Need help understanding Route Targets and Route Distinguishers
adassus
Member Posts: 13 ■□□□□□□□□□
Hello all,
Up until recently, I was very confused about RT and RD. I'd like to validate my understanding of the concepts.
RD, their only purpose is to make the routes (contained in a VRF) unique within the network. As far as I understand it, you could define a different RD for all the VRFs in your network.
Let's say you have 2 PE routers connected through MP-iBPG:
RouterA has 2 vrfs defined:
ip vrf COKE
rd 1:100
!
ip vrf PEPSI
rd 1:110
RouterB has 2 vrfs defined:
ip vrf SEVENUP
rd 2:100
!
ip vrf SPRITE
rd 2:110
Now, if you wanted to make COKE and SEVENUP part of the same VPN (by exchanging routes), you could change the RD of the SEVENUP VRF like this:
ip vrf SEVENUP
rd 1:100 (instead of rd 2:100)
Of course, using this method, you wouldn't be able to have your VRFs part of more than 1 VPN, which is where RTs come in. You can also have COKE and SEVENUP part of the same VPN by adding RTs to the VRFs.
ip vrf COKE
rd 1:100
route-target export 555:555
route-target import 555:555
!
ip vrf PEPSI
rd 1:110
RouterB has 2 vrfs defined:
ip vrf SEVENUP
rd 2:100
route-target export 555:555
route-target import 555:555
!
ip vrf SPRITE
rd 2:110
By using the 555:555 RT, I am able to exchange routes between 2 VRFs and if in the future, I need to have my VRF part of another VPN, I can do so by importing/exporting RT to another VRF.
Do I understand this correctly?
Up until recently, I was very confused about RT and RD. I'd like to validate my understanding of the concepts.
RD, their only purpose is to make the routes (contained in a VRF) unique within the network. As far as I understand it, you could define a different RD for all the VRFs in your network.
Let's say you have 2 PE routers connected through MP-iBPG:
RouterA has 2 vrfs defined:
ip vrf COKE
rd 1:100
!
ip vrf PEPSI
rd 1:110
RouterB has 2 vrfs defined:
ip vrf SEVENUP
rd 2:100
!
ip vrf SPRITE
rd 2:110
Now, if you wanted to make COKE and SEVENUP part of the same VPN (by exchanging routes), you could change the RD of the SEVENUP VRF like this:
ip vrf SEVENUP
rd 1:100 (instead of rd 2:100)
Of course, using this method, you wouldn't be able to have your VRFs part of more than 1 VPN, which is where RTs come in. You can also have COKE and SEVENUP part of the same VPN by adding RTs to the VRFs.
ip vrf COKE
rd 1:100
route-target export 555:555
route-target import 555:555
!
ip vrf PEPSI
rd 1:110
RouterB has 2 vrfs defined:
ip vrf SEVENUP
rd 2:100
route-target export 555:555
route-target import 555:555
!
ip vrf SPRITE
rd 2:110
By using the 555:555 RT, I am able to exchange routes between 2 VRFs and if in the future, I need to have my VRF part of another VPN, I can do so by importing/exporting RT to another VRF.
Do I understand this correctly?
Comments
-
keenon
Member Posts: 1,922 ■■■■□□□□□□
Hello all,
Up until recently, I was very confused about RT and RD. I'd like to validate my understanding of the concepts.
RD, their only purpose is to make the routes (contained in a VRF) unique within the network. As far as I understand it, you could define a different RD for all the VRFs in your network.
Let's say you have 2 PE routers connected through MP-iBPG:
RouterA has 2 vrfs defined:
ip vrf COKE
rd 1:100
!
ip vrf PEPSI
rd 1:110
RouterB has 2 vrfs defined:
ip vrf SEVENUP
rd 2:100
!
ip vrf SPRITE
rd 2:110
Now, if you wanted to make COKE and SEVENUP part of the same VPN (by exchanging routes), you could change the RD of the SEVENUP VRF like this:
ip vrf SEVENUP
rd 1:100 (instead of rd 2:100)
Of course, using this method, you wouldn't be able to have your VRFs part of more than 1 VPN, which is where RTs come in. You can also have COKE and SEVENUP part of the same VPN by adding RTs to the VRFs.
ip vrf COKE
rd 1:100
route-target export 555:555
route-target import 555:555
!
ip vrf PEPSI
rd 1:110
RouterB has 2 vrfs defined:
ip vrf SEVENUP
rd 2:100
route-target export 555:555
route-target import 555:555
!
ip vrf SPRITE
rd 2:110
By using the 555:555 RT, I am able to exchange routes between 2 VRFs and if in the future, I need to have my VRF part of another VPN, I can do so by importing/exporting RT to another VRF.
