in Chapter 1, BGP Commands)

• rd (route distinguisher)

• route-target

bgp inbound-route-filter

Use this command to control the filtering of received VPN routes with route-target extended community attributes. The inbound route filtering is applicable for both bgp inbound-route-filter and route-target import commands.

When a router is configured as EVPN Route-Reflector, it exchanges VRF routing information with a route distinguisher and route-target extended communities.

By default, OcNOS discards the received routes that does not match the local IP/MAC VRF’s route-target import value. We can use command no bgp inbound-route-filter to override this behavior.

When the local box is acting as a EVPN route-reflector and not in the forwarding path, it may not be
configured with an IP/MAC VRF terminations. In such case, no bgp inbound-route-filter is required to be configured to keep all the routes into RD (route-distinguisher) table.

Command Syntax

bgp inbound-route-filter

no bgp inbound-route-filter

Parameter

None

Default

By default, OcNOS does not import routing information that does not match the local IP or MAC VRF’s route-target import value.

Command Mode

Router mode

Applicability

This command was introduced before OcNOS version 1.3.

Examples

#configure terminal

(config)#router bgp 100

(config-router)#bgp inbound-route-filter

export map

This command assigns a route map to the VRF. This map is applied for routing information exported to another PE or VRF.

Use this command when an application requires finer control over the routes exported to another VRF or PE than provided by the import and export extended communities. You can filter routes that are eligible for export to another VRF or PE through the use of a route map. The route map can deny access to selected routes from a community that is on the export list.

Note: Only match rules (deny/permit) are applied for exported routes, set rules will not apply.

Use the no command to remove the map.

Command Syntax

export map WORD

no export map

Parameters

WORD

Route map

Default

No default value is specified

Command Mode

VRF mode

Applicability

This command was introduced in OcNOS version 4.1.

Examples

(config)#ip vrf myVRF

(config-vrf)#export map set-pref

(config-vrf)#

import map

This command assigns a route map to the VRF. This map is applied for routing information imported from another PE or VRF.

Use this command when an application requires finer control over the routes imported into a VRF than provided by the import and export extended communities. You can filter routes that are eligible for import into a VRF through the use of a route map.The route map can deny access to selected routes from a community that is on the import list.

Use the no option with this command to remove the map.

Command Syntax

import map WORD

no import map

Parameter

WORD

Route map

Default

No default value is specified

Command Mode

VRF mode

Applicability

This command was introduced before OcNOS version 1.3.

Examples

(config)#ip vrf myVRF

(config-vrf)#import map set-pref

(config-vrf)#

ip vrf

Use this command to assign a VPN Routing Forwarding (VRF) instance.

Use the no option with this command to remove the VRF from the instance.

Command Syntax

ip vrf WORD

no ip vrf WORD

Parameter

WORD

Name of the VRF instance

Default

No default value is specified

Command Mode

Configure mode

Applicability

This command was introduced before OcNOS version 1.3.

Command Example

(config)#ip vrf myVRF

(config-vrf)#

neighbor allow-ebgp-vpn

Use this command to allow an eBGP neighbor to be a VPN peer. By default, BGP VPN functionality is allowed only for iBGP peers.

Use the no parameter with this command to remove the configuration.

Command Syntax

neighbor (A.B.C.D|X:X::X:X|WORD) allow-ebgp-vpn

no neighbor (A.B.C.D|X:X::X:X|WORD) allow-ebgp-vpn

Parameters

A.B.C.D

Address of the BGP neighbor in IPv4 format

X:X::X:X

Address of the BGP neighbor in IPv6 format

WORD

Name of a BGP peer group created with the neighbor WORD peer-group command. When you specify this parameter, the command applies to all peers in the group.

Default

By default, BGP VPN functionality is allowed only for iBGP peers

Command Mode

Address Family-vpnv6 mode

Applicability

This command was introduced before OcNOS version 1.3.

Examples

(config)#router bgp 200

(config-router)#neighbor 66.66.66.66 remote-as 100

(config-router)#neighbor 66.66.66.66 update-source lo

(config-router-af)#neighbor 66.66.66.66 allow-ebgp-vpn

(config-router-af)#neighbor 66.66.66.66 activate

(config-router-af)#exit-address-family

neighbor as-override

Use this command to configure a provider edge (PE) router to override the autonomous system number (ASN) of a site with the ASN of a provider. BGP normally ignores routes from the same autonomous system. However, this command is used so that the Customer Edge (CE) routers router accepts and installs routes from the same autonomous system.

Typically, this command is used when CE routers have the same ASN in some or all sites. As per BGP requirement, a BGP speaker rejects a route that has the same ASN as itself in the AS_PATH attribute. Thus the CE routers having the same ASN do not accept routes from each other. Giving this command on the PE router removes the CE neighbor’s ASN from the AS_PATH attribute allowing CE routers with the same ASN to accept routes from each other.

Use the no parameter with this command to remove VPN IPv4 prefixes from a specified router.

Command Syntax

neighbor (A.B.C.D|X:X::X:X|WORD) as-override

no neighbor (A.B.C.D|X:X::X:X|WORD) as-override

Parameters

A.B.C.D

Address of the BGP neighbor in IPv4 format

X:X::X:X

Address of the BGP neighbor in IPv6 format

WORD

Name of a BGP peer group created with the neighbor WORD peer-group command. When you specify this parameter, the command applies to all peers in the group.

