[c-nsp] Extended Route Target Community Bug - Solved!
Mark Tinka
mark at tinka.africa
Sat Sep 23 11:18:23 EDT 2023
So I eventually figured this out... for the router to apply the extended
community on inbound routes, one has to configure the export RT in the
VRF itself.
Originally, I had used only import and export maps, without defining the
RT explicitly in the VRF.
Turns out that even if you use import and export maps for fine-grained
community management, you still need to define the RT in the VRF. That
sort of acts like a "first step" in telling the router what communities
to allow, and then the import/export maps are the "second step" in
further being granular about what communities are allowed into and out
of the VRF.
This documentation is nowhere in the wild that I could find, but hope it
helps someone else that runs into the issue.
This is different from how Junos does it, where import/export maps can
be used without having to explicitly define the RT in the VRF.
Mark.
On 9/21/23 14:27, Mark Tinka wrote:
> Hi all.
>
> I have a simple inbound route-map on a VPNv4 PE-CE BGP session that
> does the below:
>
> route-map TEST deny 10
> match rpki invalid
> !
> route-map TEST permit 20
> match ip address prefix-list test-in
> set metric 0
> set local-preference 120
> set extcommunity rt 65200:5
> !
> route-map TEST deny 65535
>
> The outcome of that policy works correctly for setting MED to 0 and
> LOCAL_PREF to 120.
>
> However, I can't get it to set the extended RT community value to
> 65200:5. Nothing happens.
>
> If I update that sequence with the below...
>
> route-map TEST permit 20
> match ip address prefix-list test-in
> set metric 0
> set local-preference 120
> set community 65200:5
> set extcommunity rt 65200:5
>
> ... the regular community value is applied to the route. Of course,
> this does not work for me since I need the extended RT community
> applied to the route for it work further down the core.
>
> Am I doing something wrong, or is this a bug?
>
> System is an ASR1002-X running IOS XE 17.03.04a.
>
> For completeness, doing this on Junos works flawlessly.
>
> All help appreciated. Thanks.
>
> Mark.
More information about the cisco-nsp
mailing list