Maximum Allowed VRF FIB Routes in BGP/MPLS L3VPN Configuration
Overview
Virtual Routing and Forwarding (VRF) in BGP/MPLS L3VPN enables multiple isolated routing tables within a single physical router, ensuring secure and independent routing for different customers. VRF instances maintain routing and forwarding information by importing routes from connected Customer Edge (CE) devices and remote VPN sites via MP-BGP PE routers. Each VRF can run its own routing protocols, such as OSPF, IS-IS, or E-BGP, enhancing isolation.
To optimize routing resources, a maximum route limit can be configured per VRF. This provides ability to control the number of imported dynamic routes that appear in the forwarding information base (FIB). When this limit is reached, new dynamic routes remain pending, while static and connected routes continue contributing to the total count. A threshold-based NetConf notification and syslog warning message can notify administrators when the route count approaches the limit, ensuring efficient resource management and maintaining network stability.
Feature Characteristics
This feature enhances BGP/MPLS L3VPN scalability by allowing per-VRF route limits, ensuring independent routing tables for each VPN instance. It applies limits only to dynamic routes while accounting for static and connected routes in the total count. A threshold-based NetConf notification and syslog warning message notifies administrators when the route count nears the limit and clears once it drops below, ensuring efficient resource management.
• Per-VRF Route Limit Configuration: Allows administrators to set a maximum number of dynamic routes that can be installed in the VRF FIB.
• Isolation of Routing Tables: Ensures that each VRF instance maintains its own independent routing table without interference from other VPN instances.
• Support for Dynamic, Static, and Connected Routes: The maximum route limit applies only to dynamic routes, while static and connected routes contribute to the total route count.
• Threshold-Based NetConf Notification and Syslog Warning Message: Generates a NetConf notification and syslog warning message when the number of installed routes reaches a configurable percentage of the maximum limit. The NetConf notification and syslog warning message clears once the count drops below the threshold.
Benefits
• Optimized Resource Utilization: Prevents a single VRF from consuming excessive hardware routing table space, ensuring fair allocation across multiple VPN instances.
• Enhanced Network Stability: Enforces a configurable route limit to prevent routing table exhaustion and unexpected failures.
• Improved Scalability: Supports large-scale multi-tenant deployments by efficiently managing routing resources.
• Proactive Monitoring: Provides configurable threshold alerts, allowing administrators to take preventive actions before reaching critical limits.
• Better Control Over Dynamic Routes: Ensures only necessary routes are installed in the VRF FIB while maintaining seamless routing protocol operations.
• Reliable and Predictable Network Performance: Helps maintain a well-balanced network infrastructure with controlled resource usage.
• Streaming telemetry support enables continuous monitoring of the current utilization percentage and threshold exceedance status for the VRF FIB route limit, allowing administrators to take proactive actions.
Configuration
Configure the maximum number of VRF FIB routes on a networking device.
Topology
This topology represents a basic MPLS Layer 3 VPN (L3VPN) setup using VRF instances and IS-IS as the Interior Gateway Protocol (IGP). The topology consists of two Customer Edge (CE) routers, CE1 and CE2, connected to a single Provider Edge (PE1) router via different virtual routing instances. CE1 is connected to PE1 through interface xe13.3, which is associated with VRF3, while CE2 connects via xe1.3, mapped to VRF3
Max VRF FIB Routes Topology
Configuring VRF FIB Routes
The following configuration on the PE1 router defines a VRF instance (VRF3) with a maximum limit of 10 dynamic IPv4 FIB routes, applying a stop-install policy when the limit is reached and setting an 70% threshold for early warnings. It also configures interface xe13.3 with VLAN encapsulation and an IP address, ensuring proper traffic segmentation and routing within the VRF. Follow the steps below to configure the maximum number of VRF FIB routes on a networking device.
Configure PE1 router as follows:
1. To enter into config mode, execute the following command in the configure mode.
PE1#configure terminal
2. Create a VRF.
PE1(config)#ip vrf VRF3
PE1(config-vrf)#rd 11.11.11.3:3
PE1(config-vrf)#route-target both 100:3
3. Set the maximum limit of 10 IPv4 FIB routes to stop installing new routes after reaching the limit.
PE1(config-vrf)#maximum-fib-routes ipv4 10 stop-install
4. It triggers a warning log once the limit is reached.
PE1(config-vrf)#maximum-fib-routes ipv4 10 warning-only
5. Set a threshold of 70% for IPv4 FIB routes.
PE1(config-vrf)#maximum-fib-routes ipv4 threshold 70
6. Set the maximum limit of 10 IPv6 FIB routes to stop installing new routes after reaching the limit.
PE1(config-vrf)#maximum-fib-routes ipv6 10 stop-install
7. It triggers a warning log once the limit is reached.
PE1(config-vrf)#maximum-fib-routes ipv6 10 warning-only
8. Set a threshold of 70% for IPv6 FIB routes.
PE1(config-vrf)#maximum-fib-routes ipv6 threshold 70
9. Commit the changes and exit.
PE1(config-vrf)#commit
PE1(config-vrf)#exit
10. Enter the interface xe13.3 to be configured and assign the Interface to a VRF.
PE1(config)#interface xe13.3
PE1(config-if)#ip vrf forwarding VRF3
11. Enable VLAN Encapsulation (Dot1Q).
PE1(config-if)#encapsulation dot1q 3
12. Configure an IP address to the interface.
PE1(config-if)#ip address 10.1.13.1/24
13. Commit the changes and exit.
PE1(config-if)#commit
PE1(config-if)#exit
Running Configuration on PE1 Router
The running configuration on PE1 sets VRF3 with a 10-route FIB limit, an 80% threshold warning, and assigns VLAN encapsulation and an IP to interface xe13.3.
ip vrf VRF3
rd 11.11.11.3:3
route-target both 100:3
maximum-fib-routes ipv4 10 stop-install
maximum-fib-routes ipv4 threshold 70
maximum-fib-routes ipv6 10 stop-install
maximum-fib-routes ipv6 threshold 70
!
