Configuring BGP Route Target Filtering for VPNs

BGP route target filtering is enabled through the exchange of the route-target address family, stored in the bgp.rtarget.0 routing table. Based on the route-target address family, the route target NLRI (address family indicator [AFI]=1, subsequent AFI [SAFI]=132) is negotiated with its peers.

On a system that has locally configured VRF instances, BGP automatically generates local routes corresponding to targets referenced in the vrf-import policies.

To configure BGP route target filtering, include the family route-target statement:

family route-target {

    advertise-default;

    external-paths number;

    prefix-limit number;

}

For a list of hierarchy levels at which you can configure the family route-target statement, see the statement summary section for this statement.

The advertise-default statement and the external-paths statement affect the BGP route target filtering configuration as follows:

• The advertise-default statement causes the router to advertise the default route target route (0:0:0/0) and suppress all routes that are more specific. This can be used by a route reflector on BGP groups consisting of neighbors that act as PE routers only. PE routers often need to advertise all routes to the route reflector.

Suppressing all route target advertisements other than the default route reduces the amount of information exchanged between the route reflector and the PE routers. The JUNOS software further helps to reduce route target advertisement overhead by not maintaining dependency information unless a nondefault route is received.

• The external-paths statement (which has a default value of 1) causes the router to advertise the VPN routes that reference a given route target. The number you specify determines the number of external peer routers (currently advertising that route target) that receive the VPN routes.
• The prefix-limit statement limits the number of prefixes that can be received from a peer router.

The route-target, advertise-default and external-path statements affect the RIB-OUT state and must be consistent between peer routers that share the same BGP group. The prefix-limit statement affects the receive side only and can have different settings between different peer routers in a BGP group.

For examples illustrating how to configure BGP route target filtering for VPNs, see VPN Examples.