Scribd Logo
Upload

Welcome to Scribd!

  • MPLS VPN VRF Export Map

    Uploaded by

    srinivas ma
    85 views16 pages

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PDF or read online from Scribd
    Flag for inappropriate content
    85 views16 pages

    MPLS VPN VRF Export Map

    Uploaded by

    srinivas ma

    Copyright:

    © All Rights Reserved
    Download as PDF or read online from Scribd
    Flag for inappropriate content
    of 16
    a a Search, Table of Contents Us Iodation © unez: LDP aba Dsrevton Protocol © nie 2: anus ven as pat Routing and Forwarding) MPLS WPM explores MeLS13 WON contigurtion MPLS VPN 26 alow AS Mesa wen Pec RP ne ute Route Lesking MPLS Wen Berane Ruts Lek MPLS WPM WRF Import Map Uns MPLS 2 Ereapuation 8 unrsinewris You arehere: Home » Wo MPLS VPN VRF Export Map fiviinio |= |When you use the route-target export command for 8 VRF, it adds the same route-arget to all PN routes. With an export map, you can use the power of a route-map to decide which VPN routes should get exported and what route-targets to use. Lets look at an example. Consider the following topology: AS 234 %9. % a e Gp i i oe es 4 i S| 192.168.12.0 /24 eae coiae {Gios1——cio/1- 192.168.45.0 /24 a ; 7 a: is g| Lo ae |= 4 24 IN 6 yy — ——— 41.14,11,11/32 55,55,55.55/32 Area 0 Area 0. We have a simole MPLS VPN PE CE topology witha single customer that has two sites. Each site has a router wth two loopback interfaces, Take ‘look at the VRF configuration of PE1 and PE2: Peutshow running-config | begin ip vr ip ver custower reas route-target export 1:1 route-target import 2:2 Peztshow running-config | begin ip vr ip veF CUSTOMER react route-target export 2:2 route-target import 1:1 \VPN routes on PE! are exported with RT 1:1 and PE2 exports its VPN routes with RT 2:2 With the route-target export command, all VPN routes are exported. There is no way to fiter anything, This means that CE1 and CE2 will earn about each other's routes that they advertise: Cextshow ip route ospf 5.0.0.0/32 is sumnetted, 2 subnets OIA 5.5.5.5 (10/3) via 192.168.12.2, 00:09:03, Gigabitetherneto/1 55.0.8.0/32 1s subnetted, 1 subnets OIA $5.95,55.55 [28/3] via 192.268.22.2, 08:08:02, Gigabitethemneto/1 OIA 192,168.45.0/24 (10/2) via 192.168.12.2, 0:09:03, Gigabitetherneto/1 Cceztshow ip route ospf 1.0.0.0/32 is suonetted, 1 subnets OTA 1.1.4.1 [10/3] via 192,168.45.4, 88:09:31, Gigabitetherneto/1 11.0.8.0/32 is subnetted, 1 subnets OIA 24-41.22.22 [210/3) via 192.168.45.4, 00:00:45, Gigabitethernete/1 (0A 192,168.12.0/24 [120/2) via 192,168.45.4, 90:09:31, Gigabitetherneto/1 We can see the RT that was added, For example, here's PEI show ip bgp vpavé all 1.1.1.1/32 | include Extended Extended Community: RT:4:1 OSPF DOMAIN 1D:exe805:exee0000020200 PEL#Show Jp bgp vpnv4 all 11.11.11.11/32 | include Extended Extended Community: RT:1:1 OSPF DOMAIN 1D:ex9@5:exee9000020200 Pettshow 4p bgp vpnva all 192.168.12.0/24 | include Extended Extended Conmunity: RT:1:1 OSPF DOMAIN 1D:exe8@5:exee0e09020200 ‘What if Iwanttofiter some ofthese VPN routes? Or use a diferent routearget for some of them? That's what we have export maps for. Configuration | will use the topology fram above to demonstrate the export map. Ifyou want to follow along, you can use my configurations: Configurations Want o take a look for yourself? Here you wl find the configuration ofeach device, cet nostnane CE 1 ip cer interface Loopback® 4p address 2.4.2.1 255.255.285.255 interface Loopback ip address 11.12.11.21 255.255.255.255 interface Gigabitethernete/t 4p address 192.168.12.1 255.255.255.0 1 router ospf 2 network 4.1.1.1 @,0.0.0 area @ network 11.11.11.11 8.0.0.0 area @ network 192.168.12.0 0.0.8.255 area @ 1 end ce2 hostname CE2 1 ip cof 1 interface Loopback® dp address 5.5.5.5 255.255.255.255 1 interface Loopback ip address 55.55.55.55 255.255.255.255 1 interface Gigabitetnerneto/t Ap address 192,168.45.5 255.255.255.8 router ospf 2 network 5.5.5.5 0.0.8.0 area @ network 55.55.55.55 8.0.0.8 area @ network 192.168.45.0 @.0.0.255 area @ end nostnane P 1 ip cer interface Loopback® 4p address 3.3.3.3 255.255.285.255 interface Gigabitethernete/t 4p address 192.168.23.3 255.255.285.0 pls ip interface Gigabitetnernet@/2 Ap address 192,168,34.3 255.255.255.8 pls ip ' router ospf 2 network 3.3.3.3 0.0.8.0 area @ network 192.168.23.0 0.0.0.255 area @ network 192.168.34,0 0.0.9.255 area @ 1 end PEI nostnane PEL 1 ip vee custower roan route-target export 1:1 route-target import 2:2 ip cet interface Loopback® Ap