Genie's Tech Blog

Where knowledge has no dimensions

BGP RT Constrained Route Distribution

Hello Friends,

Today we are going to discuss another interesting feature of BGP which is used in Route-Reflectors to help them scale and make proper use of its available resources. We are going to discuss about BGP RT Constrained Route Filtering which was introduced in latest IOS releases to overcome the problem of RR's maintaining unnecessary BGP Routes for those RT's (Route Targets) which are not really required to be handled by a particular RR in a Service provider network. By default, all the Route-Targets are filtered at the destination PE router. If the RT is not imported in a particular vrf, the routes are dropped by the PE router. But the RR has to always maintain those RT's which are not required by the PE's which its neighboring with. Consider a huge service provider network having say 100 PE routers and each router having 100 VRF's and each vrf is learning nearly 10000 routes. The RR will have to hold 10000*100*100 vpnv4 routes in its BGP table. This is going to kill the router. Now, we can say that lets have partial RR's or split the RR's for example, say we add 10 RR's peering with 10 PE routers. Even in that case, the RR will be holding around 10*100*10000 routes in its BGP table, which is again not less and not all routes are needed in all the VRF's. So again, the PE's will be dropping the routes of the RT's which are not imported in the local VRF table. The possible solution that we can propose is if we allow the PE to only advertise the RT's which the PE's are requesting and filter them at the RR. In that way, we can reduce the load both from the RR and the receiving PE router. This is what RT Filter constraint does. In other words, RT Constrained route distribution is a feature that service providers can use in MPLS L3 VPN setups to reduce the number of unnecessary routing updates that the RR's send to PE's. RFC 4684 specifies the route-target constraint. The support is added through a new address-family rtfilter for both VPNv4 and VPNv6.

We shall now understand the functionality with the help of an example.

Consider the below topology:

 

In the above topology, R1, R2 and R3 are acting as a PE router and R5 is acting as a Route-Reflector. Below are the configurations for all the routers:

Config on R1:
==========
ip vrf R1_CE
 rd 1:1
 route-target export 1:1
 route-target import 1:1
!
interface Loopback0
 ip address 1.1.1.1 255.255.255.255
!
interface Loopback100
 ip vrf forwarding R1_CE
 ip address 192.168.10.1 255.255.255.255
!
interface GigabitEthernet0/2
 ip address 13.13.13.1 255.255.255.252
 duplex auto
 speed auto
 media-type rj45
 mpls traffic-eng tunnels
 ip rsvp bandwidth
!         
interface GigabitEthernet0/3
 ip address 15.15.15.1 255.255.255.252
 duplex auto
 speed auto
 media-type rj45
 mpls traffic-eng tunnels
 mpls traffic-eng backup-path Tunnel1105
 ip rsvp bandwidth
!         
router ospf 100
 mpls ldp autoconfig
 mpls traffic-eng router-id Loopback0
 mpls traffic-eng area 0
 router-id 1.1.1.1
 network 1.1.1.1 0.0.0.0 area 0
 network 13.13.13.1 0.0.0.0 area 0
 network 15.15.15.1 0.0.0.0 area 0
!         
router bgp 100
 bgp router-id 1.1.1.1
 bgp log-neighbor-changes
 no bgp default ipv4-unicast
 neighbor 5.5.5.5 remote-as 100
 neighbor 5.5.5.5 update-source Loopback0
 !
 address-family ipv4
 exit-address-family
 !
 address-family vpnv4
  neighbor 5.5.5.5 activate
  neighbor 5.5.5.5 send-community extended
  neighbor 5.5.5.5 next-hop-self
 exit-address-family
 !
 address-family ipv4 vrf R1_CE
  network 192.168.10.1 mask 255.255.255.255
  redistribute connected
 exit-address-family
!

