Route Reflector Scaling with Route Target Filtering

All Cisco 7206VXRs running c7200-jk9s-mz.124-14b, RR is running c7200-spservicesk9-mz.151-3.S6.

Route-maps can be used to add BGP communities to routes that are then passed on to a route reflector (do this on the PEs to save configuration on the RR and allow per VRF and/or per site communities for more granular tagging). The route reflector can then filter  oubound updates to others PEs based on community route-map filter so PE1 wouldn't want to know about Vrf SiteC (CE3-1) routes.

 

PE2 - In this example, PE1 only advertises vrf SiteB (CE-2-2) routes to the RR

ip vrf SiteB
 rd 123:200
 route-target export 123:200
 route-target import 123:200
!
interface FastEthernet1/1
 ip vrf forwarding SiteB
 ip address 10.62.0.6 255.255.255.0
!
router bgp 65000
 no bgp default ipv4-unicast
 bgp log-neighbor-changes
 neighbor 10.0.0.2 remote-as 65000
 neighbor 10.0.0.2 update-source Loopback0
 !
 address-family vpnv4
 neighbor 10.0.0.2 activate
 neighbor 10.0.0.2 send-community extended
 neighbor 10.0.0.2 route-map RM-CustB-Out out
 exit-address-family
 !
 address-family ipv4 vrf SiteB
 redistribute connected
 neighbor 10.62.0.2 remote-as 65200
 neighbor 10.62.0.2 activate
 neighbor 10.62.0.2 next-hop-self
 neighbor 10.62.0.2 default-originate
 neighbor 10.62.0.2 route-map RM-CustB-In in
 no synchronization
 exit-address-family
 !
!
ip bgp-community new-format
ip community-list 20 permit 65000:65200
!
route-map RM-CustB-Out permit 10
 match community 20
!
route-map RM-CustB-In permit 10
 set community 65000:65200
 !
!
!
RR#show bgp vpnv4 unicast all neighbors 10.0.0.6 routes
BGP table version is 30, local router ID is 10.0.0.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale, m multipath, b backup-path, x best-external, f RT-Filter, a additional-path
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
Route Distinguisher: 123:200
*>i10.14.1.1/32     10.0.0.6                 0    100      0 65200 i

Total number of prefixes 1

RR - "no bgp default ipv4-unicast" on RRs and clients means that MPLS VPN PEs don't have to carry all defaut table routes (which could be full Internet routing if the Internet is not in a VRF for example) - So we save on memory for PEs - Only carry VPN routes to scale up PEs and RR. The same route-map filtering applied on PE2 could be applied here for import/export too, otherwise its a basic RR config;

router bgp 65000
 bgp log-neighbor-changes
 no bgp default ipv4-unicast
 neighbor 10.0.0.1 remote-as 65000
 neighbor 10.0.0.1 update-source Loopback0
 neighbor 10.0.0.6 remote-as 65000
 neighbor 10.0.0.6 update-source Loopback0
 !
 address-family ipv4
 exit-address-family
 !
 address-family vpnv4
  neighbor 10.0.0.1 activate
  neighbor 10.0.0.1 send-community extended
  neighbor 10.0.0.1 route-reflector-client
  neighbor 10.0.0.6 activate
  neighbor 10.0.0.6 send-community extended
  neighbor 10.0.0.6 route-reflector-client
 exit-address-family

The RR coud also use the "rtfilter" BGP address-family (in addition to VPNv4 family) but this is from IOS 15.1 onwards (and IOS XE), for automatic RT filtering on VRF VPN Route Targets;

router bgp 65000
  address-family rtfilter unicast
  neighbor 10.0.0.1 activate
  neighbor 10.0.0.1 send-community extended
  neighbor 10.0.0.1 route-reflector-client
  neighbor 10.0.0.6 activate
  neighbor 10.0.0.6 send-community extended
  neighbor 10.0.0.6 route-reflector-client
!
! The same address-family must also be actived on the PEs obviously!

Previous page: IOS to IOS-XR eBGP MTU
Next page: 2960