# Sub interface config
interface xe13.3
description L3VPN-6VPE-VRF3
encapsulation dot1q 3
load-interval 30
ip vrf forwarding VRF3
ip address 10.1.13.1/24
ipv6 address 2001:0:3::1/64
isis network point-to-point
ip router isis CEPE3
ipv6 router isis CEPE3
!
# ISIS config
router isis CEPE3 VRF3
is-type level-1-2
metric-style wide
net 49.0001.0000.0000.0003.00
redistribute bgp
!
address-family ipv6
redistribute bgp
exit-address-family
!
# BGP config for VRF
router bgp 1001
bgp router-id 12.12.12.1
bgp auto-policy-soft-reset enable
bgp graceful-restart
neighbor 14.14.14.1 remote-as 1001
neighbor 14.14.14.1 update-source lo
!
address-family ipv4 unicast
neighbor 14.14.14.1 activate
exit-address-family
!
address-family vpnv4 unicast
neighbor 14.14.14.1 activate
exit-address-family
!
address-family ipv4 vrf VRF3
redistribute connected
redistribute isis
exit-address-family
!
address-family ipv6 vrf VRF3
redistribute connected
redistribute isis
exit-address-family
!
Validation for PE1
Validation ensures that the Max VRF FIB Routes Implementation functions as expected by verifying route limits, isolation, and NetConf notification and syslog warning message, preventing resource exhaustion and ensuring efficient routing operations.
To Check BGP VPNv4 Peering between PE1--PE2
PE1#sh ip bgp vpnv4 all summary
BGP router identifier 12.12.12.1, local AS number 1001
BGP table version is 2
1 BGP AS-PATH entries
0 BGP community entries
Neighbor V AS MsgRcv MsgSen TblVer InQ OutQ Up/Down State/PfxRcd Desc
14.14.14.1 4 1001 177 282 2 0 0 01:07:05 11
Total number of neighbors 1
Total number of Established sessions 1
# Verify VRF Route Threshold (e.g., Max Route Limit)
PE1#show ip route vrf VRF3 summary
-----------------------------------------------
IP routing table name is VRF3(5)
-----------------------------------------------
IP routing table maximum-paths : 8
Total number of IPv4 routes : 10
Total number of IPv4 paths : 10
Pending routes (due to route max reached): 6
Route Source Networks
connected 4
static 2
isis 4
Total 10
FIB 10
ECMP statistics (active in ASIC):
Total number of IPv4 ECMP routes : 0
Total number of IPv4 ECMP paths : 0
VRF FIB Route Limits:
Configured Route Limit : 10
Utilization Percentage : 100 %
Action upon reaching limit: stop-install
Warning Threshold : 70 %
Exceeds Threshold : Yes
PE1#show ip route vrf VRF3
Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2,
ia - IS-IS inter area, E - EVPN,
v - vrf leaked
* - candidate default
IP Route Table for VRF "VRF3"
S 10.1.5.0/24 [1/0] is directly connected, xe13.3, installed 00:44:19, last update 01:17:46 ago
S 10.1.6.0/24 [1/0] is directly connected, xe13.3, installed 00:44:19, last update 01:17:46 ago
C 10.1.13.0/24 is directly connected, xe13.3, installed 00:44:19, last update 01:17:45 ago
C 10.3.1.1/32 is directly connected, loopback1, installed 00:44:19, last update 01:17:45 ago
C 10.10.2.2/32 is directly connected, loopback2, installed 00:44:19, last update 01:17:45 ago
C 127.0.0.0/8 is directly connected, lo.VRF3, installed 00:44:19, last update 01:17:56 ago
i L2 192.0.1.0/24 [115/11] via 10.1.13.111, xe13.3, installed 00:44:19, last update 01:17:32 ago
i L2 192.0.2.0/24 [115/11] via 10.1.13.111, xe13.3, installed 00:44:19, last update 01:17:32 ago
i L2 192.0.3.0/24 [115/11] via 10.1.13.111, xe13.3, installed 00:44:19, last update 01:17:32 ago
i L2 192.0.4.0/24 [115/11] via 10.1.13.111, xe13.3, installed 00:44:19, last update 01:17:32 ago
Gateway of last resort is not set
PE1#sh ip route vrf VRF3 database
all bgp connected isis kernel ospf rip static
PE1#show ip route vrf VRF3 database
Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2,
ia - IS-IS inter area, E - EVPN,
v - vrf leaked
> - selected route, * - FIB route, p - stale info
IP Route Table for VRF "VRF3"
B > 1.1.1.0/24 [200/11] via 14.14.14.1, installed 00:36:18, last update 00:36:18 ago
B > 1.1.2.0/24 [200/11] via 14.14.14.1, installed 00:36:18, last update 00:36:18 ago
B > 1.1.3.0/24 [200/11] via 14.14.14.1, installed 00:36:18, last update 00:36:18 ago
B > 1.1.4.0/24 [200/11] via 14.14.14.1, installed 00:36:18, last update 00:36:18 ago
B > 1.1.5.0/24 [200/11] via 14.14.14.1, installed 00:36:18, last update 00:36:18 ago
