BGP-RT and VPN Distinguisher Attribute Rewrite Wildcard

The BGP—RT and VPN Distinguisher Attribute Rewrite Wildcard feature introduces the ability to set a range of route target (RT) community attributes or VPN distinguisher community attributes when mapping them. A network administrator might want to map one or more RTs at an egress ASBR to different RTs at an ingress ASBR. The VPN Distinguisher Attribute feature allows an administrator to map RTs to a VPN distinguisher that is carried through an eBGP and then mapped to RTs at an ingress ASBR. The mapping is achieved by configuring a route map that sets an RT range or VPN distinguisher range of extended community attributes. Specifying a range rather than individual RTs saves time and simplifies the configuration. Furthermore, a VPN distinguisher range allows more than one VPN distinguisher attribute per route-map clause, thereby removing the restriction that applied prior to this feature.

Restrictions for BGP-RT and VPN Distinguisher Attribute Rewrite Wildcard

  • A range (specified in the set extcommunity rt command or the set extcommunity vpn-distinguisher command) can include a maximum of 450 extended communities.
  • The VPN distinguisher range is not relayed to an iBGP peer.

Information About BGP—RT and VPN Distinguisher Attribute Rewrite Wildcard

Benefits of RT and VPN Distinguisher Attribute Mapping Range

A network administrator might want to rewrite (or map) one or more route targets (RTs) at an egress ASBR to different RTs at an ingress ASBR. One use case would be to keep the RTs at the egress ASBR private from the ingress ASBR.

The rewrite is achieved by using inbound route maps, matching prefixes to route-map clauses that match inbound RTs, and mapping those RTs to different RTs recognized by the neighbor AS. Such a rewrite configuration could be complex on inbound route maps, with potentially hundreds of RTs that would need to be specified individually (configuring set extcommunity rt value1 value2 value3 ...). If the RTs being attached to the prefixes are consecutive, the configuration can be simplified by specifying a range of RTs. Thus, the benefits of the RT mapping range are saving time and simplifying the configuration.

Likewise, the mapping of RTs to a VPN distinguisher attribute (and vice versa) can also be simplified by specifying a range of RTs or VPN distinguishers. The BGP—VPN Distinguisher Attribute feature allows a network administrator to keep source RTs private from an ASBR in a destination AS. An RT at an egress ASBR is mapped to a VPN distinguisher, the VPN distinguisher is carried through the eBGP, and then it is mapped to an RT at the ingress ASBR.

The RT and VPN Distinguisher Attribute Mapping Range feature introduces the ability to specify a range of either route targets (RTs) or VPN distinguishers when mapping them.

Another benefit applies to setting a VPN distinguisher. Prior to this feature, only one set extcommunity vpn-distinguisher value was allowed per route-map clause. With the introduction of the mapping range, a range of VPN distinguishers can be set on a route.

How to Map RTs to RTs Using a Range

Replacing an RT with a Range of RTs

Perform this task on an egress ASBR to replace a route target (RT) with an RT range. Remember to replace the range of RTs with an RT on the ingress ASBR; that task is described in the “Replacing a Range of RTs with an RT” section.

SUMMARY STEPS

  1. enable
  2. configure terminal
  3. ip extcommunity-list expanded-list {permit | deny} rt value
  4. exit
  5. route-map map-tag {permit | deny} [sequence-number]
  6. match extcommunity extended-community-list-name
  7. set extcomm-list extcommunity-name delete
  8. set extcommunity rt range start-value end-value
  9. exit
  10. route-map map-tag {permit | deny} [sequence-number]
  11. exit
  12. router bgp as-number
  13. neighbor ip-address remote-as autonomous-system-number
  14. address-family vpnv4
  15. neighbor ip-address activate
  16. neighbor ip-address route-map map-tag out
  17. exit-address-family

DETAILED STEPS

  Command or Action Purpose

Step 1

enable

Example:


Device> enable

Enables privileged EXEC mode.

  • Enter your password if prompted.

Step 2

configure terminal

Example:


Device# configure terminal

Enters global configuration mode.

Step 3

ip extcommunity-list expanded-list {permit | deny} rt value

Example:


Device(config)# ip extcommunity-list 22 permit rt 101:100  

Configures an IP extended community list to configure Virtual Private Network (VPN) route filtering, such that routes with the specified RT are in the extended community list.

