[c-nsp] Filtering prefixes in mpBGP

Pshem Kowalczyk pshem.k at gmail.com
Thu Oct 18 19:38:45 EDT 2007 

Hi All,

We have a 6503 working as a PE. One of the vrf will contain large
number of prefixes (the Internet table) that I would like to prevent
from spilling into the mpls cloud (all PEs that require full internet
table peer directly from the vrf with each other). All I want is a few
routes and a default. So this is what we set up:


ip vrf Internet
 description full Internet table
 rd 7xxx:110118
 import map IMPORT-INTO-INTERNET
 export map EXPORT-FROM-INTERNET
 route-target import 7xxx:110
 route-target import 7xxx:130
 route-target import 7xxx:111


router bgp 7xxx

 neighbor ROUTE-SERVER peer-group
 neighbor ROUTE-SERVER remote-as  7xxx
 neighbor ROUTE-SERVER update-source Loopback0
 neighbor 172.16.31.254 peer-group ROUTE-SERVER

{...}

 address-family vpnv4
 neighbor ROUTE-SERVER activate
 neighbor ROUTE-SERVER send-community both
 neighbor ROUTE-SERVER route-map ROUTE-SERVER-OUT out
 neighbor 172.16.31.254 peer-group ROUTE-SERVER
 exit-address-family

ip extcommunity-list 110 permit RT:7xxx:110
ip extcommunity-list 111 permit RT:7xxx:111
ip extcommunity-list 130 permit RT:7xxx:130

route-map EXPORT-FROM-INTERNET permit 10
 description default route
 match ip address prefix-list PREFIX-DEFAULT-ONLY
 set extcommunity rt  7xxx:110
!
route-map EXPORT-FROM-INTERNET permit 20
 description allow ospf loopback
 match ip address prefix-list PREFIX-VRF-INTERNET-LOOPBACK
 set extcommunity rt  7xxx:110
!
route-map EXPORT-FROM-INTERNET deny 30
 match ip address prefix-list ANY-ROUTE

route-map ROUTE-SERVER-OUT permit 10
 match extcommunity 110 111 130

route-map IMPORT-INTO-INTERNET permit 10
 description allow routes with the right rt
 match extcommunity 110
!
route-map IMPORT-INTO-INTERNET permit 20
 description allow summaries from Public
 match ip address prefix-list PUBLIC-PREFIXES
 match community ALL-INT-OUT
 match extcommunity 130
!
route-map IMPORT-INTO-INTERNET permit 30
 description allow all from Domestic
 match extcommunity 111


So in theory only two types of prefixes get marked on export from the
vrf (internet and the loopbacks) with the route-target, and then the
route-map towards the route server should filter all that doesn't have
the right route target.
But it looks like I missed something.

Any ideas what might be missing (the bgp session was reset)?

kind regards
Pshem

More information about the cisco-nsp mailing list