Do I understand this correctly?
yes
the Rd are unique (PE) per router and not by domain. the route-target has to be unique per VPN domain. if you want a certain vrf to receive routes from another vpn you would do another unique route-target import/export on those 2 vrfs that are to participate.
PE1
ip vrf A
rd 1:1
route-target both 1:100 -- primary vpn
route-target both 22:100 -- secondary vpn
!
ip vrf B
rd 2:1
route-target both 2:100 -- primary vpn
!
ip vrf C
rd 22:1
route-target both 22:1 -- primary vpn
PE2
ip vrf A
rd 1:1
route-target both 1:100 -- primary vpn
!
ip vrf B
rd 2:1
route-target both 2:100 -- primary vpn
PE3
ip vrf C
rd 22:1
route-target both 22:1 -- primary vpn
route-target both 22:100 -- secondary vpn
per the example only vrf A on PE1 and vrf C on PE3 exchange routes but not with the other networks within their primary vpnBecome the stainless steel sharp knife in a drawer full of rusty spoons -
adassus
Member Posts: 13 ■□□□□□□□□□
I see, so my first example wouldn't be correct then.
Just changing the RD so that they match on PE1 and PE2 isn't enough to have them exchange routes. You have to use the RTs to export/import the routes?
My understanding was since the vpnv4 routes have the same RD appended, they would be "compatible". Isn't it enough to have the same RD on both PE to have them be part of the same VPN? like this:
PE1
ip vrf COKE
rd 1:100
PE2
ip vrf SEVENUP
rd 1:100
Do you actually need to specify the VPN (using route-target)? Like this:
PE1
ip vrf COKE
rd 1:100
route-target both 33:333
PE2
ip vrf SEVENUP
rd 1:100
route-target both 33:333
Isn't a route target just a way of associating a VRF to a VPN? -
kryolla
Member Posts: 785
RD is use to make a prefix unique by prepending it with the RD. iBGP peers will send each other these prepended routes. Now how is the router going to know what routes belong to which VRF.
A route comes in from CE into interface with VRF configured and a RD configured, this now unique prefix VPN-IPv4 prefix gets advertisied to iBGP peer, if that peer has a interface configured with that RD it will accept that route but will not put it in the VRF. This is where RT comes in. You export it to a specific RT and the other end will look at the RT and find the appropiate VRF and install the route. At least this is the way I understand it.Studying for CCIE and drinking Home Brew -
keenon
Member Posts: 1,922 ■■■■□□□□□□
I see, so my first example wouldn't be correct then.
Just changing the RD so that they match on PE1 and PE2 isn't enough to have them exchange routes. You have to use the RTs to export/import the routes?
My understanding was since the vpnv4 routes have the same RD appended, they would be "compatible". Isn't it enough to have the same RD on both PE to have them be part of the same VPN? like this:
PE1
ip vrf COKE
rd 1:100
PE2
ip vrf SEVENUP
rd 1:100
Do you actually need to specify the VPN (using route-target)? Like this:
PE1
ip vrf COKE
rd 1:100
route-target both 33:333
PE2
ip vrf SEVENUP
rd 1:100
route-target both 33:333
Isn't a route target just a way of associating a VRF to a VPN?
YES, a route target just a way of associating a VRF to a VPN
the RD number is appended to the ip address making them all unique. hence you can have the same ip addresses used for different vrfs/vpns. it gets more complicated if these vpns with overlapping ip addresses have to communicateBecome the stainless steel sharp knife in a drawer full of rusty spoons