  • This example permits routes having RT 101:100 into the extended community list 22.

Step 4

exit

Example:


Device(config-extcomm-list)# exit 

Exits the configuration mode and enters the next higher configuration mode.

Step 5

route-map map-tag {permit | deny} [sequence-number]

Example:


Device(config)# route-map rt-mapping permit 10  

Configures a route map that permits or denies the routes allowed by the subsequent match command.

  • This example permits the routes allowed by the subsequent match command.

Step 6

match extcommunity extended-community-list-name

Example:


Device(config-route-map)# match extcommunity 22  

Matches on the specified community list.

  • For this example, routes that match the extended community list 22 (which was configured in Step 3) are subject to the subsequent set commands.

Step 7

set extcomm-list extcommunity-name delete

Example:


Device(config-route-map)# set extcomm-list 22 delete  

Deletes the RT from routes that are in the specified extended community list.

  • For this example, RTs are deleted from routes that are in extended community list 22.

Step 8

set extcommunity rt range start-value end-value

Example:


Device(config-route-map)# set extcommunity rt range 500:1 500:9 

For the routes that are permitted by the route map, sets the specified RT range of extended community attributes, inclusive.

  • For this example, routes that match extended community 22 have their RT extended community attribute values set to 500:1, 500:2, 500:3, 500:4, 500:5, 500:6, 500:7, 500:8, and 500:9.

Step 9

exit

Example:


Device(config-route-map)# exit 

Exits route-map configuration mode and enters global configuration mode.

Step 10

route-map map-tag {permit | deny} [sequence-number]

Example:


Device(config)# route-map rt-mapping permit 20  

(Optional) Configures a route map entry that permits routes.

  • This example configures a route map entry that permits other routes not subject to the RT-to-RT range mapping. If you do not perform this step, all other routes are subject to an implicit deny.

Step 11

exit

Example:


Device(config-route-map)# exit 

Exits route-map configuration mode and enters global configuration mode.

Step 12

router bgp as-number

Example:


Device(config)# router bgp 3000

Enters router configuration mode and creates a BGP routing process.

Step 13

neighbor ip-address remote-as autonomous-system-number

Example:


Device(config-router)# neighbor 192.168.103.1 remote-as 3000

Specifies that the neighbor belongs to the autonomous system.

Step 14

address-family vpnv4

Example:


Device(config-router)# address-family vpnv4

Enters address family configuration mode to configure BGP peers to accept address family-specific configurations.

Step 15

neighbor ip-address activate

Example:


Device(config-router-af)# neighbor 192.168.103.1 activate

Activates the specified neighbor.

Step 16

neighbor ip-address route-map map-tag out

Example:


Device(config-router-af)# neighbor 192.168.103.1 route-map rt-mapping out

Applies the specified outgoing route map to the specified neighbor.

Step 17

exit-address-family

Example:


Device(config-router-af)# exit-address-family 

Exits address family configuration mode and enters privileged EXEC mode.

Replacing a Range of RTs with an RT

Perform this task on an ingress ASBR to replace an RT range of attributes with an RT attribute. This task assumes you already configured the egress ASBR to replace the RT with an RT range; that task is described in the “Replacing an RT with a Range of RTs” section.

SUMMARY STEPS

  1. enable
  2. configure terminal
  3. ip extcommunity-list expanded-list {permit | deny} rt reg-exp
  4. exit
  5. route-map map-tag {permit | deny} [sequence-number]
  6. match extcommunity extended-community-list-name
  7. set extcomm-list extcommunity-name delete
  8. set extcommunity rt value additive
  9. exit
  10. route-map map-tag {permit | deny} [sequence-number]
  11. exit
  12. router bgp as-number
  13. neighbor ip-address remote-as autonomous-system-number
  14. address-family vpnv4
  15. neighbor ip-address activate
  16. neighbor ip-address route-map map-tag in
  17. exit-address-family

DETAILED STEPS

  Command or Action Purpose

Step 1

enable

Example:


Device> enable

Enables privileged EXEC mode.

  • Enter your password if prompted.

Step 2

configure terminal

Example:


Device# configure terminal

Enters global configuration mode.

Step 3

ip extcommunity-list expanded-list {permit | deny} rt reg-exp

Example:


Device(config)# ip extcommunity-list 128 permit rt 500:[1-9]  

Configures an IP extended community list to configure Virtual Private Network (VPN) route filtering, such that routes with the specified RT range are in the extended community list.