Config on R2:
=========
ip vrf R2_CE
 rd 2:2
 route-target export 2:2
 route-target import 2:2
!
interface Loopback0
 ip address 2.2.2.2 255.255.255.255
!
interface Loopback100
 ip address 192.168.20.1 255.255.255.255
!
interface GigabitEthernet0/2
 ip address 24.24.24.1 255.255.255.252
 duplex auto
 speed auto
 media-type rj45
 mpls traffic-eng tunnels
 ip rsvp bandwidth
!
interface GigabitEthernet0/3
 ip address 25.25.25.1 255.255.255.252
 duplex auto
 speed auto
 media-type rj45
 mpls traffic-eng tunnels
 ip rsvp bandwidth
!         
router ospf 100
 mpls ldp autoconfig
 mpls traffic-eng router-id Loopback0
 mpls traffic-eng area 0
 router-id 2.2.2.2
 network 2.2.2.2 0.0.0.0 area 0
 network 24.24.24.1 0.0.0.0 area 0
 network 25.25.25.1 0.0.0.0 area 0
!
router bgp 100
 bgp router-id 2.2.2.2
 bgp log-neighbor-changes
 no bgp default ipv4-unicast
 neighbor 5.5.5.5 remote-as 100
 neighbor 5.5.5.5 update-source Loopback0
 !
 address-family ipv4
 exit-address-family
 !
 address-family vpnv4
  neighbor 5.5.5.5 activate
  neighbor 5.5.5.5 send-community extended
  neighbor 5.5.5.5 next-hop-self
 exit-address-family
 !
 address-family ipv4 vrf R2_CE
  network 192.168.20.1 mask 255.255.255.255
  redistribute connected
 exit-address-family
!

Config on R3:
==========
ip vrf R3_CE
 rd 3:3
 route-target export 3:3
 route-target import 3:3
 route-target import 1:1
!
interface Loopback0
 ip address 3.3.3.3 255.255.255.255
!
interface Loopback100
 ip vrf forwarding R3_CE
 ip address 192.168.30.1 255.255.255.255
!
interface GigabitEthernet0/1
 ip address 13.13.13.2 255.255.255.252
 duplex auto
 speed auto
 media-type rj45
 mpls traffic-eng tunnels
 ip rsvp bandwidth
!
interface GigabitEthernet0/4
 ip address 35.35.35.2 255.255.255.252
 duplex auto
 speed auto
 media-type rj45
 mpls traffic-eng tunnels
 ip rsvp bandwidth
!
router ospf 100
 mpls ldp autoconfig
 mpls traffic-eng router-id Loopback0
 mpls traffic-eng area 0
 router-id 3.3.3.3
 network 3.3.3.3 0.0.0.0 area 0
 network 13.13.13.2 0.0.0.0 area 0
 network 35.35.35.2 0.0.0.0 area 0
!
router bgp 100
 bgp router-id 3.3.3.3
 bgp log-neighbor-changes
 no bgp default ipv4-unicast
 neighbor 5.5.5.5 remote-as 100
 neighbor 5.5.5.5 update-source Loopback0
 !
 address-family ipv4
 exit-address-family
 !
 address-family vpnv4
  neighbor 5.5.5.5 activate
  neighbor 5.5.5.5 send-community extended
  neighbor 5.5.5.5 next-hop-self
 exit-address-family
 !
 address-family ipv4 vrf R3_CE
  network 192.168.30.1 mask 255.255.255.255
  redistribute connected
 exit-address-family
!

