[j-nsp] Filtering the export of VRF routes with iBGP export filters....

Keegan Holley keegan.holley at sungard.com
Wed Sep 1 07:20:42 EDT 2010


I guess your depends on how "transit" you are.


On Wed, Sep 1, 2010 at 7:03 AM, Krasimir Avramski <krasi at smartcom.bg> wrote:

> Well, a typical scenario is interpovider vpn(option B,C) where ASBR
> should advertise vpn nlri only from selected customer sites(vrfs) to
> external peers."Route Target Filtering"(rfc4684) is another option but
> although great automation/reduction achieved regarding route
> information flows, care should be taken when external peering is
> involved.
>
> Cheers,
> Krasi
>
> On Tue, Aug 31, 2010 at 8:56 PM, Keegan Holley
> <keegan.holley at sungard.com> wrote:
> > Have you tried any of the other suggestions?  I don't think I've ever had
> to
> > export a group of routes and then filter then anyway.  Just out of
> curiosity
> > where did this requirement come from?  Route reflection usually provides
> > enough reduction in the routing table size.
> >
> >
> > On Tue, Aug 31, 2010 at 10:44 AM, David Ball <davidtball at gmail.com>
> wrote:
> >>
> >> Thanks Krasimir.  I'd run across that knob previously, but my
> >> understanding
> >> is that the functionality provided by vpn-apply-export is enabled when a
> >> router is configured as a route-reflector, which mine are already.  Will
> >> give it a whirl anyways, though.
> >>
> >> David
> >>
> >>
> >> On 31 August 2010 04:25, Krasimir Avramski <krasi at smartcom.bg> wrote:
> >>
> >> > You probably missing " vpn-apply-export" stanza in your bgp cluster
> >> > group.
> >> >
> >> > HTH
> >> > Krasi
> >> >
> >> > On Mon, Aug 30, 2010 at 11:25 PM, David Ball <davidtball at gmail.com>
> >> > wrote:
> >> > >  Ts/MXs running 10.0.R3.10
> >> > >
> >> > > I don't have access to my actual configs, but think I can verbalize
> >> > > anyways.
> >> > >
> >> > >  Does anyone know if it's possible to filter a given VRF route prior
> >> > > to
> >> > > export to an iBGP peer?  Naturally, the route itself includes an RD
> >> > > and
> >> > RT,
> >> > > and I can't get my 'match' clauses to work.
> >> > >
> >> > >  I've been trying matching on things like community (ie. community
> >> > SOMENAME
> >> > > members target:###:###), on RIB (ie. rib bgp.l3vpn.0), and also
> using
> >> > > a
> >> > > route-filter (which I don't believe supports VRF routes), but with
> no
> >> > > success.  For interest's sake, I'm running in
> 'route-reflector-ready'
> >> > mode,
> >> > > in that routes are being exported from bgp.l[2|3]vpn.0 rather than
> >> > > from
> >> > the
> >> > > individual routing tables themselves, hence my trying to match on
> the
> >> > > bgp.l3vpn.0 RIB instead of an individual VRF's RIB.
> >> > >
> >> > >  I was sure I saw a workaround listed here, but can't find it in the
> >> > > archives for the life of me.
> >> > >
> >> > > David
> >> > > _______________________________________________
> >> > > juniper-nsp mailing list juniper-nsp at puck.nether.net
> >> > > https://puck.nether.net/mailman/listinfo/juniper-nsp
> >> > >
> >> >
> >> _______________________________________________
> >> juniper-nsp mailing list juniper-nsp at puck.nether.net
> >> https://puck.nether.net/mailman/listinfo/juniper-nsp
> >>
> >>
> >
> >
>
>
>


More information about the juniper-nsp mailing list