Route Target Constraint
BGP/MPLS IP VPNs use PE routers to Route Target (RT) extended communities and control the distribution of routes into the VRFs. Within a given iBGP mesh, PE routers hold routes marked with RouteTargets pertaining to VRFs that have local CE attachments.
BGP RT Constrained Route Distribution is a feature that can be used by service providers in Multiprotocol Label Switching (MPLS) Layer 3 VPNs to reduce the number of unnecessary routing updates that route reflectors (RRs) send to Provider Edge (PE) routers. The reduction in “routing updates” saves resources by allowing RRs, Autonomous System Boundary Routers (ASBRs), and PEs to carry fewer routes. Route targets are used to constrain routing updates.
With (MPLS)VPNs, the (iBGP) peers or Route Reflectors send all VPN4 and/or VPN6 prefixes to the PE routers. The PE routers drop the VPN4/6 prefixes for which there is no importing VPN route forwarding (VRF).
Topology
The topology below shows Route-target filtering in an L3VPN—with Route Target Constraint (RTC), the RR sends only wanted VPN4/6 prefixes to the PE; wanted” means that the PEs have the VRFs importing the specific prefixes.
Figure 1-36: Route-target Filter Topology
Configuration
CE1
#configure terminal | Enter configure mode. |
(config)#interface eth1 | Enter interface mode |
(config-if)#ip address 80.1.1.1/24 | Configure IP address for interface |
(config-if)#exit | Exit from interface mode and enter into Configure mode |
(config)#interface eth3 | Enter interface mode |
(config-if)#ip address 90.1.1.1/24 | Configure IP address for interface |
(config-if)#exit | Exit from interface mode and enter into Configure mode |
(config)# router bgp 200 | Assign the ASN value (100) to the BGP router |
(config-router)#neighbor 80.1.1.2 remote-as 100 | Configure neighbor (RR) in IBGP |
(config-router)#neighbor 90.1.1.2 remote-as 100 | Configure neighbor (RR) in IBGP |
(config-router)# address-family ipv4 unicast | Enter address-family ipv4 unicast mode |
(config-router-af)#redistribute static | Redistribute static routes into BGP |
(config-router-af)#neighbor 80.1.1.2 activate | Activate neighbor |
(config-router-af)#neighbor 90.1.1.2 activate | Activate neighbor |
(config-router-af)#exit-address-family | Exit address-family mode |
(config-router)#exit | Exit from router mode and enter configure mode |
(config)#ip route vrf 1 1.1.1.0/24 eth1 | Configure static route with VRF 1 instance |
(config)#ip route vrf 2 3.3.3.0/24 eth3 | Configure static route with VRF 2 instance |
(config)#ip route vrf 2 4.4.4.0/24 eth3 | Configure static route with VRF 2 instance |
(config)#commit | Commit the candidate configuration to the running configuration. |
CE2
#configure terminal | Enter configure mode. |
(config)#interface eth1 | Enter interface mode |
(config-if)#ip address 101.1.1.1/24 | Configure IP address for interface |
(config-if)#exit | Exit from interface mode and enter into Configure mode |
(config)#interface eth3 | Enter interface mode |
(config-if)#ip address 100.1.1.1/24 | Configure IP address for interface |
(config-if)#exit | Exit from interface mode and enter into Configure mode |
(config)# router bgp 200 | Assign the ASN value (100) to the BGP router |
(config-router)#neighbor 100.1.1.2 remote-as 100 | Configure neighbor (RR) in IBGP |
(config-router)#neighbor 101.1.1.2 remote-as 100 | Configure neighbor (RR) in IBGP |
(config-router)# address-family ipv4 unicast | Enter address-family ipv4 unicast mode |
(config-router-af)#neighbor 100.1.1.2 activate | Activate neighbor |
(config-router-af)#neighbor 101.1.1.2 activate | Activate neighbor |
(config-router-af)#exit-address-family | Exit from address family ipv4 unicast mode |
(config-router)#exit | Exit from router and configure mode |
(config)#commit | Commit the candidate configuration to the running configuration. |
PE1
