[c-nsp] distribute-list prefix support in address-mode ipv4 vrfRED

Oliver Boehmer (oboehmer) oboehmer at cisco.com
Fri Feb 18 11:36:35 EST 2005


>> 
>> I don't think it's a bad idea, but folks generally don't filter as
>> extensively in VRFs contexts since all the neighbor (speak:
>> customer) is able to mess up is his/her own routing table.. other
>> customers/VRFs are not affected.. 

> You pretty much sum up whats going on, except in this case RIP is
> being used as the IGP for this customer VRF spread across some peices
of
> equipment.
> 
> I was thinking more of the ability to specify a prefix-list to limit
> the number of /30 /32 route announcments you migh end up carrying in a
> customer vrf.
> Having to specify it per interface removes the ability to have an
> "umbrella" filter for the entire vrf rip instance with a specific
> interface filter.

Ack, but you could easily configure it at the point where you
redistribute RIP into MP-BGP.. so you would still accept the prefixes on
the PE, but you won't announce them to the rest of the PE's.

> My other question is whether this is supported in ospf or is-is.

IS-IS is not fully supported as PE-CE for 2547bis VPNs, OSPF doesn't
have it, but you might use the "distribute-list route-map" feature and
then reference a pfx-list within the route-map:

PE1(config)#router ospf 99 vrf red
PE1(config-router)#distribute-list ?
  <1-199>      IP access list number
  <1300-2699>  IP expanded access list number
  WORD         Access-list name
  route-map    Filter prefixes based on the route-map

PE1(config-router)#

Obviously OSPF route filtering is s/th different compared to distance
vector protocols..

	oli



More information about the cisco-nsp mailing list