address 2.2.2.2 255.255.255.255 1 interface Gigabitethernet@/1 ip ve Forwarding CUSTOHER ip address 192.168.12.2 255.255.255.0 1 interface Gigabitethernet@/2 4p address 192.168.23.2 255.255.255.0 1 router ospf 2 wre cusTonen redistribute bgp 234 subnets network 192.168.12.0 0.0,8.255 area @ 1 router ospf 2 nnpls dp autocontig network 2.2.2.2 @,0.8.0 area @ network 192.168.23.0 0.0.0.255 area @ router bgp 236 bgp log-neighbor-changes neighbor 4.4.4.4 renote-as 234 neighbor 4.4.4.4 update-source Loopback® address-fantly ipvs no neighbor 4.4.4.4 activate exit-address-fanily adéress-fanily vpnva neighbor 4.4.4.4 activate neighbor 4.4.4.4 send-community extended exit-address-fanily 1 adéress-fanily ipvé vrF CUSTOMER redistribute ospf 2 exit-address-fonily 1 end PE2 nostnane PE2 1 ip vee customer roan route-target export 2:2 route-target import 1:1 ip cet interface Loopback® ip address 4.4.4.4 255.255.255.255 1 interface Gigabitethernet@/1 4p ve Forwarding CUSTOHER 4p address 192.168.45.4 255.255.255.0 1 interface Gigabitetherset@/2 4p address 192.168.34.4 255.255.255.0 1 router ospf 2 wre cusTonen redistribute bgp 234 subnets network 192.168.45.0 .0.8.255 area @ 1 router ospf 1 pls dp autoconfig network 4.4.4.4 @,0.8.0 area @ network 192.168.24,0 0.0.0.255 area @ router bgp 236 bgp og-neighbor-changes neighbor 2.2.2.2 remote-a5 234 neighbor 2.2.2.2 update-source Loopback® address-fantly ipvs no neighbor 2.2.2.2 activate exit-address-fanily adéress-fanily vpnva neighbor 2.2.2.2 activate neighbor 2.2.2.2 send-community extended exit-address-fanily 1 adéress-fanily ipvs vrF CUSTOMER redistribute ospf 2 exit-address-fonily 1 end Empty Export Map Lets start with a simple example. | will create a new route-map that permits everything and sets the route-arget to 3:3: PEA(config)troute-map EXPORT_MAP permit 10 PEa(config-route-nap)#set extconmunity rt 3:3 ‘You activate it under the VRF configuration with the export map command: PEL(config)#ip veF CUSTOMER PEL(confg-vr#) export map EXPORT _MAP Lets look at the result PEtttshow 4p bgp vpnvé all 1.1.1.1/32 | include Extended Extended Community: RT:3:3 OSPF DOWAIN TD:ex8005:ex000800020200 PeLeshow 4p bgp vpnv4 all 21.12.11.11/32 | include Extended Extended Community: RT:3:3 OSPF DOWAIN 1D:ex099s:exe09e0¢020200 PeLttshow 4p bgp vpnvé all 192.168.12.0/24 | include Extended DOMAIN T0:ex0085:exa00000020200 Extended Community: RT:3:3 05?! ‘As you can see abave, it overites the RT that set with the route-target export command. Allroutes now have an RT of 3:3. Export Map with Prefix-list The output we just saw might not be what we are looking for Let's try something else, What if we only want to set the RT to 3:3 forthe 1.1.1.1032 pref from CEN? We can do this with an access-list or prefelist. ll use a prefixcls: Pea(config)¥ip prefix-List CELLO permit 2.2. 1/32 PEA(config)sroute-nap EXPORT_MAP permit 10 PEL(config-route-nap)imatch ip address prefix-List CE1_te Here's what the VPN routes now look Ike on PEI PEL#show 4p bgp vpnvé all 1.1.1.1/32 | include Extended Extended Community: RT:3:3 OSPF DOMAIN 1Dexe9es :exe00e08020200 Pentishow 4p bgp vpnvé all 11.12.11.11/32 | include extended Extended Community: AT:1:1 OSPF DOMAIN TD:ex8005:ex900800020200 Peitshow 4p bgp vpnvé all 192.168.12.0/26 | include extended Extended Community: RT:1:1 OSPF DOMAIN 1D:exe9e5 :exeoaeaeeze2¢0 This is looking better. 1.1.1.1/32 has the RT of 3:3 and all other VPN routes stl have RT 1:1 that was set withthe route-arget expert command Because of the new RT, CE2 no longer has 1.1.1.1/32: e2tshow ip route 1.2.2.2 % Network tn table lf we want CE2 to have this route, well have to import the new RT on PE2: PE2(config)#ip veF CUSTOMER PE2(config-vré)aroute-target import Now its back e2tshow dp route 1. Routing entry for 1.1.1.1/32 eet Knoun via "ospf 1", distance 118, metric 3, type inter area Last update fron 192,168.45.4 on Gigabitethernet@/1, 08:80:21 ago Routing Descriptor Blocks + 192.168.45.4, from 192.268.45.4, 08:00:21 ago, via Gigabitethennet@/1 Route metric is 3, traffic share count is 1 Export Map Additive Inthe previous two examples, he export map has overwritten aur RT. I's also possible to add an additional RT. You only have to add the addltive parameter in your route-map PEL(config)sroute-map EXPORT_MAP permit 10 Pea(config-route-map)wset extcomunity rt 3:3 additive “The VPN route naw has two RTS: Pettshow dp bgp vpnvé all 1.1.1.1/32 | include Extended Extended Community: RT:4:1 RT:3:3 OSPF OOMAIN 1D:exd005:

    You might also like