B > 1.1.6.0/24 [200/11] via 14.14.14.1, installed 00:36:18, last update 00:36:18 ago
B > 1.1.7.0/24 [200/11] via 14.14.14.1, installed 00:36:18, last update 00:36:18 ago
B > 1.1.8.0/24 [200/11] via 14.14.14.1, installed 00:36:18, last update 00:36:18 ago
B > 1.1.9.0/24 [200/11] via 14.14.14.1, installed 00:36:18, last update 00:36:18 ago
B > 1.1.10.0/24 [200/11] via 14.14.14.1, installed 00:36:18, last update 00:36:18 ago
S *> 10.1.5.0/24 [1/0] is directly connected, xe13.3, installed 00:44:29, last update 01:17:56 ago
S *> 10.1.6.0/24 [1/0] is directly connected, xe13.3, installed 00:44:29, last update 01:17:56 ago
C *> 10.1.13.0/24 is directly connected, xe13.3, installed 00:44:29, last update 01:17:55 ago
i L1 10.1.13.0/24 [115/10] is directly connected, xe13.3, installed 01:17:54, last update 01:17:54 ago
B > 10.1.23.0/24 [200/0] via 14.14.14.1, installed 00:36:18, last update 00:36:18 ago
C *> 10.3.1.1/32 is directly connected, loopback1, installed 00:44:29, last update 01:17:55 ago
C *> 10.10.2.2/32 is directly connected, loopback2, installed 00:44:29, last update 01:17:55 ago
C *> 127.0.0.0/8 is directly connected, lo.VRF3, installed 00:44:29, last update 01:18:06 ago
i L2 *> 192.0.1.0/24 [115/11] via 10.1.13.111, xe13.3, installed 00:44:29, last update 01:17:42 ago
i L2 *> 192.0.2.0/24 [115/11] via 10.1.13.111, xe13.3, installed 00:44:29, last update 01:17:42 ago
i L2 *> 192.0.3.0/24 [115/11] via 10.1.13.111, xe13.3, installed 00:44:29, last update 01:17:42 ago
i L2 *> 192.0.4.0/24 [115/11] via 10.1.13.111, xe13.3, installed 00:44:29, last update 01:17:42 ago
i L2 > 192.0.5.0/24 [115/11] via 10.1.13.111, xe13.3, installed 00:44:29, last update 01:17:42 ago
i L2 > 192.0.6.0/24 [115/11] via 10.1.13.111, xe13.3, installed 00:44:29, last update 01:17:42 ago
i L2 > 192.0.7.0/24 [115/11] via 10.1.13.111, xe13.3, installed 00:44:29, last update 01:17:42 ago
i L2 > 192.0.8.0/24 [115/11] via 10.1.13.111, xe13.3, installed 00:44:29, last update 01:17:42 ago
i L2 > 192.0.9.0/24 [115/11] via 10.1.13.111, xe13.3, installed 00:44:29, last update 01:17:42 ago
i L2 > 192.0.10.0/24 [115/11] via 10.1.13.111, xe13.3, installed 00:44:29, last update 01:17:42 ago
Total number of IPv4 routes 28
Gateway of last resort is not set
PE1#show rib pending-txlist ipv4 vrf VRF3
IPv4 pending:
0x02634680: 192.0.5.0/24 req(1) new_req(0) fib_notify(0) seq(0) lock(3)
0x02634830: 192.0.6.0/24 req(1) new_req(0) fib_notify(0) seq(0) lock(3)
0x026349e0: 192.0.7.0/24 req(1) new_req(0) fib_notify(0) seq(0) lock(3)
0x02634bb0: 192.0.8.0/24 req(1) new_req(0) fib_notify(0) seq(0) lock(3)
0x02652490: 192.0.9.0/24 req(1) new_req(0) fib_notify(0) seq(0) lock(3)
0x02652660: 192.0.10.0/24 req(1) new_req(0) fib_notify(0) seq(0) lock(3)
PE1#show ip bgp vpnv4 vrf VRF3
Status codes: s suppressed, d damped, h history, a add-path, b back-up, * valid, > best, i - internal, l - labeled
S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 11.11.11.3:3 (Default for VRF VRF3)
*>i 1.1.1.0/24 14.14.14.1 11 100 0 ? -
*>i 1.1.2.0/24 14.14.14.1 11 100 0 ? -
*>i 1.1.3.0/24 14.14.14.1 11 100 0 ? -
*>i 1.1.4.0/24 14.14.14.1 11 100 0 ? -
*>i 1.1.5.0/24 14.14.14.1 11 100 0 ? -
*>i 1.1.6.0/24 14.14.14.1 11 100 0 ? -
*>i 1.1.7.0/24 14.14.14.1 11 100 0 ? -
*>i 1.1.8.0/24 14.14.14.1 11 100 0 ? -
*>i 1.1.9.0/24 14.14.14.1 11 100 0 ? -
*>i 1.1.10.0/24 14.14.14.1 11 100 0 ? -
*> l 10.1.13.0/24 0.0.0.0 0 100 32768 ? -
* 0.0.0.0 10 100 32768 ? -
*>i 10.1.23.0/24 14.14.14.1 0 100 0 ? -
*> l 10.3.1.1/32 0.0.0.0 0 100 32768 ? -
*> l 10.10.2.2/32 0.0.0.0 0 100 32768 ? -
*> l 192.0.1.0 10.1.13.111 11 100 32768 ? -
*> l 192.0.2.0 10.1.13.111 11 100 32768 ? -
*> l 192.0.3.0 10.1.13.111 11 100 32768 ? -
*> l 192.0.4.0 10.1.13.111 11 100 32768 ? -
*> l 192.0.5.0 10.1.13.111 11 100 32768 ? -
*> l 192.0.6.0 10.1.13.111 11 100 32768 ? -
*> l 192.0.7.0 10.1.13.111 11 100 32768 ? -
*> l 192.0.8.0 10.1.13.111 11 100 32768 ? -
*> l 192.0.9.0 10.1.13.111 11 100 32768 ? -
*> l 192.0.10.0 10.1.13.111 11 100 32768 ? -
Announced routes count = 14
Accepted routes count = 11
PE1#ping 14.14.14.1
Press CTRL+C to exit
PING 14.14.14.1 (14.14.14.1) 100(128) bytes of data.