#configure terminal | Enter configure mode. |
(config)#ip vrf 1 | Create a VRF instance 1 |
(config-vrf)#rd 1:100 | Configure unique RD value for VRF to identify VRF instance |
(config-vrf)#route-target export 1:200 | Configure route-target (rt) value for exporting routes into other VRFs (for other PE’s) |
(config-vrf)#exit | Exit VRF mode and enter Configure mode |
(config)#ip vrf 2 | Create a VRF instance 2 |
(config-vrf)#rd 1:300 | Configure unique RD value for VRF to identify VRF instance |
(config-vrf)#route-target both 1:400 | Configure route-target (rt) value for exporting routes into other VRFs (for other PE’s) |
(config-vrf)#exit | Exit VRF mode and enter Configure mode |
(config)#router ldp | Enable LDP. |
(config-router)#exit | Exit router LDP mode |
(config)#interface lo | Enter loopback interface mode |
(config-if)#ip address 11.11.11.11/32 secondary | Configure IP address for loopback interface |
(config-if)# enable-ldp ipv4 | Enable LDP on loopback interface |
(config-if)#exit | Exit interface mode |
(config)#interface eth1 | Enter interface mode |
(config-if)#ip vrf forwarding 1 | Bind interface to VRF 1 |
(config-if)#ip address 80.1.1.2/24 | Configure IP address for VRF binded interface |
(config-if)#exit | Exit interface mode |
(config)#interface eth2 | Enter interface mode |
(config-if)#ip address 40.1.1.1/24 | Configure an IP address for interface |
(config-if)#label-switching | Enable label-switching on interface |
(config-if)# enable-ldp ipv4 | Enable LDP on connected interface between PE1 and RR |
(config-if)#exit | Exit interface mode |
(config)#interface eth3 | Enter interface mode |
(config-if)#ip vrf forwarding 2 | Bind interface to VRF 1 |
(config-if)#ip address 90.1.1.2/24 | Configure IP address for VRF binded interface |
(config-if)#exit | Exit interface mode |
(config)#commit | Commit the candidate configuration to the running configuration. |
(config)#router ospf | Enable OSPF process between PE1 and RR |
(config-router)#network 11.11.11.11/32 area 0.0.0.0 (config-router)#network 40.1.1.0/24 area 0.0.0.0 | Advertise loopback network in OSPF area 0 |
(config-router)#exit | Exit router OSPF mode |
(config)#commit | Commit the candidate configuration to the running configuration. |
(config)# router bgp 100 | Assign the ASN value (100) to the BGP router |
(config-router)#neighbor 22.22.22.22 remote-as 100 | Configure neighbor (RR) in IBGP |
(config-router)#neighbor 22.22.22.22 update-source lo | Enable neighbor with loopback interface. |
(config-router)#address-family vpnv4 unicast | Enter Address-Family-VPNv4 mode. |
(config-router-af)#neighbor 22.22.22.22 activate | Activate RR neighbor |
(config-router-af)#exit-address-family | Exit Address Family mode and return to Router mode. |
(config-router)#address-family rtfilter unicast | Enable RT filter address-family mode |
(config-router-af)#neighbor 22.22.22.22 activate | Activate neighbor |
(config-router-af)#exit-address-family | Exit RTfilter Address Family mode and return to Router mode. |
(config-router)#address-family ipv4 vrf 1 | Enter Address-Family-VRF mode. |
(config-router-af)#neighbor 80.1.1.1 remote-as 200 | Configure CE neighbor in VRF mode |
(config-router-af)#neighbor 80.1.1.1 activate | Activate neighbor in VRF |
(config-router-af)#exit-address-family | Exit Address Family mode and return to Router mode. |
(config-router)#address-family ipv4 vrf 2 | Enter Address-Family-VRF mode. |
(config-router-af)#neighbor 90.1.1.1 remote-as 200 | Configure CE neighbor in VRF mode |
(config-router-af)#neighbor 90.1.1.1 activate | Activate neighbor in VRF |
(config-router-af)#exit-address-family | Exit Address Family mode and return to Router mode. |
(config-router)#exit | Exit from router mode and configure mode |
(config-router)#commit | Commit the candidate configuration to the running configuration. |
RR
