- Cisco BGP Overview
- BGP 4
- Configuring a Basic BGP Network
- BGP 4 Soft Configuration
- BGP Support for 4-byte ASN
- IPv6 Routing: Multiprotocol BGP Extensions for IPv6
- IPv6 Routing: Multiprotocol BGP Link-Local Address Peering
- IPv6 Multicast Address Family Support for Multiprotocol BGP
- Configuring Multiprotocol BGP (MP-BGP) Support for CLNS
- Connecting to a Service Provider Using External BGP
- BGP Route-Map Continue
- BGP Route-Map Continue Support for Outbound Policy
- Removing Private AS Numbers from the AS Path in BGP
- Configuring BGP Neighbor Session Options
- BGP Neighbor Policy
- BGP Dynamic Neighbors
- BGP Support for Next-Hop Address Tracking
- BGP Restart Neighbor Session After Max-Prefix Limit Reached
- BGP Support for Dual AS Configuration for Network AS Migrations
- Configuring Internal BGP Features
- BGP VPLS Auto Discovery Support on Route Reflector
- BGP FlowSpec Route-reflector Support
- BGP Flow Specification Client
- BGP NSF Awareness
- BGP Graceful Restart per Neighbor
- BGP Support for BFD
- IPv6 NSF and Graceful Restart for MP-BGP IPv6 Address Family
- BGP Link Bandwidth
- iBGP Multipath Load Sharing
- BGP Multipath Load Sharing for Both eBGP and iBGP in an MPLS-VPN
- Loadsharing IP Packets over More Than Six Parallel Paths
- BGP Policy Accounting
- BGP Policy Accounting Output Interface Accounting
- BGP Cost Community
- BGP Support for IP Prefix Import from Global Table into a VRF Table
- BGP Support for IP Prefix Export from a VRF Table into the Global Table
- BGP per Neighbor SoO Configuration
- Per-VRF Assignment of BGP Router ID
- BGP Next Hop Unchanged
- BGP Support for the L2VPN Address Family
- BGP Event-Based VPN Import
- BGP Best External
- BGP PIC Edge for IP and MPLS-VPN
- Detecting and Mitigating a BGP Slow Peer
- Configuring BGP: RT Constrained Route Distribution
- Configuring a BGP Route Server
- BGP Diverse Path Using a Diverse-Path Route Reflector
- BGP Enhanced Route Refresh
- Configuring BGP Consistency Checker
- BGP—Origin AS Validation
- BGP MIB Support
- BGP 4 MIB Support for Per-Peer Received Routes
- BGP Support for Nonstop Routing (NSR) with Stateful Switchover (SSO)
- BGP NSR Auto Sense
- BGP NSR Support for iBGP Peers
- BGP Graceful Shutdown
- BGP — mVPN BGP sAFI 129 - IPv4
- BGP-MVPN SAFI 129 IPv6
- BFD—BGP Multihop Client Support, cBit (IPv4 and IPv6), and Strict Mode
- BGP Attribute Filter and Enhanced Attribute Error Handling
- BGP Additional Paths
- BGP-Multiple Cluster IDs
- BGP-VPN Distinguisher Attribute
- BGP-RT and VPN Distinguisher Attribute Rewrite Wildcard
- VPLS BGP Signaling
- Multicast VPN BGP Dampening
- BGP—IPv6 NSR
- BGP-VRF-Aware Conditional Advertisement
- BGP—Selective Route Download
- BGP—Support for iBGP Local-AS
- eiBGP Multipath for Non-VRF Interfaces (IPv4/IPv6)
- L3VPN iBGP PE-CE
- BGP NSR Support for MPLS VPNv4 and VPNv6 Inter-AS Option B
- BGP-RTC for Legacy PE
- BGP PBB EVPN Route Reflector Support
- BGP Monitoring Protocol
- VRF Aware BGP Translate-Update
- BGP Support for MTR
- BGP Accumulated IGP
- BGP MVPN Source-AS Extended Community Filtering
- BGP AS-Override Split-Horizon
- BGP Support for Multiple Sourced Paths Per Redistributed Route
- Finding Feature Information
- Prerequisites for BGP Support for IP Prefix Import from Global Table into a VRF Table
- Restrictions for BGP Support for IP Prefix Import from Global Table into a VRF Table
- Information About BGP Support for IP Prefix Import from Global Table into a VRF Table
- How to Import IP Prefixes from Global Table into a VRF Table
- Configuration Examples for BGP Support for IP Prefix Import from Global Table into a VRF Table
- Additional References for Internal BGP Features
- Feature Information for BGP Support for IP Prefix Import from Global Table into a VRF Table
BGP Support for IP Prefix Import from Global Table into a VRF Table
The BGP Support for IP Prefix Import from Global Table into a VRF Table feature introduces the capability to import IPv4 unicast prefixes from the global routing table into a Virtual Private Network (VPN) routing/forwarding (VRF) instance table using an import route map.