  • This example permits routes having RTs in the range 500:1 to 500:9 into the extended community list 128.

Step 4

exit

Example:


Device(config-extcomm-list)# exit 

Exits the configuration mode and enters the next higher configuration mode.

Step 5

route-map map-tag {permit | deny} [sequence-number]

Example:


Device(config)# route-map rtmap2 permit 10  

Configures a route map that permits or denies the routes allowed by the subsequent match command.

  • This example permits the routes allowed by the subsequent match command.

Step 6

match extcommunity extended-community-list-name

Example:


Device(config-route-map)# match extcommunity 128  

Matches on the specified community list.

  • In this example, routes that match the extended community list 128 (which was configured in Step 3) are subject to the subsequent set commands.

Step 7

set extcomm-list extcommunity-name delete

Example:


Device(config-route-map)# set extcomm-list 128 delete  

Deletes the RTs in the range from routes that are in the specified extended community list.

  • In this example, RTs in the range are deleted from routes that are in extended community list 128.

Step 8

set extcommunity rt value additive

Example:


Device(config-route-map)# set extcommunity rt 400:1 additive  

Sets the routes that are permitted by the route map with the specified RT.

  • In this example, routes that match extended community 128 have their RT set to 400:1. The additive keyword causes the RT to be added to the RT list without replacing any RTs.

Step 9

exit

Example:


Device(config-route-map)# exit 

Exits route-map configuration mode and enters global configuration mode.

Step 10

route-map map-tag {permit | deny} [sequence-number]

Example:


Device(config)# route-map rtmap2 permit 20  

(Optional) Configures a route map entry that permits routes.

  • This example configures a route map entry that permits other routes not subject to the RT-range-to-RT mapping. If you do not perform this step, all other routes are subject to an implicit deny.

Step 11

exit

Example:


Device(config-route-map)# exit 

Exits route-map configuration mode and enters global configuration mode.

Step 12

router bgp as-number

Example:


Device(config)# router bgp 4000

Enters router configuration mode and creates a BGP routing process.

Step 13

neighbor ip-address remote-as autonomous-system-number

Example:


Device(config-router)# neighbor 192.168.0.50 remote-as 4000

Specifies that the neighbor belongs to the autonomous system.

Step 14

address-family vpnv4

Example:


Device(config-router-af)# address-family vpnv4

Enters address family configuration mode to configure BGP peers to accept address-family-specific configurations.

Step 15

neighbor ip-address activate

Example:


Device(config-router-af)# neighbor 192.168.0.50 activate

Activates the specified neighbor.

Step 16

neighbor ip-address route-map map-tag in

Example:


Device(config-router-af)# neighbor 192.168.0.50 route-map rtmap2 in

Applies the specified incoming route map to the specified neighbor.

Step 17

exit-address-family

Example:


Device(config-router-af)# exit-address-family 

Exits address family configuration mode and enters privileged EXEC mode.

Configuration Examples for BGP—RT and VPN Distinguisher Attribute Rewrite Wildcard

Example: Replacing an RT with a Range of RTs

In the following example, on the egress ASBR, routes having RT 101:100 are in the extended community list 22. A route-map named rt-mapping matches on extended community list 22 and deletes the RT from routes in the community list. Routes that match the community list have their RT set to an RT in the range from 500:1 to 500:9. The route map is applied to the neighbor 192.168.103.1.

Egress ASBR


ip extcommunity-list 22 permit rt 101:100
!
route-map rt-mapping permit 10
 match extcommunity 22
 set extcomm-list 22 delete
 set extcommunity rt range 500:1 500:9
!
route-map rt-mapping permit 20
!
router bgp 3000
 neighbor 192.168.103.1 remote-as 3000
 address-family vpnv4
  neighbor 192.168.103.1 activate
  neighbor 192.168.103.1 route-map rt-mapping out
  exit-address-family
!
      

On the ingress ASBR, RTs in the range 500:1 to 500:9 belong to extended community list 128. A route map named rtmap2 maps those RTs to RT 400:1. The route map is applied to the neighbor 192.168.0.50.

