Enable Outbound Route Filtering for VPNs

Outbound route filtering allows you to filter BGP route advertisements for a particular BGP peer or set of peers. Peers in the same BGP group can have different routing table entries by filtering so that only a select peer or set of peers receives the route advertisements. For VPNs, this allows you to configure the PE routers to accept only a subset of the total number of VPN routes based on the configured VRF route targets.

You can enable outbound route filtering for a VPN either with or without a route reflector:

• route reflector—The router acting as a route reflector receives all the VPN routes from its clients, but only sends to each VPN client the PE routes that have route targets that the PE router registered for using the extended community-based outbound route filtering.
• no route reflector—Each PE router accepts all extended community outbound route filters from its peer PE routers. It requests outbound route filtering from its peer PE routers based on the route targets it is interested in.

You can enable outbound route filtering for routing instances by including the outbound-route-filtering statement. For a list of hierarchy levels at which you can configure this statement, see the statement summary section for this statement.

outbound-route-filtering {

    extended-community {

        accept;

        no-accept;

        vrf-filter;

    }

}

To accept a peer's request for filtering on Network Layer Reachability Information (NLRI) route advertisements, include the accept option. To deny a peer's request for filtering on Network Layer Reachability Information (NLRI) route advertisements, include the no-accept option. To request filtering from a remote peer, include the vrf-filter option.