- Finding Feature Information
- Prerequisites for BGP Support for IP Prefix Import from Global Table into a VRF Table
- Restrictions for BGP Support for IP Prefix Import from Global Table into a VRF Table
- Information About BGP Support for IP Prefix Import from Global Table into a VRF Table
- How to Import IP Prefixes from Global Table into a VRF Table
- Configuration Examples for BGP Support for IP Prefix Import from Global Table into a VRF Table
- Additional References for Internal BGP Features
- Feature Information for BGP Support for IP Prefix Import from Global Table into a VRF Table
Finding Feature Information
Your software release may not support all the features documented in this module. For the latest caveats and feature information, see Bug Search Tool and the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the feature information table at the end of this module.
Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.
Prerequisites for BGP Support for IP Prefix Import from Global Table into a VRF Table
Border Gateway Protocol (BGP) peering sessions are established.
CEF or dCEF (for distributed platforms) is enabled on all participating routers.
Restrictions for BGP Support for IP Prefix Import from Global Table into a VRF Table
-
Only IPv4 unicast and multicast prefixes can be imported into a VRF with this feature.
-
A maximum of five VRF instances per router can be created to import IPv4 prefixes from the global routing table.
-
IPv4 prefixes imported into a VRF using this feature cannot be imported into a VPNv4 VRF.
-
The global prefixes should be in the BGP table, so that this feature can import them into the BGP VRF table.
-
IPv4 prefixes imported into a VRF using this feature cannot be imported into a second VPNv4 VRF.
Information About BGP Support for IP Prefix Import from Global Table into a VRF Table
Importing IPv4 Prefixes into a VRF
The BGP Support for IP Prefix Import from Global Table into a VRF Table feature introduces the capability to import IPv4 unicast prefixes from the global routing table into a Virtual Private Network (VPN) routing/forwarding instance (VRF) table using an import route map. This feature extends the functionality of VRF import-map configuration to allow IPv4 prefixes to be imported into a VRF based on a standard community. Both IPv4 unicast and multicast prefixes are supported. No Multiprotocol Label Switching (MPLS) or route target (import/export) configuration is required.
IP prefixes are defined as match criteria for the import map through standard Cisco filtering mechanisms. For example, an IP access-list, an IP prefix-list, or an IP as-path filter is created to define an IP prefix or IP prefix range, and then the prefix or prefixes are processed through a match clause in a route map. Prefixes that pass through the route map are imported into the specified VRF per the import map configuration.
Black Hole Routing
The BGP Support for IP Prefix Import from Global Table into a VRF Table feature can be configured to support Black Hole Routing (BHR). BHR is a method that allows the administrator to block undesirable traffic, such as traffic from illegal sources or traffic generated by a Denial of Service (DoS) attack, by dynamically routing the traffic to a dead interface or to a host designed to collect information for investigation, mitigating the impact of the attack on the network. Prefixes are looked up, and packets that come from unauthorized sources are blackholed by the ASIC at line rate.
Classifying Global Traffic
The BGP Support for IP Prefix Import from Global Table into a VRF Table feature can be used to classify global IP traffic based on physical location or class of service. Traffic is classified based on administration policy and then imported into different VRFs. On a college campus, for example, network traffic could be divided into an academic network and residence network traffic, a student network and faculty network, or a dedicated network for multicast traffic. After the traffic is divided along administration policy, routing decisions can be configured with the MPLS VPN--VRF Selection Using Policy Based Routing feature or the MPLS VPN--VRF Selection Based on Source IP Address feature.
Unicast Reverse Path Forwarding
Unicast Reverse Path Forwarding (Unicast RPF) can be optionally configured with the BGP Support for IP Prefix Import from Global Table into a VRF Table feature. Unicast RPF is used to verify that the source address is in the Forwarding Information Base (FIB). The ip verify unicast vrf command is configured in interface configuration mode and is enabled for each VRF. This command has permit and denykeywords that are used to determine if the traffic is forwarded or dropped after Unicast RPF verification.