(config)#router ldp | Enable LDP |
(config-router)#exit | Exit router LDP mode |
(config)#interface lo | Enter loopback interface |
(config-if)#ip address 22.22.22.22/32 secondary (config-if)#ip address 44.44.44.44/32 secondary | Configure IP address for loopback interface |
(config-if)# enable-ldp ipv4 | Enable LDP on loopback interface |
(config-if)#exit | Exit interface mode |
(config)#interface eth2 | Enter interface mode |
(config-if)#ip address 40.1.1.2/24 | Configure IP address for interface connecting to PE2 |
(config-if)#label-switching | Enable label-switching on interface |
(config-if)# enable-ldp ipv4 | Enable LDP on connected interface between PE1 and RR |
(config-if)#exit | Exit interface mode |
(config)#interface eth4 | Enter into interface mode |
(config-if)#ip address 50.1.1.1/24 | Configure an IP address for interface connecting to PE1 |
(config-if)#label-switching | Enable label-switching on interface |
(config-if)# enable-ldp ipv4 | Enable LDP on connected interface between PE1 and RR |
(config-if)#exit | Exit interface mode |
(config)#commit | Commit the candidate configuration to the running configuration. |
(config)#router ospf | Enable OSPF process between PE1 and RR |
(config-router)#network 22.22.22.22/32 area 0.0.0.0 | Advertise loopback network in OSPF area 0 |
(config-router)#network 40.1.1.0/24 area 0 (config-router)#network 44.44.44.44/32 area 0.0.0.0 (config-router)#network 50.1.1.0/24 area 0.0.0.0 | Advertise PE1 to RR connected network in OSPF |
(config-router)#exit | Exit from router OSPF mode |
(config)#commit | Commit the candidate configuration to the running configuration. |
(config)# router bgp 100 | Assign the ASN value (100) to the BGP router |
(config-router)#neighbor 11.11.11.11 remote-as 100 | Configure neighbor (PE1) in IBGP |
(config-router)#neighbor 11.11.11.11 update-source 22.22.22.22 | Enable neighbor with loopback interface |
(config-router)#neighbor 33.33.33.33 remote-as 100 | Configure neighbor (PE2) in IBGP |
(config-router)#neighbor 33.33.33.33 update-source 44.44.44.44 | Enable neighbor with loopback interface |
(config-router)#address-family vpnv4 unicast | Enter Address-Family-VPNv4 mode. |
(config-router-af)#neighbor 11.11.11.11 activate | Activate PE1 neighbor |
(config-router-af)#neighbor 33.33.33.33 activate | Activate PE2 neighbor |
(config-router-af)#neighbor 11.11.11.11 route-reflector-client | Configure PE1 as Route Reflector client |
(config-router-af)#neighbor 33.33.33.33 route-reflector-client | Configure PE2 as Route Reflector client |
(config-router-af)#exit-address-family | Exit Address Family mode and return to Router mode. |
(config-router)#address-family rtfilter unicast | Enable RT filter address-family mode |
(config-router-af)#neighbor 11.11.11.11 activate | Activate PE1 neighbor in RTfilter family |
(config-router-af)#neighbor 33.33.33.33 activate | Activate PE2 neighbor in RTfilter family |
(config-router-af)#neighbor 33.33.33.33 route-reflector-client | Configure PE2 as Route Reflector client |
(config-router-af)#neighbor 11.11.11.11 route-reflector-client | Configure PE1 as Route Reflector client |
(config-router-af)#exit-address-family | Exit RTfilter Address-Family mode |
(config-router)#exit | Exit from Address-Family, Router and Configure mode. |
(config)#commit | Commit the candidate configuration to the running configuration. |
PE2
#configure terminal | Enter configure mode. |
(config)#ip vrf 3 | Create a VRF instance 3 |
(config-vrf)#rd 1:600 | Configure unique RD value for VRF to identify VRF instance |
(config-vrf)#route-target export 1:200 | Configure route-target (rt) value for exporting routes into other VRFs (for other PE’s) |
(config-vrf)#exit | Exit VRF mode and enter Configure mode |
(config)#ip vrf 4 | Create a VRF instance 4 |
(config-vrf)#rd 1:900 | Configure unique RD value for VRF to identify VRF instance |