108 bytes from 14.14.14.1: icmp_seq=1 ttl=64 time=0.471 ms
108 bytes from 14.14.14.1: icmp_seq=2 ttl=64 time=0.351 ms
108 bytes from 14.14.14.1: icmp_seq=3 ttl=64 time=0.403 ms
108 bytes from 14.14.14.1: icmp_seq=4 ttl=64 time=0.509 ms
--- 14.14.14.1 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3087ms
rtt min/avg/max/mdev = 0.351/0.433/0.509/0.060 ms
# IPv6
PE1#show ipv6 route vrf VRF3 summary
-----------------------------------------------
IPv6 routing table name is VRF3(5)
-----------------------------------------------
IPv6 routing table maximum-paths : 8
Total number of IPv6 routes : 10
Total number of IPv6 paths : 10
Pending routes (due to route max reached): 4
Route Source Networks
connected 4
isis 6
Total 10
FIB 10
ECMP statistics (active in ASIC):
Total number of IPv6 ECMP routes : 0
Total number of IPv6 ECMP paths : 0
VRF FIB Route Limits:
Configured Route Limit : 10
Utilization Percentage : 100 %
Action upon reaching limit: stop-install
Warning Threshold : 70 %
Exceeds Threshold : Yes
PE1#show rib pending-txlist ipv6 vrf VRF3
IPv6 pending:
0x0268c600: 2000::6:0:0:0:0/64 req(1) new_req(0) fib_notify(0) seq(0) lock(3)
0x0268c7d0: 2000::7:0:0:0:0/64 req(1) new_req(0) fib_notify(0) seq(0) lock(3)
0x0268c9a0: 2000::8:0:0:0:0/64 req(1) new_req(0) fib_notify(0) seq(0) lock(3)
0x0268cb70: 2000::9:0:0:0:0/64 req(1) new_req(0) fib_notify(0) seq(0) lock(3)
# Ping VPNV4 prefixes
PE1#ping mpls l3vpn VRF3 1.1.4.0/24
Sending 5 MPLS Echos to 1.1.4.0, timeout is 5 seconds
Codes:
'!' - Success, 'Q' - request not sent, '.' - timeout,
'x' - Retcode 0, 'M' - Malformed Request, 'm' - Errored TLV,
'N' - LBL Mapping Err, 'D' - DS Mismatch,
'U' - Unknown Interface, 'R' - Transit (LBL Switched),
'B' - IP Forwarded, 'F' No FEC Found, 'f' - FEC Mismatch,
'P' - Protocol Error, 'X' - Unknown code,
'Z' - Reverse FEC Validation Failed
Type 'Ctrl+C' to abort
!
Success Rate is 100.00 percent (5/5)
PE1#ping mpls l3vpn VRF3 1.1.6.0/24
Sending 5 MPLS Echos to 1.1.6.0, timeout is 5 seconds
Codes:
'!' - Success, 'Q' - request not sent, '.' - timeout,
'x' - Retcode 0, 'M' - Malformed Request, 'm' - Errored TLV,
'N' - LBL Mapping Err, 'D' - DS Mismatch,
'U' - Unknown Interface, 'R' - Transit (LBL Switched),
'B' - IP Forwarded, 'F' No FEC Found, 'f' - FEC Mismatch,
'P' - Protocol Error, 'X' - Unknown code,
'Z' - Reverse FEC Validation Failed
Type 'Ctrl+C' to abort
!
Success Rate is 100.00 percent (5/5)
PE1#
Running Configuration on P Router
The running configuration on P.
# P Core Node
hostname 7004-P1
router ldp
router-id 13.13.13.1
transport-address ipv4 13.13.13.1
!
interface lo
ip address 127.0.0.1/8
ip address 13.13.13.1/32 secondary
ipv6 address ::1/128
ip router isis ISIS-IGP-200
!
interface xe13
load-interval 30
ip address 41.41.1.2/24
mtu 9216
label-switching
isis network point-to-point
ip router isis ISIS-IGP-200
enable-ldp ipv4
mpls ldp-igp sync-delay 30
!
interface xe17
load-interval 30
ip address 31.31.1.2/24
mtu 9216
label-switching
isis network point-to-point
ip router isis ISIS-IGP-200
enable-ldp ipv4
mpls ldp-igp sync-delay 30
!
exit
!
router isis ISIS-IGP-200
is-type level-1
net 49.0001.0100.0000.2004.00
!
!
end
Validation for P
Validation ensures that the Max VRF FIB Routes Implementation functions as expected by verifying route limits, isolation, and NetConf notification and syslog warning message, preventing resource exhaustion and ensuring efficient routing operations.
P#show ldp session
Codes: m - MD5 password is not set/unset.
g - GR configuration not set/unset.
t - TCP MSS not set/unset.