Config on R5:
==========
interface Loopback0
 ip address 5.5.5.5 255.255.255.255
!
interface GigabitEthernet0/3
 ip address 15.15.15.2 255.255.255.252
 duplex auto
 speed auto
 media-type rj45
 mpls traffic-eng tunnels
 ip rsvp bandwidth
!
interface GigabitEthernet0/4
 ip address 25.25.25.2 255.255.255.252
 duplex auto
 speed auto
 media-type rj45
 mpls traffic-eng tunnels
 ip rsvp bandwidth
!
interface GigabitEthernet0/6
 ip address 35.35.35.1 255.255.255.252
 duplex auto
 speed auto
 media-type rj45
 mpls traffic-eng tunnels
 ip rsvp bandwidth
!
router ospf 100
 mpls ldp autoconfig
 mpls traffic-eng router-id Loopback0
 mpls traffic-eng area 0
 router-id 5.5.5.5
 network 5.5.5.5 0.0.0.0 area 0
 network 15.15.15.2 0.0.0.0 area 0
 network 25.25.25.2 0.0.0.0 area 0
 network 35.35.35.1 0.0.0.0 area 0
!
router bgp 100
 bgp router-id 5.5.5.5
 bgp log-neighbor-changes
 no bgp default ipv4-unicast
 neighbor 1.1.1.1 remote-as 100
 neighbor 1.1.1.1 update-source Loopback0
 neighbor 2.2.2.2 remote-as 100
 neighbor 2.2.2.2 update-source Loopback0
 neighbor 3.3.3.3 remote-as 100
 neighbor 3.3.3.3 update-source Loopback0
 !
 address-family ipv4
 exit-address-family
 !
 address-family vpnv4
  neighbor 1.1.1.1 activate
  neighbor 1.1.1.1 send-community extended
  neighbor 1.1.1.1 route-reflector-client
  neighbor 1.1.1.1 next-hop-self
  neighbor 2.2.2.2 activate
  neighbor 2.2.2.2 send-community extended
  neighbor 2.2.2.2 route-reflector-client
  neighbor 2.2.2.2 next-hop-self
  neighbor 3.3.3.3 activate
  neighbor 3.3.3.3 send-community extended
  neighbor 3.3.3.3 route-reflector-client
  neighbor 3.3.3.3 next-hop-self
 exit-address-family
 !

With the above config, we shall see that all the PE routers will receive BGP update for all RT's and then will drop the one's which are not imported. Also, the RR i.e. R5 also see's all the prefixes in all RT's. Lets now take a look at the outputs:

Output from RR (R5):
===============
R5#sh ip bgp vpnv4 all
BGP table version is 6, local router ID is 5.5.5.5
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 
              r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter, 
              x best-external, a additional-path, c RIB-compressed, 
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

     Network          Next Hop            Metric LocPrf Weight Path
Route Distinguisher: 1:1
 *>i 192.168.10.1/32  1.1.1.1                  0    100      0 i
Route Distinguisher: 2:2
 *>i 192.168.20.1/32  2.2.2.2                  0    100      0 i
Route Distinguisher: 3:3
 *>i 192.168.30.1/32  3.3.3.3                  0    100      0 i

Output on R2:
==========
R2#debug bgp vpnv4 unicast updates 
BGP updates debugging is on for address family: VPNv4 Unicast 
R2#
R2#cle ip bgp *
R2#
*Aug 18 18:42:33.620: %BGP-5-ADJCHANGE: neighbor 5.5.5.5 Down User reset
*Aug 18 18:42:33.620: %BGP_SESSION-5-ADJCHANGE: neighbor 5.5.5.5 VPNv4 Unicast topology base removed from session  User reset
*Aug 18 18:42:34.182: %BGP-5-ADJCHANGE: neighbor 5.5.5.5 Up 
*Aug 18 18:42:34.184: BGP: nbr_topo global 5.5.5.5 VPNv4 Unicast:base (0xF2205A8:1) rcvd Refresh Start-of-RIB
*Aug 18 18:42:34.184: BGP: nbr_topo global 5.5.5.5 VPNv4 Unicast:base (0xF2205A8:1) refresh_epoch is 2
*Aug 18 18:42:34.189: BGP(4): 5.5.5.5 rcvd UPDATE w/ attr: nexthop 5.5.5.5, origin ?, localpref 100, metric 0, originator 7.7.7.7, clusterlist 5.5.5.5 6.6.6.6, extended community RT:7:7
*Aug 18 18:42:34.189: BGP(4): 5.5.5.5 rcvd 7:7:193.168.70.1/32, label 33 -- DENIED due to:  extended community not supported;
*Aug 18 18:42:34.190: BGP(4): 5.5.5.5 rcvd UPDATE w/ attr: nexthop 5.5.5.5, origin ?, localpref 100, metric 0, originator 8.8.8.8, clusterlist 5.5.5.5 6.6.6.6, extended community RT:8:8
*Aug 18 18:42:34.190: BGP(4): 5.5.5.5 rcvd 8:8:193.168.80.1/32, label 39 -- DENIED due to:  extended community not supported;
*Aug 18 18:42:34.190: BGP(4): 5.5.5.5 rcvd UPDATE w/ attr: nexthop 5.5.5.5, origin i, localpref 100, metric 0, originator 3.3.3.3, clusterlist 5.5.5.5, extended community RT:3:3
*Aug 18 18:42:34.191: BGP(4): 5.5.5.5 rcvd 3:3:192.168.30.1/32, label 35 -- DENIED due to:  extended community not supported;
*Aug 18 18:42:34.191: BGP(4): 5.5.5.5 rcvd UPDATE w/ attr: nexthop 5.5.5.5, origin i, localpref 100, metric 0, originator 1.1.1.1, clusterlist 5.5.5.5, extended community RT:1:1
*Aug 18 18:42:34.191: BGP(4): 5.5.5.5 rcvd 1:1:192.168.10.1/32, label 16 -- DENIED due to:  extended community not supported;
*Aug 18 18:42:34.191: BGP: nbr_topo global 5.5.5.5 VPNv4 Unicast:base (0xF2205A8:1) rcvd Refresh End-of-RIB
R2#