Ingress ASBR


ip extcommunity-list 128 permit RT:500:[1-9]
!
route-map rtmap2 permit 10
 match extcommunity 128
 set extcomm-list 128 delete
 set extcommunity rt 400:1 additive
!
route-map rtmap2 permit 20
!
router bgp 4000
 neighbor 192.168.0.50 remote-as 4000
 address-family vpnv4
  neighbor 192.168.0.50 activate
  neighbor 192.168.0.50 route-map rtmap2 in
  exit-address-family
!

Example: Replacing an RT with a Range of VPN Distinguishers

In the following example, on the egress ASBR, routes having RT 201:100 are in the extended community list 22. A route-map named rt-mapping matches on extended community list 22 and deletes the RT from routes in the community list. Routes that match the community list have their VPN distinguishers set to VPN distinguishers in the range from 600:1 to 600:8. The route map is applied to the neighbor 192.168.103.1.

Egress ASBR


ip extcommunity-list 22 permit rt 201:100
!
route-map rt-mapping permit 10
 match extcommunity 22
 set extcomm-list 22 delete
 set extcommunity vpn-distinguisher range 600:1 600:8
!
route-map rt-mapping permit 20
!
router bgp 3000
 neighbor 192.168.103.1 remote-as 3000
 address-family vpnv4
  neighbor 192.168.103.1 activate
  neighbor 192.168.103.1 route-map rt-mapping out
  exit-address-family
!
      

On the ingress ASBR, VPN distinguishers in the range 600:1 to 600:8 belong to extended community list 101. A route map named rtmap2 maps those VPN distinguishers to RT range 700:1 700:10. The route map is applied to the neighbor 192.168.0.50. The additive option adds the new range to the existing value without replacing it.

Ingress ASBR


ip extcommunity-list 101 permit VD:600:[1-8]
!
route-map rtmap2 permit 10
 match extcommunity 101
 set extcomm-list 101 delete
 set extcommunity rt 700:1 700:10 additive
!
route-map rtmap2 permit 20
!
router bgp 4000
 neighbor 192.168.0.50 remote-as 4000
 address-family vpnv4
  neighbor 192.168.0.50 activate
  neighbor 192.168.0.50 route-map rtmap2 in
  exit-address-family
!

Additional References for BGP-RT and VPN Distinguisher Attribute Rewrite Wildcard

Related Documents

Related Topic

Document Title

Cisco IOS commands

Cisco IOS Master Commands List, All Releases

BGP commands

Cisco IOS IP Routing: BGP Command Reference

BGP—VPN Distinguisher Attribute

“BGP—VPN Distinguisher Attribute” module in the IP Routing: BGP Configuration Guide, Cisco IOS XE Release 3S

Technical Assistance

Description Link

The Cisco Support website provides extensive online resources, including documentation and tools for troubleshooting and resolving technical issues with Cisco products and technologies.

To receive security and technical information about your products, you can subscribe to various services, such as the Product Alert Tool (accessed from Field Notices), the Cisco Technical Services Newsletter, and Really Simple Syndication (RSS) Feeds.

Access to most tools on the Cisco Support website requires a Cisco.com user ID and password.

http://www.cisco.com/support

Feature Information for BGP—RT and VPN Distinguisher Attribute Rewrite Wildcard

The following table provides release information about the feature or features described in this module. This table lists only the software release that introduced support for a given feature in a given software release train. Unless noted otherwise, subsequent releases of that software release train also support that feature.

Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.
Table 1. Feature Information for BGP—RT and VPN Distinguisher Attribute Rewrite Wildcard

Feature Name

Releases

Feature Information

BGP—RT and VPN Distinguisher Attribute Rewrite Wildcard

The BGP—RT and VPN Distinguisher Attribute Rewrite Wildcard feature introduces the ability to set a range of route target (RT) community attributes or VPN distinguisher community attributes when mapping them. A network administrator might want to map one or more RTs at an egress ASBR to different RTs at an ingress ASBR. The VPN Distinguisher Attribute feature allows an administrator to map RTs to a VPN distinguisher that is carried through an eBGP and then mapped to RTs at an ingress ASBR. The mapping is achieved by configuring a route map that sets an RT range or VPN distinguisher range of extended community attributes. Specifying a range rather than individual RTs saves time and simplifies the configuration. Furthermore, a VPN distinguisher range allows more than one VPN distinguisher attribute per route-map clause, thereby removing the restriction that applied prior to this feature.

The following commands were modified:

  • set extcommunity rt

  • set extcommunity vpn-distinguisher