Session has to be cleared manually
Code Peer IP Address IF Name My Role State KeepAlive UpTime
12.12.12.1 xe13 Active OPERATIONAL 30 01:27:49
14.14.14.1 xe17 Passive OPERATIONAL 30 01:18:34
P#show clns neighbors
Total number of L1 adjacencies: 2
Total number of L2 adjacencies: 0
Total number of adjacencies: 2
Tag ISIS-IGP-200: VRF : default
System Id Interface SNPA State Holdtime Type Protocol
0100.0000.2001 xe13 b86a.97f5.eac8 Up 19 L1 IS-IS
0100.0000.2005 xe17 5c07.5851.1353 Up 21 L1 IS-IS
7004-P1#
Configure PE2 router as follows:
1. To enter into config mode, execute the following command in the configure mode.
PE2#configure terminal
2. Create a VRF.
PE2(config)#ip vrf VRF3
PE2(config-vrf)#rd 11.11.11.3:3
PE2(config-vrf)#route-target both 100:3
3. Set the maximum limit of 10 IPv4 FIB routes to stop installing new routes after reaching the limit.
PE2(config-vrf)#maximum-fib-routes ipv4 10 stop-install
4. It triggers a warning log once the limit is reached.
PE2(config-vrf)#maximum-fib-routes ipv4 10 warning-only
5. Set a threshold of 70% for IPv4 FIB routes.
PE2(config-vrf)#maximum-fib-routes ipv4 threshold 70
6. Set the maximum limit of 10 IPv6 FIB routes to stop installing new routes after reaching the limit.
PE2(config-vrf)#maximum-fib-routes ipv6 10 stop-install
7. Set a threshold of 70% for IPv6 FIB routes.
PE2(config-vrf)#maximum-fib-routes ipv6 threshold 70
8. It triggers a warning log once the limit is reached.
PE2(config-vrf)#maximum-fib-routes ipv6 10 warning-only
9. Commit the changes and exit.
PE2(config-vrf)#commit
PE2(config-vrf)#exit
10. Enter the interface xe1.3 to be configured and assign the Interface to a VRF.
PE2(config)#interface xe1.3
PE2(config-if)#ip vrf forwarding VRF3
11. Enable VLAN Encapsulation (Dot1Q).
PE2(config-if)#encapsulation dot1q 3
12. Configure an IP address to the interface.
PE2(config-if)#ip address 10.1.13.1/24
13. Commit the changes and exit.
PE2(config-if)#commit
PE2(config-if)#exit
Running Configuration on PE2 Router
The running configuration on PE2 sets VRF3 with a 10-route FIB limit, an 70% threshold warning, and assigns VLAN encapsulation and an IP to interface xe13.3.
ip vrf VRF3
rd 11.11.11.3:3
route-target both 100:3
maximum-fib-routes ipv4 10 stop-install
maximum-fib-routes ipv4 threshold 70
maximum-fib-routes ipv6 10 stop-install
maximum-fib-routes ipv6 threshold 70
!
# Sub interface config
interface xe1.3
description L3VPN-6VPE-VRF3
encapsulation dot1q 3
load-interval 30
ip vrf forwarding VRF3
ip address 10.1.23.1/24
ipv6 address 2001:0:4::1/64
isis network point-to-point
isis circuit-type level-1-2
ip router isis 100
ipv6 router isis 100
isis wide-metric 100
bfd interval 3 minrx 3 multiplier 3
!
# ISIS config
router isis CEPE3 VRF3
is-type level-1-2
metric-style wide
net 49.0001.0000.0000.0003.00
redistribute bgp
!
address-family ipv6
redistribute bgp
exit-address-family
# BGP config for VRF
router bgp 1001
bgp router-id 14.14.14.1
bgp auto-policy-soft-reset enable
bgp graceful-restart
neighbor 12.12.12.1 remote-as 1001
neighbor 12.12.12.1 update-source 14.14.14.1
!
address-family ipv4 unicast
neighbor 12.12.12.1 activate
exit-address-family
!
address-family vpnv4 unicast
neighbor 12.12.12.1 activate
exit-address-family
!
address-family ipv4 vrf VRF3
redistribute connected
redistribute isis
exit-address-family
!
address-family ipv6 vrf VRF3
redistribute connected
redistribute isis
exit-address-family
!
Validation for PE2
Validation ensures that the Max VRF FIB Routes Implementation functions as expected by verifying route limits, isolation, and NetConf notification and syslog warning message, preventing resource exhaustion and ensuring efficient routing operations.