From the above output, we can see that the RR has the prefixes from all the PE routers. Also from the debug bgp vpnv4 unicast updates output, we can see that the prefixes from R1 and R3 VRF interfaces are getting dropped at the PE router. That means additional overhead as this router is not importing either of the two route-targets.

Lets now see how Route-Target constraint behaves and what difference does it make.

Config on R1 & R3:
=============
router bgp 100
 address-family rtfilter unicast
  neighbor 5.5.5.5 activate
  neighbor 5.5.5.5 send-community extended
  neighbor 5.5.5.5 next-hop-self
 exit-address-family
!

Config on R5:
==========
router bgp 100
 address-family rtfilter unicast
  neighbor 1.1.1.1 activate
  neighbor 1.1.1.1 send-community extended
  neighbor 1.1.1.1 route-reflector-client
  neighbor 1.1.1.1 next-hop-self
  neighbor 1.1.1.1 default-originate
  neighbor 3.3.3.3 activate
  neighbor 3.3.3.3 send-community extended
  neighbor 3.3.3.3 route-reflector-client
  neighbor 3.3.3.3 next-hop-self
  neighbor 3.3.3.3 default-originate
 exit-address-family
!

So now we have created a new address-family : "rtfilter". This will force the BGP to filter the RT's being received from the PE. Lets now have a look at the outputs on the PE and the RR:

Debug Output on R1:
===============
R1#debug bgp vpnv4 unicast updates 
BGP updates debugging is on for address family: VPNv4 Unicast 
R1#cle ip bgp *
R1#
*Aug 17 10:41:13.358: %BGP-5-ADJCHANGE: neighbor 5.5.5.5 Down User reset
*Aug 17 10:41:13.358: %BGP_SESSION-5-ADJCHANGE: neighbor 5.5.5.5 RT Filter topology base removed from session  User reset
*Aug 17 10:41:13.358: %BGP_SESSION-5-ADJCHANGE: neighbor 5.5.5.5 VPNv4 Unicast topology base removed from session  User reset
*Aug 17 10:41:13.422: %BGP-5-ADJCHANGE: neighbor 5.5.5.5 Up 
*Aug 17 10:41:13.425: BGP: nbr_topo global 5.5.5.5 RT Filter:base (0xF218308:1) rcvd Refresh Start-of-RIB
*Aug 17 10:41:13.425: BGP: nbr_topo global 5.5.5.5 RT Filter:base (0xF218308:1) refresh_epoch is 2
*Aug 17 10:41:13.427: BGP(4): add not install RT filter 0:0:0:0 for 5.5.5.5
*Aug 17 10:41:13.427: BGP(4): Default RT filter installed for 5.5.5.5
*Aug 17 10:41:13.427: BGP(4): 0:0:0:0 Initiating a complete table walk for 5.5.5.5
*Aug 17 10:41:13.427: BGP(4): add not install RT filter 100:2:3:3 for 5.5.5.5
*Aug 17 10:41:13.427: BGP(4): 100:2:3:3 RT filter installed for 5.5.5.5
*Aug 17 10:41:13.427: BGP(4): add not install RT filter 100:2:1:1 for 5.5.5.5
*Aug 17 10:41:13.427: BGP(4): 100:2:1:1 RT filter installed for 5.5.5.5
*Aug 17 10:41:13.428: BGP: nbr_topo global 5.5.5.5 RT Filter:base (0xF218308:1) rcvd Refresh End-of-RIB
R1#
R1#
*Aug 17 10:42:20.992: BGP: topo R1_CE:VPNv4 Unicast:base Remove_fwdroute for 1:1:192.168.10.1/32
*Aug 17 10:42:20.992: BGP(4): add installed RT filter 0:0:0:0 for 5.5.5.5
*Aug 17 10:42:20.994: BGP(4): add installed RT filter 100:2:3:3 for 5.5.5.5
*Aug 17 10:42:20.995: BGP(4): 5.5.5.5 NEXT_HOP is set to self for net 1:1:192.168.10.1/32, 
*Aug 17 10:42:20.995: BGP(4): (base) 5.5.5.5 send UPDATE (format) 1:1:192.168.10.1/32, next 1.1.1.1, label 24, metric 0, path Local, extended community RT:1:1
*Aug 17 10:42:20.995: BGP(4): (base) 5.5.5.5 Peer based policy member(format) 1:1:192.168.10.1/32, next 1.1.1.1 result(permitted)
*Aug 17 10:42:21.006: BGP: 5.5.5.5 Local router is the Originator; Discard update
*Aug 17 10:42:21.006: BGP(4): 5.5.5.5 rcv UPDATE w/ attr: nexthop 5.5.5.5, origin i, localpref 100, metric 0, originator 1.1.1.1, clusterlist 5.5.5.5, merged path , AS_PATH , community , extended community RT:1:1, SSA attribute 
*Aug 17 10:42:21.006: BGPSSA ssacount is 0
*Aug 17 10:42:21.006: BGP(4): 5.5.5.5 rcv UPDATE about 1:1:192.168.10.1/32 -- DENIED due to: ORIGINATOR is us;, label 16
R1#

