Technical Documentation

BGP Route Target Filtering for VPNs

BGP route target filtering reduces the number of routers that receive VPN routes and route updates, helping to limit the amount of overhead associated with running a VPN. BGP route target filtering is most effective at reducing VPN-related administrative traffic in networks where there are many route reflectors or AS border routers that do not participate in the VPNs directly (do not act as PE routers for the CE devices).

Figure 1 illustrates the topology for a network configured with BGP route target filtering for a group of VPNs.

Figure 1: BGP Route Target Filtering Enabled for a Group of VPNs

Image g017171.gif

The following sections describe how to configure BGP route target filtering for a group of VPNs:

Configure BGP Route Target Filtering on Router PE1

This section describes how to enable BGP route target filtering on Router PE1 for this example.

Configure the routing options on router PE1 as follows:

[edit]routing-options {route-distinguisher-id 10.255.14.182;autonomous-system 200;}

Configure the BGP protocol on Router PE1 as follows:

[edit]protocols {bgp {group to_VPN_D {type internal;local-address 10.255.14.182;peer-as 200;neighbor 10.255.14.174 {family inet-vpn {unicast;}family route-target;}}}}

Configure the vpn1 routing instance as follows:

[edit]routing-instances {vpn1 {instance-type vrf;interface t1-0/1/2.0;vrf-target target:200:101;protocols {ospf {export bgp-routes;area 0.0.0.0 {interface t1-0/1/2.0;}}}}}

Configure the vpn2 routing instance on Router PE1 as follows:

[edit]routing-instances {vpn2 {instance-type vrf;interface t1-0/1/2.1;vrf-target target:200:102;protocols {ospf {export bgp-routes;area 0.0.0.0 {interface t1-0/1/2.1;}}}}}

Once you have implemented this configuration, you should see the following when you issue a show route table bgp.rtarget.0 command:


user@host> show route table bgp.rtarget.0
 bgp.rtarget.0: 4 destinations, 6 routes (4 active, 0 holddown, 0 hidden)
 + = Active Route, - = Last Active, * = Both
 
 200:200:101/96                
                    *[RTarget/5] 00:27:42
                       Local
                     [BGP/170] 00:27:30, localpref 100, from
 10.255.14.174
                       AS path: I
                     > via t3-0/0/0.0
 200:200:102/96                
                    *[RTarget/5] 00:27:42
                       Local
                     [BGP/170] 00:27:30, localpref 100, from
 10.255.14.174
                       AS path: I
                     > via t3-0/0/0.0
 200:200:103/96                
                    *[BGP/170] 00:27:30, localpref 100, from
 10.255.14.174
                       AS path: I
                     > via t3-0/0/0.0
 200:200:104/96                
                    *[BGP/170] 00:27:30, localpref 100, from
 10.255.14.174
                       AS path: I
                     > via t3-0/0/0.0

Configure BGP Route Target Filtering on Router PE2

This section describes how to enable BGP route target filtering on Router PE2 for this example.

Configure the routing options on Router PE2 as follows:

[edit]routing-options {route-distinguisher-id 10.255.14.176;autonomous-system 200;}

Configure the BGP protocol on Router PE2 as follows:

[edit]protocols {bgp {group to_vpn04 {type internal;local-address 10.255.14.176;peer-as 200;neighbor 10.255.14.174 {family inet-vpn {unicast;}family route-target;}}}}

Configure the vpn1 routing instance on Router PE2 as follows:

[edit]routing-instances {vpn1 {instance-type vrf;interface t3-0/0/0.0;vrf-target target:200:101;protocols {bgp {group vpn1 {type external;peer-as 101;as-override;neighbor 10.49.11.2;}}}}}

Configure the vpn2 routing instance on Router PE2 as follows:

[edit]routing-instances {vpn2 {instance-type vrf;interface t3-0/0/0.1;vrf-target target:200:102;protocols {bgp {group vpn2 {type external;peer-as 102;as-override;neighbor 10.49.21.2;}}}}}

Configure the vpn3 routing instance on Router PE2 as follows:

[edit]routing-instances {vpn3 {instance-type vrf;interface t3-0/0/0.2;vrf-import vpn3-import;vrf-export vpn3-export;protocols {bgp {group vpn3 {type external;peer-as 103;as-override;neighbor 10.49.31.2;}}}}}

Once you have configured router PE2 in this manner, you should see the following when you issue the show route table bgp.rtarget.0 command:


user@host> show route table bgp.rtarget.0
 bgp.rtarget.0: 4 destinations, 7 routes (4 active, 0 holddown, 0 hidden)
 + = Active Route, - = Last Active, * = Both
 
 200:200:101/96                
                    *[RTarget/5] 00:28:15
                       Local
                     [BGP/170] 00:28:03, localpref 100, from
 10.255.14.174
                       AS path: I
                     > via t1-0/1/0.0
 200:200:102/96                
                    *[RTarget/5] 00:28:15
                       Local
                     [BGP/170] 00:28:03, localpref 100, from
 10.255.14.174
                       AS path: I
                     > via t1-0/1/0.0
 200:200:103/96                
                    *[RTarget/5] 00:28:15
                       Local
                     [BGP/170] 00:28:03, localpref 100, from
 10.255.14.174
                       AS path: I
                     > via t1-0/1/0.0
 200:200:104/96                
                    *[BGP/170] 00:28:03, localpref 100, from
 10.255.14.174
                       AS path: I
                     > via t1-0/1/0.0

Configure BGP Route Target Filtering on the Route Reflector

This section illustrates how to enable BGP route target filtering on the route reflector for this example.