How to Import IP Prefixes from Global Table into a VRF Table
Defining IPv4 IP Prefixes to Import
IPv4 unicast or multicast prefixes are defined as match criteria for the import route map using standard Cisco filtering mechanisms. This task uses an IP access-list and an IP prefix-list.
1.
enable
2.
configure
terminal
3.
access-list
access-list-number
{deny |
permit}
source [source-wildcard] [log]
4.
ip
prefix-list
prefix-list-name
[seq
seq-value] {deny
network/length |
permit
network/length} [ge
ge-value] [le
le-value]
DETAILED STEPS
Creating the VRF and the Import Route Map
The IP prefixes that are defined for import are then processed through a match clause in a route map. IP prefixes that pass through the route map are imported into the VRF. A maximum of 5 VRFs per router can be configured to import IPv4 prefixes from the global routing table. By default, a maximum of 1000 prefixes per VRF can be imported. You can change the limit to be from 1 to 2,147,483,647 prefixes for each VRF. We recommend that you use caution if you increase the prefix import limit above 1000. Configuring the router to import too many prefixes can interrupt normal router operation.
No MPLS or route target (import/export) configuration is required.
Import actions are triggered when a new routing update is received or when routes are withdrawn. During the initial BGP update period, the import action is postponed to allow BGP to convergence more quickly. Once BGP converges, incremental BGP updates are evaluated immediately and qualified prefixes are imported as they are received.
The following syslog message is introduced by the BGP Support for IP Prefix Import from Global Table into a VRF Table feature. It will be displayed when more prefixes are available for import than the user-defined limit:
00:00:33: %BGP-3-AFIMPORT_EXCEED: IPv4 Multicast prefixes imported to multicast vrf exceed the limit 2
You can either increase the prefix limit or fine-tune the import route map filter to reduce the number of candidate routes.
 Note |
1.
enable
2.
configure
terminal
3.
ip
vrf
vrf-name
4.
rd
route-distinguisher
5.
import
ipv4
{unicast |
multicast} [
prefix-limit]
map
route-map
6.
exit
7.
route-map
map-tag
[permit |
deny] [sequence-number]
8.
match
ip
address
{acl-number [acl-number |
acl-name] |
acl-name [acl-name |
acl-number] |
prefix-list
prefix-list-name [prefix-list-name]}
9.
end
DETAILED STEPS
Filtering on the Ingress Interface
The BGP Support for IP Prefix Import from Global Table into a VRF Table feature can be configured globally or on a per-interface basis. We recommend that you apply it to ingress interfaces to maximize performance.
1.
enable
2.
configure
terminal
3.
interface
type
number
[name-tag]
4.
ip
policy
route-map
map-tag
5.
ip
verify
unicast
vrf
vrf-name
{deny | permit}
6.
end
DETAILED STEPS
Verifying Global IP Prefix Import
Perform the steps in this task to display information about the VRFs that are configured with the BGP Support for IP Prefix Import from Global Table into a VRF Table feature and to verify that global IP prefixes are imported into the specified VRF table.
1.
enable
2.
show
ip
bgp
vpnv4
{all |
rd
route-distinguisher |
vrf
vrf-name}
3.
show
ip
vrf
[brief |
detail |
interfaces |
id] [vrf-name]
DETAILED STEPS
Configuration Examples for BGP Support for IP Prefix Import from Global Table into a VRF Table
Example: Importing IP Prefixes from Global Table into a VRF Table
The following example imports unicast prefixes into the VRF named green by using an IP prefix list and a route map:
This example starts in global configuration mode:
! ip prefix-list COLORADO seq 5 permit 10.131.64.0/19 ip prefix-list COLORADO seq 10 permit 172.31.2.0/30 ip prefix-list COLORADO seq 15 permit 172.31.1.1/32 ! ip vrf green rd 200:1 import ipv4 unicast map UNICAST route-target export 200:10 route-target import 200:10 ! exit ! route-map UNICAST permit 10 match ip address prefix-list COLORADO ! exit
Example: Verifying IP Prefix Import to a VRF Table
The show ip vrf command or the show ip bgp vpnv4 command can be used to verify that prefixes are imported from the global routing table to the VRF table.