Debug output on R2:
===============
R2#debug bgp vpnv4 unicast updates 
BGP updates debugging is on for address family: VPNv4 Unicast 
R2#
R2#
R2#cle ip bgp *                    
R2#
*Aug 18 19:02:07.945: %BGP-5-ADJCHANGE: neighbor 5.5.5.5 Down User reset
*Aug 18 19:02:07.945: %BGP_SESSION-5-ADJCHANGE: neighbor 5.5.5.5 VPNv4 Unicast topology base removed from session  User reset
*Aug 18 19:02:08.722: %BGP-5-ADJCHANGE: neighbor 5.5.5.5 Up 
*Aug 18 19:02:08.726: BGP: nbr_topo global 5.5.5.5 VPNv4 Unicast:base (0xF2205A8:1) rcvd Refresh Start-of-RIB
*Aug 18 19:02:08.726: BGP: nbr_topo global 5.5.5.5 VPNv4 Unicast:base (0xF2205A8:1) refresh_epoch is 2
*Aug 18 19:02:08.729: BGP(4): 5.5.5.5 rcvd UPDATE w/ attr: nexthop 5.5.5.5, origin ?, localpref 100, metric 0, originator 7.7.7.7, clusterlist 5.5.5.5 6.6.6.6, extended community RT:7:7
*Aug 18 19:02:08.729: BGP(4): 5.5.5.5 rcvd 7:7:193.168.70.1/32, label 42 -- DENIED due to:  extended community not supported;
*Aug 18 19:02:08.729: BGP(4): 5.5.5.5 rcvd UPDATE w/ attr: nexthop 5.5.5.5, origin ?, localpref 100, metric 0, originator 8.8.8.8, clusterlist 5.5.5.5 6.6.6.6, extended community RT:8:8
*Aug 18 19:02:08.729: BGP(4): 5.5.5.5 rcvd 8:8:193.168.80.1/32, label 43 -- DENIED due to:  extended community not supported;
*Aug 18 19:02:08.729: BGP(4): 5.5.5.5 rcvd UPDATE w/ attr: nexthop 5.5.5.5, origin ?, localpref 100, metric 0, originator 4.4.4.4, clusterlist 5.5.5.5 6.6.6.6, extended community RT:4:4
*Aug 18 19:02:08.729: BGP(4): 5.5.5.5 rcvd 4:4:193.168.40.1/32, label 19 -- DENIED due to:  extended community not supported;
*Aug 18 19:02:08.729: BGP(4): 5.5.5.5 rcvd UPDATE w/ attr: nexthop 5.5.5.5, origin i, localpref 100, metric 0, originator 3.3.3.3, clusterlist 5.5.5.5, extended community RT:3:3
*Aug 18 19:02:08.730: BGP(4): 5.5.5.5 rcvd 3:3:192.168.30.1/32, label 44 -- DENIED due to:  extended community not supported;
*Aug 18 19:02:08.730: BGP(4): 5.5.5.5 rcvd UPDATE w/ attr: nexthop 5.5.5.5, origin i, localpref 100, metric 0, originator 1.1.1.1, clusterlist 5.5.5.5, extended community RT:1:1
*Aug 18 19:02:08.730: BGP(4): 5.5.5.5 rcvd 1:1:192.168.10.1/32, label 45 -- DENIED due to:  extended community not supported;
*Aug 18 19:02:08.730: BGP: nbr_topo global 5.5.5.5 VPNv4 Unicast:base (0xF2205A8:1) rcvd Refresh End-of-RIB
R2#
R2#
*Aug 18 19:03:16.310: BGP: topo R2_CE:VPNv4 Unicast:base Remove_fwdroute for 2:2:192.168.20.1/32
*Aug 18 19:03:16.311: BGP(4): 5.5.5.5 NEXT_HOP is set to self for net 2:2:192.168.20.1/32, 
*Aug 18 19:03:16.311: BGP(4): (base) 5.5.5.5 send UPDATE (format) 2:2:192.168.20.1/32, next 2.2.2.2, label 37, metric 0, path Local, extended community RT:2:2
*Aug 18 19:03:16.320: BGP: 5.5.5.5 Local router is the Originator; Discard update
*Aug 18 19:03:16.321: BGP(4): 5.5.5.5 rcv UPDATE w/ attr: nexthop 5.5.5.5, origin i, localpref 100, metric 0, originator 2.2.2.2, clusterlist 5.5.5.5, merged path , AS_PATH , community , extended community RT:2:2, SSA attribute 
*Aug 18 19:03:16.322: BGPSSA ssacount is 0
*Aug 18 19:03:16.322: BGP(4): 5.5.5.5 rcv UPDATE about 2:2:192.168.20.1/32 -- DENIED due to: ORIGINATOR is us;, label 46
*Aug 18 19:06:24.463: BGP(4): 5.5.5.5 rcv UPDATE about 3:3:192.168.30.1/32 -- withdrawn, label 524288
*Aug 18 19:07:34.412: BGP(4): 5.5.5.5 rcvd UPDATE w/ attr: nexthop 5.5.5.5, origin i, localpref 100, metric 0, originator 3.3.3.3, clusterlist 5.5.5.5, extended community RT:3:3
*Aug 18 19:07:34.412: BGP(4): 5.5.5.5 rcvd 3:3:192.168.30.1/32, label 39 -- DENIED due to:  extended community not supported;
*Aug 18 19:17:10.971: BGP(4): 5.5.5.5 rcv UPDATE about 1:1:192.168.10.1/32 -- withdrawn, label 524288
R2#
R2#

