[c-nsp] vpnv4 export map question
Pshem Kowalczyk
pshem.k at gmail.com
Fri Nov 18 17:58:35 EST 2011
Hi,
On 18 November 2011 22:05, Peter Rathlev <peter at rathlev.dk> wrote:
> On Fri, 2011-11-18 at 02:46 -0600, cisconsp at secureobscure.com wrote:
>> The intent of the configured export map is to ensure that it only sends the
>> default route to the route reflector, for import at downstream PE routers.
> ...
>> However the PE is actually advertising ALL of its routes in the VRF to the
>> VPNv4 RR’s, without a route target extended community value:
>>
>> RR#show ip bgp vpnv4 rd X.X.X.X:999 32.0.0.0
>> …
>> 7018 2686, (received & used)
>> 12.89.169.xx from 12.89.169.xx (12.122.124.xx)
>> Origin IGP, localpref 100, valid, external, best
>> mpls labels in/out 227/nolabel
>>
>> Is there some misconfiguration with the export map? Why is the 32.0.0.0/8
>> prefix being advertised to the RR? Why doesn’t the export map filter it out?
>
> I think that's how it's supposed to work.
>
> Every prefix is advertised, but the RTs decide where they are used. On
> the receiving PEs you would have a VRF with "route-target import
> 649X:999", and that would only match the default route. The others are
> sent in the VPNv4 MP-BGP session but not used by the other PE.
If you don't want those prefixes hitting any other PE or RR, depending
on your software and hardware you might be able to do the following:
1. Mark all unwanted prefixes with a special RT
2. Apply an outbound route-map on the vpnv4 session that matches that
special RT and denies all prefixes that have it.
We use that model in some situations (albeit in the other direction -
only known RTs are allowed).
kind regards
Pshem
More information about the cisco-nsp
mailing list