Default

By default, neighbor as override is disabled

Command Mode

Address Family-vrf mode

Applicability

This command was introduced before OcNOS version 1.3.

Examples

#configure terminal

(config)#router bgp 7657

(config-router)#address-family ipv4 vrf VRF_A

(config-router-af)#neighbor 10.10.0.1 as-override

#configure terminal

(config)#router bgp 7657

(config-router)#address-family ipv6 vrf VRF_A

(config-router-af)#neighbor 3ffe:15:15:15:15::0 as-override

neighbor send-community

Use this command to send the extended-community attribute to a customer edge router. In VPN, the route-distinguisher and route-target are encoded in BGP extended-community.

Command Syntax

no neighbor (A.B.C.D|X:X::X:X|WORD) send-community

no neighbor (A.B.C.D|X:X::X:X|WORD) send-community (both|extended|standard)

neighbor (A.B.C.D|X:X::X:X|WORD) send-community

neighbor (A.B.C.D|X:X::X:X|WORD) send-community (both|extended|standard)

Parameters

A.B.C.D

Address of the BGP neighbor in an IPv4 format

X:X::X:X

Address of the BGP neighbor in an IPv6 format

WORD

Name of a BGP peer group created with the neighbor WORD peer-group command. When you specify this parameter, the command applies to all peers in the group.

both

Send standard and extended community attributes

extended

Send extended community attributes

standard

Send standard community attributes

Default

By default, both communities (standard and extended) are sent to every BGP neighbor.

Command Mode

Address Family Unicast mode and Address Family VRF mode.

Applicability

This command was introduced before OcNOS version 1.3.

Examples

(config)#router bgp 100

(config-router)#address-family ipv4 vrf VRF_A

(config-router-af)#neighbor 10.10.10.1 remote-as 200

(config-router-af)#no neighbor 10.10.0.1 send-community extended

neighbor soo

Use this command to enable the site-of-origin (SOO) feature. If the customer AS is multi-homed to the ISP, this command ensures that the PE does not advertise the routes back to the same AS.

Use the no parameter with this command to disable this feature.

Command Syntax

neighbor (A.B.C.D|X:X::X:X|WORD) soo AS:nn_or_IP:nn

no neighbor (A.B.C.D|X:X::X:X|WORD) soo

Parameters

A.B.C.D

Address of the BGP neighbor in IPv4 format

X:X::X:X

Address of the BGP neighbor in IPv6 format

WORD

Name of a BGP peer group created with the neighbor WORD peer-group command. When you specify this parameter, the command applies to all peers in the group.

ASN:nn_or_IP-address:nn

An AS number and an arbitrary number (for example, 100:1), or a 32-bit IP address and an arbitrary number (for example, 192.16.10.1:1).

Default

By default, the site-of-origin (SOO) feature is disabled.

Command Mode

Address Family VRF mode

Applicability

This command was introduced before OcNOS version 1.3.

Examples

(config)#router bgp 100

(config-router)#address-family ipv4 vrf VRF_A

(config-router-af)#neighbor 1.1.1.1 remote-as 200

(config-router-af)#neighbor 10.10.0.1 soo 100:1

rd (route distinguisher)

Use this command to assign a route distinguisher (RD) for the VRF. The route distinguisher value must be a unique value on the router.

This command creates routing and forwarding tables and specifies the default RD for a VPN. The RD is added to the customer's IPv4 prefixes, changing them into globally unique VPN-IPv4 prefixes.

Use no form command to remove the RD configuration.

Note: RD configuration cannot be changed, it needs to be removed and added back with new value. When RD configuration is removed the RT configuration is also lost and needs to be reconfigured.

Command Syntax

rd ASN:nn_or_IP-address:nn

no rd ASN:nn_or_IP-address:nn

Parameters

ASN:nn_or_IP-address:nn

AS number and an arbitrary number (for example, 100:1). Otherwise, specify a 32-bit IP address and an arbitrary number (for example, 192.16.10.1:1).

Default

No default value is specified

Command Mode

VRF mode

Applicability

This command was introduced before OcNOS version 1.3.

Examples

(config)#ip vrf VRF_A

(config-vrf)#rd 100:1

route-target

Use this command to add a list of import and export route-target extended communities to the VRF.

This command creates lists of import and export route-target extended communities for the VRF. It specifies a target VPN extended community. Execute the command once for each community. All routes with the specific route-target extended community are imported into all VRFs with the same extended community as an import route-target.

Use the no parameter with this command to delete a route target.

Command Syntax

route-target (import|export|both) ASN:nn_or_IP-address:nn

no route-target (import|export|both) ASN:nn_or_IP-address:nn

Parameters

import

Import routing information

export

Export routing information

both

Import and export routing information

ASN:nn_or_IP-address:nn

AS number and an arbitrary number (for example, 100:1). Otherwise, specify a 32-bit IP address and an arbitrary number (for example, 192.16.10.1:1).

Default

No default value is specified

Command Mode

VRF mode

Applicability

This command was introduced before OcNOS version 1.3.

Examples

(config)#ip vrf VRF_A

(config-vrf)#route-target both 100:10

(config)#ip vrf VRF_A

(config-vrf)#route-target import 100:20