The following sample output shows that the import route map named UNICAST is importing IPv4 unicast prefixes and the prefix import limit is 1000:
Device# show ip vrf detail
VRF green; default RD 200:1; default VPNID <not set>
Interfaces:
Se2/0
VRF Table ID = 1
Export VPN route-target communities
RT:200:10
Import VPN route-target communities
RT:200:10
Import route-map for ipv4 unicast: UNICAST (prefix limit: 1000)
No export route-map
VRF label distribution protocol: not configured
VRF label allocation mode: per-prefix
VRF red; default RD 200:2; default VPNID <not set>
Interfaces:
Se3/0
VRF Table ID = 2
Export VPN route-target communities
RT:200:20
Import VPN route-target communities
RT:200:20
No import route-map
No export route-map
VRF label distribution protocol: not configured
VRF label allocation mode: per-prefix
The following sample output displays the import route map names, the prefix import limit and the actual number of imported prefixes, and the individual import entries:
Device# show ip bgp vpnv4 all
BGP table version is 18, local router ID is 10.131.127.252
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 200:1 (default for vrf green)
Import Map: UNICAST, Address-Family: IPv4 Unicast, Pfx Count/Limit: 1/1000
*>i10.131.64.0/19 10.131.95.252 0 100 0 i
*> 172.16.1.1/32 172.16.2.1 0 32768 i
*> 172.16.2.0/30 0.0.0.0 0 32768 i
*>i172.31.1.1/32 10.131.95.252 0 100 0 i
*>i172.31.2.0/30 10.131.95.252 0 100 0 i
Route Distinguisher: 200:2 (default for vrf red)
*> 172.16.1.1/32 172.16.2.1 0 32768 i
*> 172.16.2.0/30 0.0.0.0 0 32768 i
*>i172.31.1.1/32 10.131.95.252 0 100 0 i
*>i172.31.2.0/30 10.131.95.252 0 100 0 i
Additional References for Internal BGP Features
Related Documents
|
Related Topic |
Document Title |
|---|---|
|
Cisco IOS commands |
|
|
BGP commands |
|
|
BGP overview |
“Cisco BGP Overview” module |
|
Basic BGP configuration tasks |
“Configuring a Basic BGP Network” module |
|
iBGP multipath load sharing |
“iBGP Multipath Load Sharing” module |
|
Connecting to a service provider |
“Connecting to a Service Provider Using External BGP” module |
|
Configuring features that apply to multiple IP routing protocols |
IP Routing: Protocol-Independent Configuration Guide |
RFCs
|
RFC |
Title |
|---|---|
|
RFC 1772 |
Application of the Border Gateway Protocol in the Internet |
|
RFC 1773 |
Experience with the BGP Protocol |
|
RFC 1774 |
BGP-4 Protocol Analysis |
|
RFC 1930 |
Guidelines for Creation, Selection, and Registration of an Autonomous System (AS) |
|
RFC 2519 |
A Framework for Inter-Domain Route Aggregation |
|
RFC 2858 |
Multiprotocol Extensions for BGP-4 |
|
RFC 2918 |
Route Refresh Capability for BGP-4 |
|
RFC 3392 |
Capabilities Advertisement with BGP-4 |
|
RFC 4271 |
A Border Gateway Protocol 4 (BGP-4) |
|
RFC 4893 |
BGP Support for Four-octet AS Number Space |
|
RFC 5396 |
Textual Representation of Autonomous system (AS) Numbers |
|
RFC 5398 |
Autonomous System (AS) Number Reservation for Documentation Use |
Technical Assistance
Description |
Link |
|---|---|
|
The Cisco Support and Documentation website provides online resources to download documentation, software, and tools. Use these resources to install and configure the software and to troubleshoot and resolve technical issues with Cisco products and technologies. Access to most tools on the Cisco Support and Documentation website requires a Cisco.com user ID and password. |
Feature Information for BGP Support for IP Prefix Import from Global Table into a VRF Table
The following table provides release information about the feature or features described in this module. This table lists only the software release that introduced support for a given feature in a given software release train. Unless noted otherwise, subsequent releases of that software release train also support that feature.
Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.|
Feature Name |
Releases |
Feature Information |
|---|---|---|
|
BGP Support for IP Prefix Import from Global Table into a VRF Table |
Cisco IOS XE Release 2.1 |
The BGP Support for IP Prefix Import from Global Table into a VRF Table feature introduces the capability to import IPv4 unicast prefixes from the global routing table into a Virtual Private Network (VPN) routing/forwarding (VRF) instance table using an import route map. This feature was introduced on the Cisco ASR 1000 Series Aggregation Services Routers. The following commands were introduced or modified by this feature: debug ip bgp import, import ipv4, ip verify unicast vrf. |
Feedback