(config-vrf)#route-target both 1:400 | Configure route-target (rt) value for exporting routes into other VRFs (for other PE’s) |
(config-vrf)#exit | Exit VRF mode and enter Configure mode |
(config)#router ldp | Enable LDP. |
(config-router)#exit | Exit router LDP mode |
(config)#interface lo | Enter loopback interface mode |
(config-if)#ip address 33.33.33.33/32 secondary | Configure IP address for loopback interface |
(config-if)# enable-ldp ipv4 | Enable LDP on loopback interface |
(config-if)#exit | Exit interface mode |
(config)#interface eth1 | Enter interface mode |
(config-if)#ip vrf forwarding 3 | Bind interface to VRF 3 |
(config-if)#ip address 101.1.1.2/24 | Configure IP address for VRF binded interface |
(config-if)#exit | Exit interface mode |
(config)#interface eth3 | Enter interface mode |
(config-if)#ip vrf forwarding 4 | Bind interface to VRF 3 |
(config-if)#ip address 100.1.1.2/24 | Configure IP address for VRF binded interface |
(config-if)#exit | Exit interface mode |
(config)#interface eth4 | Enter interface mode |
(config-if)#ip address 50.1.1.2/24 | Configure an IP address for interface |
(config-if)#label-switching | Enable label-switching on interface |
(config-if)# enable-ldp ipv4 | Enable LDP on connected interface between PE2 and RR |
(config-if)#exit | Exit interface mode |
(config)#commit | Commit the candidate configuration to the running configuration. |
(config)#router ospf | Enable OSPF process between PE2 and RR |
(config-router)#network 33.33.33.33/32 area 0.0.0.0 | Advertise loopback network in OSPF area 0 |
(config-router)#network 50.1.1.0/24 area 0 | Advertise PE2 to RR connected network in OSPF |
(config-router)#exit | Exit router OSPF mode |
(config)#commit | Commit the candidate configuration to the running configuration. |
(config)# router bgp 100 | Assign the ASN value (100) to the BGP router |
(config-router)#neighbor 44.44.44.44 remote-as 100 | Configure neighbor (RR) in IBGP |
(config-router)#neighbor 44.44.44.44 update-source 33.33.33.33 | Enable neighbor with loopback interface. |
(config-router)#address-family vpnv4 unicast | Enter Address-Family-VPNv4 mode. |
(config-router-af)#neighbor 44.44.44.44 activate | Activate RR neighbor |
(config-router-af)#exit-address-family | Exit Address Family mode and return to Router mode. |
(config-router)#address-family rtfilter unicast | Enable RT filter address-family mode |
(config-router-af)#neighbor 44.44.44.44 activate | Activate neighbor |
(config-router-af)#exit-address-family | Exit RTfilter Address Family mode and return to Router mode. |
(config-router)#address-family ipv4 vrf 3 | Enter Address-Family-VRF mode. |
(config-router-af)#neighbor 101.1.1.1 remote-as 200 | Configure CE neighbor in VRF mode |
(config-router-af)#neighbor 101.1.1.1 activate | Activate neighbor in VRF |
(config-router-af)#exit-address-family | Exit Address Family mode and return to Router mode. |
(config-router)#address-family ipv4 vrf 4 | Enter Address-Family-VRF mode. |
(config-router-af)#neighbor 100.1.1.1 remote-as 200 | Configure CE neighbor in VRF mode |
(config-router-af)#neighbor 100.1.1.1 activate | Activate neighbor in VRF |
(config-router-af)#exit-address-family | Exit Address Family mode and return to Router mode. |
(config-router)#exit | Exit router and configure mode |
(config)#commit | Commit the candidate configuration to the running configuration. |
Validation
Through RTfilter address-family RT values will be exchanged between RR and PE’s. Neighbors are activated under this address-family and configured clients as well in this. RR will learn routes from PE’s and send to other PE’s if it has any peer requesting for that particular routes based on their RT import values
Below outputs shows the routes sent and learned in PE’s and installed in VRF’s and display’s RT filter values exchanged between them.
