[j-nsp] Filtering the export of VRF routes with iBGP export filters....

Krasimir Avramski krasi at smartcom.bg
Wed Sep 1 07:03:57 EDT 2010


Well, a typical scenario is interpovider vpn(option B,C) where ASBR
should advertise vpn nlri only from selected customer sites(vrfs) to
external peers."Route Target Filtering"(rfc4684) is another option but
although great automation/reduction achieved regarding route
information flows, care should be taken when external peering is
involved.

Cheers,
Krasi

On Tue, Aug 31, 2010 at 8:56 PM, Keegan Holley
<keegan.holley at sungard.com> wrote:
> Have you tried any of the other suggestions?  I don't think I've ever had to
> export a group of routes and then filter then anyway.  Just out of curiosity
> where did this requirement come from?  Route reflection usually provides
> enough reduction in the routing table size.
>
>
> On Tue, Aug 31, 2010 at 10:44 AM, David Ball <davidtball at gmail.com> wrote:
>>
>> Thanks Krasimir.  I'd run across that knob previously, but my
>> understanding
>> is that the functionality provided by vpn-apply-export is enabled when a
>> router is configured as a route-reflector, which mine are already.  Will
>> give it a whirl anyways, though.
>>
>> David
>>
>>
>> On 31 August 2010 04:25, Krasimir Avramski <krasi at smartcom.bg> wrote:
>>
>> > You probably missing " vpn-apply-export" stanza in your bgp cluster
>> > group.
>> >
>> > HTH
>> > Krasi
>> >
>> > On Mon, Aug 30, 2010 at 11:25 PM, David Ball <davidtball at gmail.com>
>> > wrote:
>> > >  Ts/MXs running 10.0.R3.10
>> > >
>> > > I don't have access to my actual configs, but think I can verbalize
>> > > anyways.
>> > >
>> > >  Does anyone know if it's possible to filter a given VRF route prior
>> > > to
>> > > export to an iBGP peer?  Naturally, the route itself includes an RD
>> > > and
>> > RT,
>> > > and I can't get my 'match' clauses to work.
>> > >
>> > >  I've been trying matching on things like community (ie. community
>> > SOMENAME
>> > > members target:###:###), on RIB (ie. rib bgp.l3vpn.0), and also using
>> > > a
>> > > route-filter (which I don't believe supports VRF routes), but with no
>> > > success.  For interest's sake, I'm running in 'route-reflector-ready'
>> > mode,
>> > > in that routes are being exported from bgp.l[2|3]vpn.0 rather than
>> > > from
>> > the
>> > > individual routing tables themselves, hence my trying to match on the
>> > > bgp.l3vpn.0 RIB instead of an individual VRF's RIB.
>> > >
>> > >  I was sure I saw a workaround listed here, but can't find it in the
>> > > archives for the life of me.
>> > >
>> > > David
>> > > _______________________________________________
>> > > juniper-nsp mailing list juniper-nsp at puck.nether.net
>> > > https://puck.nether.net/mailman/listinfo/juniper-nsp
>> > >
>> >
>> _______________________________________________
>> juniper-nsp mailing list juniper-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>>
>>
>
>



More information about the juniper-nsp mailing list