Debug output on R3:
===============
R3#debug bgp vpnv4 unicast updates 
BGP updates debugging is on for address family: VPNv4 Unicast 
R3#cle ip bgp *
R3#
*Aug 17 12:23:12.958: %BGP-5-ADJCHANGE: neighbor 5.5.5.5 Down User reset
*Aug 17 12:23:12.958: %BGP_SESSION-5-ADJCHANGE: neighbor 5.5.5.5 RT Filter topology base removed from session  User reset
*Aug 17 12:23:12.958: %BGP_SESSION-5-ADJCHANGE: neighbor 5.5.5.5 VPNv4 Unicast topology base removed from session  User reset
*Aug 17 12:23:13.535: %BGP-5-ADJCHANGE: neighbor 5.5.5.5 Up 
*Aug 17 12:23:13.538: BGP: nbr_topo global 5.5.5.5 RT Filter:base (0xEEC4560:1) rcvd Refresh Start-of-RIB
*Aug 17 12:23:13.538: BGP: nbr_topo global 5.5.5.5 RT Filter:base (0xEEC4560:1) refresh_epoch is 2
*Aug 17 12:23:13.541: BGP(4): add not install RT filter 0:0:0:0 for 5.5.5.5
*Aug 17 12:23:13.541: BGP(4): Default RT filter installed for 5.5.5.5
*Aug 17 12:23:13.541: BGP(4): 0:0:0:0 Initiating a complete table walk for 5.5.5.5
*Aug 17 12:23:13.541: BGP(4): add not install RT filter 100:2:1:1 for 5.5.5.5
*Aug 17 12:23:13.541: BGP(4): 100:2:1:1 RT filter installed for 5.5.5.5
*Aug 17 12:23:13.541: BGP: nbr_topo global 5.5.5.5 RT Filter:base (0xEEC4560:1) rcvd Refresh End-of-RIB
R3#

*Aug 17 12:24:20.080: BGP: topo R3_CE:VPNv4 Unicast:base Remove_fwdroute for 3:3:192.168.30.1/32
*Aug 17 12:24:20.081: BGP(4): add installed RT filter 0:0:0:0 for 5.5.5.5
*Aug 17 12:24:20.082: BGP(4): 5.5.5.5 NEXT_HOP is set to self for net 3:3:192.168.30.1/32, 
*Aug 17 12:24:20.082: BGP(4): (base) 5.5.5.5 send UPDATE (format) 3:3:192.168.30.1/32, next 3.3.3.3, label 22, metric 0, path Local, extended community RT:3:3
*Aug 17 12:24:20.084: BGP(4): (base) 5.5.5.5 Peer based policy member(format) 3:3:192.168.30.1/32, next 3.3.3.3 result(permitted)
*Aug 17 12:24:20.093: BGP(4): add not install RT filter 100:2:3:3 for 5.5.5.5
*Aug 17 12:24:20.093: BGP(4): 100:2:3:3 RT filter installed for 5.5.5.5
*Aug 17 12:24:20.094: BGP: 5.5.5.5 Local router is the Originator; Discard update
*Aug 17 12:24:20.094: BGP(4): 5.5.5.5 rcv UPDATE w/ attr: nexthop 5.5.5.5, origin i, localpref 100, metric 0, originator 3.3.3.3, clusterlist 5.5.5.5, merged path , AS_PATH , community , extended community RT:3:3, SSA attribute 
*Aug 17 12:24:20.094: BGPSSA ssacount is 0
*Aug 17 12:24:20.094: BGP(4): 5.5.5.5 rcv UPDATE about 3:3:192.168.30.1/32 -- DENIED due to: ORIGINATOR is us;, label 39
*Aug 17 12:24:20.095: BGP(4): 5.5.5.5 rcvd UPDATE w/ attr: nexthop 5.5.5.5, origin i, localpref 100, metric 0, originator 1.1.1.1, clusterlist 5.5.5.5, extended community RT:1:1
*Aug 17 12:24:20.095: BGP(4): 5.5.5.5 rcvd 1:1:192.168.10.1/32, label 45
*Aug 17 12:24:20.095:  Prefix doesnt carry Legacy RT community. Can't create RTC route  
*Aug 17 12:24:20.097: BGP(4): Revise route installing 1 of 1 routes for 192.168.10.1/32 -> 5.5.5.5(R3_CE) to R3_CE IP table
R3#

From the above logs, we can see that on R1 and R3, prefixes from the RT 2:2 is not even received. Thus no extra processing to be done. But on R2, the same processing has to be done by BGP for all the RT's being learnt from R1, R3 and others.

Please note that when the BGP peering establishes, the peers exchange the capability for rtfilter, which is 1/132 for both VPNV4 and VPNV6.

Hope this post was helpful. Please reach out to me in case you have any questions.

Cheers..!!!

Genie
www.codergenie.com 

Comments are closed