PE2#show ip bgp vpnv4 all summary
BGP router identifier 14.14.14.1, local AS number 1001
BGP table version is 2
1 BGP AS-PATH entries
0 BGP community entries
Neighbor V AS MsgRcv MsgSen TblVer InQ OutQ Up/Down State/PfxRcd Desc
12.12.12.1 4 1001 163 106 2 0 0 00:42:55 116
Total number of neighbors 1
Total number of Established sessions 1
# Verify VRF Route Threshold (e.g., Max Route Limit)
PE2#show ip route vrf VRF3 summary
-----------------------------------------------
IP routing table name is VRF3(4)
-----------------------------------------------
IP routing table maximum-paths : 8
Total number of IPv4 routes : 10
Total number of IPv4 paths : 10
Pending routes (due to route max reached): 2
Route Source Networks
connected 2
isis 8
Total 10
FIB 10
ECMP statistics (active in ASIC):
Total number of IPv4 ECMP routes : 0
Total number of IPv4 ECMP paths : 0
VRF FIB Route Limits:
Configured Route Limit : 10
Utilization Percentage : 100 %
Action upon reaching limit: stop-install
Warning Threshold : 70 %
Exceeds Threshold : Yes
PE2#show ip route vrf VRF3 database
Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2,
ia - IS-IS inter area, E - EVPN,
v - vrf leaked
> - selected route, * - FIB route, p - stale info
IP Route Table for VRF "VRF3"
i L2 *> 1.1.1.0/24 [115/11] via 10.1.23.100, xe1.3, installed 00:10:14, last update 00:17:51 ago
i L2 *> 1.1.2.0/24 [115/11] via 10.1.23.100, xe1.3, installed 00:10:14, last update 00:17:51 ago
i L2 *> 1.1.3.0/24 [115/11] via 10.1.23.100, xe1.3, installed 00:10:14, last update 00:17:51 ago
i L2 *> 1.1.4.0/24 [115/11] via 10.1.23.100, xe1.3, installed 00:10:14, last update 00:17:51 ago
i L2 *> 1.1.5.0/24 [115/11] via 10.1.23.100, xe1.3, installed 00:10:14, last update 00:17:51 ago
i L2 *> 1.1.6.0/24 [115/11] via 10.1.23.100, xe1.3, installed 00:10:14, last update 00:17:51 ago
i L2 *> 1.1.7.0/24 [115/11] via 10.1.23.100, xe1.3, installed 00:10:14, last update 00:17:51 ago
i L2 *> 1.1.8.0/24 [115/11] via 10.1.23.100, xe1.3, installed 00:10:14, last update 00:17:51 ago
i L2 > 1.1.9.0/24 [115/11] via 10.1.23.100, xe1.3, installed 00:10:14, last update 00:17:51 ago
i L2 > 1.1.10.0/24 [115/11] via 10.1.23.100, xe1.3, installed 00:10:14, last update 00:17:51 ago
B > 10.1.13.0/24 [200/0] via 12.12.12.1, installed 00:10:14, last update 00:39:28 ago
C *> 10.1.23.0/24 is directly connected, xe1.3, installed 00:10:14, last update 00:33:41 ago
i L1 10.1.23.0/24 [115/10] is directly connected, xe1.3, installed 00:33:41, last update 00:33:41 ago
B > 10.3.1.1/32 [200/0] via 12.12.12.1, installed 00:10:14, last update 00:39:28 ago
B > 10.10.2.2/32 [200/0] via 12.12.12.1, installed 00:10:14, last update 00:39:28 ago
C *> 127.0.0.0/8 is directly connected, lo.VRF3, installed 00:10:14, last update 00:39:56 ago
B > 192.0.1.0/24 [200/11] via 12.12.12.1, installed 00:10:14, last update 00:39:28 ago
B > 192.0.2.0/24 [200/11] via 12.12.12.1, installed 00:10:14, last update 00:39:28 ago
B > 192.0.3.0/24 [200/11] via 12.12.12.1, installed 00:10:14, last update 00:39:28 ago
B > 192.0.4.0/24 [200/11] via 12.12.12.1, installed 00:10:14, last update 00:39:28 ago
B > 192.0.5.0/24 [200/11] via 12.12.12.1, installed 00:10:14, last update 00:39:28 ago
B > 192.0.6.0/24 [200/11] via 12.12.12.1, installed 00:10:14, last update 00:39:28 ago
B > 192.0.7.0/24 [200/11] via 12.12.12.1, installed 00:10:14, last update 00:39:28 ago
B > 192.0.8.0/24 [200/11] via 12.12.12.1, installed 00:10:14, last update 00:39:28 ago
B > 192.0.9.0/24 [200/11] via 12.12.12.1, installed 00:10:14, last update 00:39:28 ago
B > 192.0.10.0/24 [200/11] via 12.12.12.1, installed 00:10:14, last update 00:39:28 ago
Total number of IPv4 routes 26
Gateway of last resort is not set
PE2#show rib pending-txlist ipv4 vrf VRF3
IPv4 pending:
0x0285ed60: 1.1.9.0/24 req(1) new_req(0) fib_notify(0) seq(0) lock(3)
0x0285ef70: 1.1.10.0/24 req(1) new_req(0) fib_notify(0) seq(0) lock(3)
# Ping Validation from PE -- PE
PE2#show ip route
Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2,
ia - IS-IS inter area, E - EVPN,
v - vrf leaked
* - candidate default
IP Route Table for VRF "default"
i L1 12.12.12.1/32 [115/30] via 31.31.1.2, ce43/4, installed 00:46:19, last update 00:46:19 ago
i L1 13.13.13.1/32 [115/20] via 31.31.1.2, ce43/4, installed 00:37:00, last update 00:37:00 ago
C 14.14.14.1/32 is directly connected, lo, installed 00:46:28, last update 00:46:28 ago
C 31.31.1.0/24 is directly connected, ce43/4, installed 00:46:22, last update 00:46:22 ago
i L1 41.41.1.0/24 [115/20] via 31.31.1.2, ce43/4, installed 00:46:19, last update 00:46:19 ago
C 127.0.0.0/8 is directly connected, lo, installed 00:46:56, last update 00:46:56 ago
Gateway of last resort is not set
PE2#ping 12.12.12.1
Press CTRL+C to exit
PING 12.12.12.1 (12.12.12.1) 100(128) bytes of data.