CE1
CE1#show ip bgp
BGP table version is 6, local router ID is 192.160.50.5
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
l - labeled, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 1.1.1.0/24 0.0.0.0 0 100 32768 ?
*> 3.3.3.0/24 0.0.0.0 0 100 32768 ?
*> 4.4.4.0/24 0.0.0.0 0 100 32768 ?
Total number of prefixes 3
PE1
PE1#sh ip bgp vpnv4 all
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, l - labeled
S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 1:100 (Default for VRF 1)
*> 1.1.1.0/24 80.1.1.1 0 100 0 200 ?
*> 3.3.3.0/24 80.1.1.1 0 100 0 200 ?
*> 4.4.4.0/24 80.1.1.1 0 100 0 200 ?
Announced routes count = 3
Accepted routes count = 0
Route Distinguisher: 1:300 (Default for VRF 2)
*> 1.1.1.0/24 90.1.1.1 0 100 0 200 ?
*> 3.3.3.0/24 90.1.1.1 0 100 0 200 ?
*> 4.4.4.0/24 90.1.1.1 0 100 0 200 ?
Announced routes count = 3
Accepted routes count = 0
PE1#
PE1#show ip bgp rtfilter all
RTFilter's Received
*******************
peer-ip 22.22.22.22
100:2:1:400
RTFilter's Sent
*******************
peer-ip 22.22.22.22
100:2:1:400
PE1#
RR
RR#sh ip bgp vpnv4 all
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, l - labeled
S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 1:300
*>i 1.1.1.0/24 11.11.11.11 0 100 0 200 ?
*>i 3.3.3.0/24 11.11.11.11 0 100 0 200 ?
*>i 4.4.4.0/24 11.11.11.11 0 100 0 200 ?
Announced routes count = 0
Accepted routes count = 3
RR#
RR#show ip bgp rtfilter all
RTFilter's Received
*******************
peer-ip 11.11.11.11
100:2:1:400
peer-ip 33.33.33.33
100:2:1:400
RTFilter's Sent
*******************
peer-ip 11.11.11.11
100:2:1:400
peer-ip 33.33.33.33
100:2:1:400
PE2
PE2#show ip bgp vpnv4 all
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, l - labeled
S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 1:300
*>i 1.1.1.0/24 11.11.11.11 0 100 0 200 ?
*>i 3.3.3.0/24 11.11.11.11 0 100 0 200 ?
*>i 4.4.4.0/24 11.11.11.11 0 100 0 200 ?
Announced routes count = 0
Accepted routes count = 3
Route Distinguisher: 1:900 (Default for VRF 4)
*>i 1.1.1.0/24 11.11.11.11 0 100 0 200 ?
*>i 3.3.3.0/24 11.11.11.11 0 100 0 200 ?
*>i 4.4.4.0/24 11.11.11.11 0 100 0 200 ?
Announced routes count = 0
Accepted routes count = 3
PE2#
PE2#show ip bgp rtfilter all
RTFilter's Received
*******************
peer-ip 44.44.44.44
100:2:1:400
RTFilter's Sent
*******************
peer-ip 44.44.44.44
100:2:1:400
PE2#
Last modified date: 10/16/2023