Need help understanding Route Targets and Route Distinguishers

adassusadassus Posts: 13Member ■□□□□□□□□□
Hello all,

Up until recently, I was very confused about RT and RD. I'd like to validate my understanding of the concepts.

RD, their only purpose is to make the routes (contained in a VRF) unique within the network. As far as I understand it, you could define a different RD for all the VRFs in your network.

Let's say you have 2 PE routers connected through MP-iBPG:

RouterA has 2 vrfs defined:

ip vrf COKE
rd 1:100
!
ip vrf PEPSI
rd 1:110

RouterB has 2 vrfs defined:

ip vrf SEVENUP
rd 2:100
!
ip vrf SPRITE
rd 2:110

Now, if you wanted to make COKE and SEVENUP part of the same VPN (by exchanging routes), you could change the RD of the SEVENUP VRF like this:

ip vrf SEVENUP
rd 1:100 (instead of rd 2:100)

Of course, using this method, you wouldn't be able to have your VRFs part of more than 1 VPN, which is where RTs come in. You can also have COKE and SEVENUP part of the same VPN by adding RTs to the VRFs.

ip vrf COKE
rd 1:100
route-target export 555:555
route-target import 555:555
!
ip vrf PEPSI
rd 1:110

RouterB has 2 vrfs defined:

ip vrf SEVENUP
rd 2:100
route-target export 555:555
route-target import 555:555
!
ip vrf SPRITE
rd 2:110


By using the 555:555 RT, I am able to exchange routes between 2 VRFs and if in the future, I need to have my VRF part of another VPN, I can do so by importing/exporting RT to another VRF.

Do I understand this correctly?

Comments

  • keenonkeenon Posts: 1,921Member ■■■■□□□□□□
    adassus wrote: »
    Hello all,

    Up until recently, I was very confused about RT and RD. I'd like to validate my understanding of the concepts.

    RD, their only purpose is to make the routes (contained in a VRF) unique within the network. As far as I understand it, you could define a different RD for all the VRFs in your network.

    Let's say you have 2 PE routers connected through MP-iBPG:

    RouterA has 2 vrfs defined:

    ip vrf COKE
    rd 1:100
    !
    ip vrf PEPSI
    rd 1:110

    RouterB has 2 vrfs defined:

    ip vrf SEVENUP
    rd 2:100
    !
    ip vrf SPRITE
    rd 2:110

    Now, if you wanted to make COKE and SEVENUP part of the same VPN (by exchanging routes), you could change the RD of the SEVENUP VRF like this:

    ip vrf SEVENUP
    rd 1:100 (instead of rd 2:100)

    Of course, using this method, you wouldn't be able to have your VRFs part of more than 1 VPN, which is where RTs come in. You can also have COKE and SEVENUP part of the same VPN by adding RTs to the VRFs.

    ip vrf COKE
    rd 1:100
    route-target export 555:555
    route-target import 555:555
    !
    ip vrf PEPSI
    rd 1:110

    RouterB has 2 vrfs defined:

    ip vrf SEVENUP
    rd 2:100
    route-target export 555:555
    route-target import 555:555
    !
    ip vrf SPRITE
    rd 2:110


    By using the 555:555 RT, I am able to exchange routes between 2 VRFs and if in the future, I need to have my VRF part of another VPN, I can do so by importing/exporting RT to another VRF.

    Do I understand this correctly?

    yes

    the Rd are unique (PE) per router and not by domain. the route-target has to be unique per VPN domain. if you want a certain vrf to receive routes from another vpn you would do another unique route-target import/export on those 2 vrfs that are to participate.

    PE1
    ip vrf A
    rd 1:1
    route-target both 1:100 -- primary vpn
    route-target both 22:100 -- secondary vpn
    !
    ip vrf B
    rd 2:1
    route-target both 2:100 -- primary vpn
    !
    ip vrf C
    rd 22:1
    route-target both 22:1 -- primary vpn

    PE2
    ip vrf A
    rd 1:1
    route-target both 1:100 -- primary vpn
    !
    ip vrf B
    rd 2:1
    route-target both 2:100 -- primary vpn

    PE3
    ip vrf C
    rd 22:1
    route-target both 22:1 -- primary vpn
    route-target both 22:100 -- secondary vpn

    per the example only vrf A on PE1 and vrf C on PE3 exchange routes but not with the other networks within their primary vpn
    Become the stainless steel sharp knife in a drawer full of rusty spoons
  • adassusadassus Posts: 13Member ■□□□□□□□□□
    I see, so my first example wouldn't be correct then.

    Just changing the RD so that they match on PE1 and PE2 isn't enough to have them exchange routes. You have to use the RTs to export/import the routes?


    My understanding was since the vpnv4 routes have the same RD appended, they would be "compatible". Isn't it enough to have the same RD on both PE to have them be part of the same VPN? like this:

    PE1
    ip vrf COKE
    rd 1:100

    PE2
    ip vrf SEVENUP
    rd 1:100


    Do you actually need to specify the VPN (using route-target)? Like this:

    PE1
    ip vrf COKE
    rd 1:100
    route-target both 33:333

    PE2
    ip vrf SEVENUP
    rd 1:100
    route-target both 33:333

    Isn't a route target just a way of associating a VRF to a VPN?
  • kryollakryolla Posts: 785Member
    RD is use to make a prefix unique by prepending it with the RD. iBGP peers will send each other these prepended routes. Now how is the router going to know what routes belong to which VRF.

    A route comes in from CE into interface with VRF configured and a RD configured, this now unique prefix VPN-IPv4 prefix gets advertisied to iBGP peer, if that peer has a interface configured with that RD it will accept that route but will not put it in the VRF. This is where RT comes in. You export it to a specific RT and the other end will look at the RT and find the appropiate VRF and install the route. At least this is the way I understand it.
    Studying for CCIE and drinking Home Brew
  • keenonkeenon Posts: 1,921Member ■■■■□□□□□□
    adassus wrote: »
    I see, so my first example wouldn't be correct then.

    Just changing the RD so that they match on PE1 and PE2 isn't enough to have them exchange routes. You have to use the RTs to export/import the routes?


    My understanding was since the vpnv4 routes have the same RD appended, they would be "compatible". Isn't it enough to have the same RD on both PE to have them be part of the same VPN? like this:

    PE1
    ip vrf COKE
    rd 1:100

    PE2
    ip vrf SEVENUP
    rd 1:100


    Do you actually need to specify the VPN (using route-target)? Like this:

    PE1
    ip vrf COKE
    rd 1:100
    route-target both 33:333

    PE2
    ip vrf SEVENUP
    rd 1:100
    route-target both 33:333

    Isn't a route target just a way of associating a VRF to a VPN?

    YES, a route target just a way of associating a VRF to a VPN

    the RD number is appended to the ip address making them all unique. hence you can have the same ip addresses used for different vrfs/vpns. it gets more complicated if these vpns with overlapping ip addresses have to communicate
    Become the stainless steel sharp knife in a drawer full of rusty spoons
Sign In or Register to comment.