108 bytes from 12.12.12.1: icmp_seq=1 ttl=64 time=0.490 ms
108 bytes from 12.12.12.1: icmp_seq=2 ttl=64 time=0.478 ms
108 bytes from 12.12.12.1: icmp_seq=3 ttl=64 time=0.454 ms
108 bytes from 12.12.12.1: icmp_seq=4 ttl=64 time=0.791 ms
--- 12.12.12.1 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3065ms
rtt min/avg/max/mdev = 0.454/0.553/0.791/0.137 ms
# Show mpls vrf forwarding output
PE2#show mpls vrf-forwarding-table vrf VRF3
Codes: > - installed FTN, * - selected FTN, p - stale FTN, ! - using backup, B - BGP FTN
(m) - Service mapped over multipath transport
(e) - Service mapped over ECMP
(D) - Down
Ext-Color - Extended-community color advertised by BGP
B(x) - BGP EVPN MPLS Services
Code FEC FTN-ID VRF-ID Nhlfe-ID Pri Out-Label Out-Intf Nexthop UpTime Ext-Color
B> 10.1.13.0/24 1 4 8 - - - - 00:47:08 -
3 Yes 25602 - 12.12.12.1 - -
B> 10.3.1.1/32 2 4 8 - - - - 00:47:08 -
3 Yes 25602 - 12.12.12.1 - -
B> 10.10.2.2/32 3 4 8 - - - - 00:47:08 -
3 Yes 25602 - 12.12.12.1 - -
B> 192.0.1.0/24 4 4 8 - - - - 00:47:08 -
3 Yes 25602 - 12.12.12.1 - -
B> 192.0.2.0/24 5 4 8 - - - - 00:47:08 -
3 Yes 25602 - 12.12.12.1 - -
B> 192.0.3.0/24 6 4 8 - - - - 00:47:08 -
3 Yes 25602 - 12.12.12.1 - -
B> 192.0.4.0/24 7 4 8 - - - - 00:47:08 -
3 Yes 25602 - 12.12.12.1 - -
B> 192.0.5.0/24 8 4 8 - - - - 00:47:08 -
3 Yes 25602 - 12.12.12.1 - -
B> 192.0.6.0/24 9 4 8 - - - - 00:47:08 -
3 Yes 25602 - 12.12.12.1 - -
B> 192.0.7.0/24 10 4 8 - - - - 00:47:08 -
3 Yes 25602 - 12.12.12.1 - -
B> 192.0.8.0/24 11 4 8 - - - - 00:47:08 -
3 Yes 25602 - 12.12.12.1 - -
B> 192.0.9.0/24 12 4 8 - - - - 00:47:08 -
3 Yes 25602 - 12.12.12.1 - -
B> 192.0.10.0/24 13 4 8 - - - - 00:47:08 -
3 Yes 25602 - 12.12.12.1 - -
B> 2000::/64 2504 4 8 - - - - 00:47:09 -
3 Yes 25602 - 12.12.12.1 - -
B> 2000::1:0:0:0:0/64 2505 4 8 - - - - 00:47:09 -
3 Yes 25602 - 12.12.12.1 - -
B> 2000::2:0:0:0:0/64 2506 4 8 - - - - 00:47:09 -
3 Yes 25602 - 12.12.12.1 - -
B> 2000::3:0:0:0:0/64 2507 4 8 - - - - 00:47:09 -
3 Yes 25602 - 12.12.12.1 - -
B> 2000::4:0:0:0:0/64 2508 4 8 - - - - 00:47:09 -
3 Yes 25602 - 12.12.12.1 - -
B> 2000::5:0:0:0:0/64 2509 4 8 - - - - 00:47:09 -
3 Yes 25602 - 12.12.12.1 - -
B> 2000::6:0:0:0:0/64 2510 4 8 - - - - 00:47:09 -
3 Yes 25602 - 12.12.12.1 - -
B> 2000::7:0:0:0:0/64 2511 4 8 - - - - 00:47:09 -
3 Yes 25602 - 12.12.12.1 - -
B> 2000::8:0:0:0:0/64 2512 4 8 - - - - 00:47:09 -
3 Yes 25602 - 12.12.12.1 - -
B> 2000::9:0:0:0:0/64 2513 4 8 - - - - 00:47:09 -
3 Yes 25602 - 12.12.12.1 - -
B> 2001:0:3::/64 4004 4 8 - - - - 00:47:09 -
3 Yes 25602 - 12.12.12.1 - -
B> 2001:db8:2::2/128 4005 4 8 - - - - 00:47:09 -
3 Yes 25602 - 12.12.12.1 - -
7001-PE2#
# IPv6
PE2#show ipv6 route vrf VRF3 summary
-----------------------------------------------
IPv6 routing table name is VRF3(4)
-----------------------------------------------
IPv6 routing table maximum-paths : 8
Total number of IPv6 routes : 10
Total number of IPv6 paths : 10
Pending routes (due to route max reached): 3
Route Source Networks
connected 3
isis 7
Total 10
FIB 10
ECMP statistics (active in ASIC):
Total number of IPv6 ECMP routes : 0
Total number of IPv6 ECMP paths : 0
VRF FIB Route Limits:
Configured Route Limit : 10
Utilization Percentage : 100 %
Action upon reaching limit: stop-install
Warning Threshold : 70 %
Exceeds Threshold : Yes
PE2#show rib pending-txlist ipv6 vrf VRF3
IPv6 pending:
0x0285ccc0: 2222::7:0:0:0:0/64 req(1) new_req(0) fib_notify(0) seq(0) lock(3)
0x0285ced0: 2222::8:0:0:0:0/64 req(1) new_req(0) fib_notify(0) seq(0) lock(3)
0x0285d0e0: 2222::9:0:0:0:0/64 req(1) new_req(0) fib_notify(0) seq(0) lock(3)
# Ping VPNV4 prefixes
PE2#ping mpls l3vpn VRF3 10.1.13.0/24
Sending 5 MPLS Echos to 10.1.13.0, timeout is 5 seconds
Codes:
'!' - Success, 'Q' - request not sent, '.' - timeout,
'x' - Retcode 0, 'M' - Malformed Request, 'm' - Errored TLV,
'N' - LBL Mapping Err, 'D' - DS Mismatch,
'U' - Unknown Interface, 'R' - Transit (LBL Switched),
'B' - IP Forwarded, 'F' No FEC Found, 'f' - FEC Mismatch,
'P' - Protocol Error, 'X' - Unknown code,
'Z' - Reverse FEC Validation Failed
Type 'Ctrl+C' to abort
!
