BGP Route Target Filtering for VPNs Overview

BGP route target filtering is enabled by configuring the family route-target statement at the appropriate BGP hierarchy level. This statement enables the exchange of a new route-target address family, which is stored in the bgp.rtarget.0 routing table.

The following configuration illustrates how you could configure BGP route target filtering for a BGP group titled to_vpn04:

[edit]

protocols {

    bgp {

        group to_vpn04 {

            type internal;

            local-address 10.255.14.182;

            peer-as 200;

            neighbor 10.255.14.174 {

            family inet-vpn {

                unicast;

            }

            family route-target;

        }

    }

}

The following configuration illustrates how you could configure a couple of local VPN routing and forwarding (VRF) routing instances to take advantage of the functionality provided by BGP route target filtering. Based on this configuration, BGP would automatically generate local routes corresponding to the route targets referenced in the VRF import policies (note the targets defined by the vrf-target statements).

[edit]

routing-instances {

    vpn1 {

        instance-type vrf;

        interface t1-0/1/2.0;

        vrf-target target:200:101;

        protocols {

            ospf {

                export bgp-routes;

                area 0.0.0.0 {

                    interface t1-0/1/2.0;

                }

            }

        }

    }

    vpn2 {

        instance-type vrf;

        interface t1-0/1/2.1;

        vrf-target target:200:102;

        protocols {

            ospf {

                export bgp-routes;

                area 0.0.0.0 {

                    interface t1-0/1/2.1;

                }

            }

        }

    }

}

Issue the show route table bgp.rtarget.0 show command to verify the BGP route target filtering configuration:

user@host> show route table bgp.rtarget.0

 bgp.rtarget.0: 4 destinations, 6 routes (4 active, 0 holddown, 0 hidden)

 + = Active Route, - = Last Active, * = Both

200:200:101/96

                    *[RTarget/5] 00:10:00

                       Local

200:200:102/96

                    *[RTarget/5] 00:10:00

                       Local

200:200:103/96

                    *[BGP/170] 00:09:48, localpref 100, from 10.255.14.174

                       AS path: I

                     > t3-0/0/0.0

200:200:104/96

                    *[BGP/170] 00:09:48, localpref 100, from 10.255.14.174

                       AS path: I

                     > t3-0/0/0.0

The show command display format for route target prefixes is:

AS number:route target extended community/length

The first number represents the autonomous system of the router that sent this advertisement. The remainder of the display follows the JUNOS show command convention for extended communities.

The output from the show route table bgp-rtarget.0 command displays the locally generated and remotely generated routes.

The first two entries correspond to the route targets configured for the two local VRF routing instances (vpn1 and vpn2):

• 200:200:101/96—Community 200:101 in the vpn1 routing instance
• 200:200:102/96—Community 200:102 in the vpn2 routing instance

The last two entries are prefixes received from a BGP peer:

• 200:200:103/96—Tells the local router that routes tagged with this community (200:103) should be advertised to peer 10.255.14.174 through t3-0/0/0.0
• 200:200:104/96—Tells the local router that routes tagged with this community (200:104) should be advertised to peer 10.255.14.174 through t3-0/0/0.0