Configure the routing options on the route reflector as follows:

[edit]routing-options {route-distinguisher-id 10.255.14.174;autonomous-system 200;}

Configure the BGP protocol on the route reflector as follows:

[edit]protocols {bgp {group rr-group {type internal;local-address 10.255.14.174;cluster 10.255.14.174;peer-as 200;neighbor 10.255.14.182 {description to_PE1_vpn12;family inet-vpn {unicast;}family route-target;}neighbor 10.255.14.176 {description to_PE2_vpn06;family inet-vpn {unicast;}family route-target;}neighbor 10.255.14.178 {description to_PE3_vpn08;family inet-vpn {unicast;}family route-target;}}}}

Once you have configured the route reflector in this manner, you should see the following when you issue the show route table bgp.rtarget.0 command:


user@host> show route table bgp.rtarget.0
 bgp.rtarget.0: 4 destinations, 8 routes (4 active, 0 holddown, 0 hidden)
 + = Active Route, - = Last Active, * = Both
 
 200:200:101/96                
                    *[BGP/170] 00:29:03, localpref 100, from
 10.255.14.176
                       AS path: I
                     > via t1-0/2/0.0
                     [BGP/170] 00:29:03, localpref 100, from
 10.255.14.178
                       AS path: I
                     > via t3-0/1/1.0
                     [BGP/170] 00:29:03, localpref 100, from
 10.255.14.182
                       AS path: I
                     > via t3-0/1/3.0
 200:200:102/96                
                    *[BGP/170] 00:29:03, localpref 100, from
 10.255.14.176
                       AS path: I
                     > via t1-0/2/0.0
                     [BGP/170] 00:29:03, localpref 100, from
 10.255.14.182
                       AS path: I
                     > via t3-0/1/3.0
 200:200:103/96                
                    *[BGP/170] 00:29:03, localpref 100, from
 10.255.14.176
                       AS path: I
                     > via t1-0/2/0.0
                     [BGP/170] 00:29:03, localpref 100, from
 10.255.14.178
                       AS path: I
                     > via t3-0/1/1.0
 200:200:104/96                
                    *[BGP/170] 00:29:03, localpref 100, from
 10.255.14.178
                       AS path: I
                     > via t3-0/1/1.0

Configure BGP Route Target Filtering on Router PE3

The following section describes how to enable BGP route target filtering on Router PE3 for this example.

Configure the routing options on Router PE3 as follows:

[edit]routing-options {route-distinguisher-id 10.255.14.178;autonomous-system 200;}

Configure the BGP protocol on Router PE3 as follows:

[edit]protocols {bgp {group to_vpn04 {type internal;local-address 10.255.14.178;peer-as 200;neighbor 10.255.14.174 {family inet-vpn {unicast;}family route-target;}}}}

Configure the vpn1 routing instance on Router PE3 as follows:

[edit]routing-instances {vpn1 {instance-type vrf;interface t3-0/0/0.0;vrf-target target:200:101;protocols {rip {group vpn1 {export bgp-routes;neighbor t3-0/0/0.0;}}}}}

Configure the vpn3 routing instance on Router PE3 as follows:

[edit]routing-instances {vpn3 {instance-type vrf;interface t3-0/0/0.1;vrf-target target:200:103;protocols {rip {group vpn3 {export bgp-routes;neighbor t3-0/0/0.1;}}}}}

Configure the vpn4 routing instance on Router PE3 as follows:

[edit]routing-instances {vpn4 {instance-type vrf;interface t3-0/0/0.2;vrf-target target:200:104;protocols {rip {group vpn4 {export bgp-routes;neighbor t3-0/0/0.2;}}}}}

Once you have configured Router PE3 in this manner, you should see the following when you issue the show route table bgp.rtarget.0 command:


user@host> show route table bgp.rtarget.0
bgp.rtarget.0: 4 destinations, 7 routes (4 active, 0 holddown, 0 hidden)
 + = Active Route, - = Last Active, * = Both
 
 200:200:101/96                
                    *[RTarget/5] 00:29:42
                       Local
                     [BGP/170] 00:29:30, localpref 100, from
 10.255.14.174
                       AS path: I
                     > via t3-0/0/1.0
 200:200:102/96                
                    *[BGP/170] 00:29:29, localpref 100, from
 10.255.14.174
                       AS path: I
                     > via t3-0/0/1.0
 200:200:103/96                
                    *[RTarget/5] 00:29:42
                       Local
                     [BGP/170] 00:29:30, localpref 100, from
 10.255.14.174
                       AS path: I
                     > via t3-0/0/1.0
 200:200:104/96                
                    *[RTarget/5] 00:29:42
                       Local
                     [BGP/170] 00:29:30, localpref 100, from
 10.255.14.174
                       AS path: I
                     > via t3-0/0/1.0

Published: 2010-04-27