Success Rate is 100.00 percent (5/5)
PE2#ping mpls l3vpn VRF3 192.0.1.0/24
Sending 5 MPLS Echos to 192.0.1.0, timeout is 5 seconds
Codes:
'!' - Success, 'Q' - request not sent, '.' - timeout,
'x' - Retcode 0, 'M' - Malformed Request, 'm' - Errored TLV,
'N' - LBL Mapping Err, 'D' - DS Mismatch,
'U' - Unknown Interface, 'R' - Transit (LBL Switched),
'B' - IP Forwarded, 'F' No FEC Found, 'f' - FEC Mismatch,
'P' - Protocol Error, 'X' - Unknown code,
'Z' - Reverse FEC Validation Failed
Type 'Ctrl+C' to abort
!
!
!
!
!
Success Rate is 100.00 percent (5/5)
PE2#ping mpls l3vpn VRF3 192.0.5.0/24
Sending 5 MPLS Echos to 192.0.5.0, timeout is 5 seconds
Codes:
'!' - Success, 'Q' - request not sent, '.' - timeout,
'x' - Retcode 0, 'M' - Malformed Request, 'm' - Errored TLV,
'N' - LBL Mapping Err, 'D' - DS Mismatch,
'U' - Unknown Interface, 'R' - Transit (LBL Switched),
'B' - IP Forwarded, 'F' No FEC Found, 'f' - FEC Mismatch,
'P' - Protocol Error, 'X' - Unknown code,
'Z' - Reverse FEC Validation Failed
Type 'Ctrl+C' to abort
!
!
!
!
!
Success Rate is 100.00 percent (5/5)
New CLI Commands
The VRF FIB introduces the following configuration commands in OcNOS.
maximum-fib-routes
Use this command to set a limit on the number of dynamic routes installed in a VRF FIB, excluding static and connected routes.
Note: The limit only applies to dynamic routes and is not applicable to static or connected routes.
Use the no form of the command without threshold keyword to disable maximum routes limit for a VRF.
Syntax
maximum-fib-routes (ipv4|ipv6) <1 - 2147483647> (stop-install | warning-only)
no maximum-fib-routes (ipv4|ipv6)
Parameters
ipv4|ipv6
Configures the maximum route limit for the specified address family (IPv4 or IPv6)..
<1 - 2147483647>
Limits the number of routes in the VRF FIB. If the limit is reached with 'stop-install' enabled, the system rejects additional dynamic routes.
stop-install
The system blocks additional routes in the VRF FIB upon reaching the configured maximum limit.
warning-only
Defines the maximum routes limit as an advisory guideline only. An advisory limit triggers a warning when routes reach the maximum limit but does not reject additional routes.
Default
Maximum FIB routes limit is disabled
Command Mode
Configuration mode
Applicability
Introduced in OcNOS version 6.6.1.
Example
(config)#ip vrf VRF_A
(config-vrf)# maximum-fib-routes ipv4 10000 stop-install
(config)#ip vrf VRF_B
(config-vrf)# maximum-fib-routes ipv4 5000 warning-only
maximum-fib-routes threshold
Use this command to set a route limit in a VRF FIB and optionally configure a threshold percentage using the threshold keyword.
Note: This generates a warning when the current route count exceeds the threshold. The threshold can only be configured if a route limit is set.
Use the no form of the command with threshold keyword to remove configured threshold percentage for the route limit.
Syntax
maximum-fib-routes (ipv4|ipv6) threshold <1-100>
no maximum-fib-routes (ipv4|ipv6) threshold
Parameters
ipv4|ipv6
Configures the maximum route limit for the specified address family (IPv4 or IPv6).
threshold<1 - 100>
Triggers a NetConf notification and syslog warning message when the route count exceeds the specified percentage of the maximum limit.
Default
Threshold limit is 80%.
Command Mode
Configuration mode
Applicability
Introduced in OcNOS version 6.6.1.
Example
(config)#ip vrf VRF_A
(config-vrf)# maximum-fib-routes ipv4 10000 stop-install
(config-vrf)# maximum-fib-routes ipv4 threshold 90
(config)#ip vrf VRF_B
(config-vrf)# maximum-fib-routes ipv4 5000 warning-only
Glossary
The following provides definitions for key terms or abbreviations and their meanings used throughout this document:
Key Terms/Acronym | Description |
|---|---|
MPLS | Multiprotocol Label Switching (MPLS): A high-performance network routing technique that directs data using labels rather than network addresses, improving speed and efficiency. |
L3VPN | Layer 3 Virtual Private Network (L3VPN): A VPN that operates at the network layer, using MPLS to connect multiple customer sites while maintaining routing separation. |
VRF | Virtual Routing and Forwarding (VRF): A technology that enables multiple isolated routing tables on a single router, allowing separate VPN instances. |
PE | Provider Edge (PE) - A router at the network edge that connects customer sites to the service provider's MPLS backbone. |
CE | Customer Edge (CE): A router at the customer site that connects to the PE router and exchanges routing information. |
FIB | Forwarding Information Base (FIB) - A routing table used by routers to forward packets efficiently. |
EBGP | External Border Gateway Protocol (EBGP): A routing protocol used for communication between different autonomous systems, commonly used between PE and CE routers. |
IGP | Interior Gateway Protocol (IGP) - A routing protocol used within a single network, such as OSPF or IS-IS, to manage routes in the MPLS backbone. |