[c-nsp] distribute-list prefix support in address-mode ipv4 vrfRED
Oliver Boehmer (oboehmer)
oboehmer at cisco.com
Fri Feb 18 11:36:35 EST 2005
>>
>> I don't think it's a bad idea, but folks generally don't filter as
>> extensively in VRFs contexts since all the neighbor (speak:
>> customer) is able to mess up is his/her own routing table.. other
>> customers/VRFs are not affected..
> You pretty much sum up whats going on, except in this case RIP is
> being used as the IGP for this customer VRF spread across some peices
of
> equipment.
>
> I was thinking more of the ability to specify a prefix-list to limit
> the number of /30 /32 route announcments you migh end up carrying in a
> customer vrf.
> Having to specify it per interface removes the ability to have an
> "umbrella" filter for the entire vrf rip instance with a specific
> interface filter.
Ack, but you could easily configure it at the point where you
redistribute RIP into MP-BGP.. so you would still accept the prefixes on
the PE, but you won't announce them to the rest of the PE's.
> My other question is whether this is supported in ospf or is-is.
IS-IS is not fully supported as PE-CE for 2547bis VPNs, OSPF doesn't
have it, but you might use the "distribute-list route-map" feature and
then reference a pfx-list within the route-map:
PE1(config)#router ospf 99 vrf red
PE1(config-router)#distribute-list ?
<1-199> IP access list number
<1300-2699> IP expanded access list number
WORD Access-list name
route-map Filter prefixes based on the route-map
PE1(config-router)#
Obviously OSPF route filtering is s/th different compared to distance
vector protocols..
oli
More information about the cisco-nsp
mailing list