BGP Route Leaking

This chapter provides information about BGP route leaking.

Topics in this chapter include:

Applicability

The information and configuration in this chapter were originally written for SR OS Release 14.0.R4. The CLI in the current edition corresponds to SR OS Release 22.2.R2.

Overview

Route leaking refers to the process of copying a route from one router context to another.

Network administrators may need to leak routes between routing instances in the same SR OS router. BGP route leaking is an alternative to using import/export policies based on communities to exchange routes between virtual router and forwarders (VRFs).

It is possible to leak a copy of a BGP route (including all its path attributes) from one routing instance to another in the same SR OS router. This BGP route leaking capability applies to IPv4, IPv6, and label-IPv4 routes. Leaking is supported from the GRT to a VPRN, from one VPRN to another VPRN, and from a VPRN to the GRT.

Any BGP route for an IPv4 or IPv6 prefix can be leaked. A BGP route does not have to be the best path or used for forwarding in the source instance in order to be leaked. In SR OS Releases earlier than 19.10.R1, the BGP route had to be valid (that is, the next-hop must be resolved; the AS PATH must not exhibit a loop, for example). In SR OS Release 19.10.R1, and later, BGP in the base router can be configured to allow unresolved route leaking, as described in the Unresolved Route Leaking from Base Router to VPRN chapter.

An IPv4 or IPv6 BGP route becomes a candidate for leaking to another instance when it is specially marked by a BGP import policy. This marking is achieved by accepting the route with a bgp-leak action in the route policy. Routes that are candidates for leaking to other instances show a leakable flag in the output of various show router bgp commands.

To copy a leakable BGP route from a source instance into the BGP RIB of a target instance, the target instance must be configured with a leak-import policy that matches and accepts the leakable route. There are separate leak-import policies for IPv4 and IPv6 routes. Up to 15 leak-import policies can be chained together for more complex examples. In the target instance, the show router bgp routes command displays leaked BGP RIB-IN routes in addition to direct RIB-IN routes learned from neighbors of the routing instance. A leaked flag is added to the leaked RIB-IN entries. BGP route leaking process shows the process of BGP route leaking.

Figure 1. BGP route leaking process

Leaked BGP routes can be advertised to BGP neighbors (peers) of the target routing instance. The BGP next hop of a leaked route is automatically reset to self whenever it is advertised to a peer of the target instance. Normal route advertisement rules apply: by default, the leaked route is advertised if it is the overall best path that is used as the active route to the destination and it is not blocked by the IBGP-to-IBGP split-horizon rule.

A BGP route leaked into a VPRN can be exported from the VPRN as a VPN-IPv4/v6 route if it matches the VRF export policy. Normal VPN export rules apply: by default, the leaked route is exported if it is the overall best path and it is used as the active route to the destination.

This chapter describes BGP route leaking only. For other routes, such as IS-IS, OSPF, RIP, and static routes, VPRN route leaking mechanisms apply that are protocol independent, see chapter Traffic Leaking from VPRN to GRT.

Configuration

Example topology shows the example topology used in this chapter, including the IPv4 addresses. For each of the examples, a dedicated figure will show the specific topology, which is a subset of the topology in Example topology. The interfaces also have IPv6 addresses, which will be shown in BGP IPv6 route leaking between VPRNs and BGP IPv6 route leaking from GRT and VPRN to VPRN. VPRN 2 also has CEs attached, but for simplicity, these are not shown on the figures and no CLI will be shown for any CE.

Figure 2. Example topology

The following examples will be explained:

Initial configuration

The nodes in the example topology have the following initial configuration:

  • Cards, MDAs, ports

  • Router interfaces

  • IGP (IS-IS or OSPF) between the PEs

  • LDP between the PEs

  • VPRN 1 on PE-1; VPRN 2 on PE-1 and PE-2

  • BGP (IBGP between the PEs; EBGP between PE-1 and the CEs)

    • On the PEs, BGP is configured in the base router and in the VPRNs.

  • Loopback addresses and black-hole static routes in the CEs. Different routes are exported to GRT and VPRN 1 on PE-1

Example 1 - BGP IPv4 route leaking between VPRNs. Global BGP policy

BGP IPv4 route leaking between VPRNs shows the topology for this example. CE-11 exports routes such as 192.168.90.2/32 to VPRN 1 on PE-1, and CE-12 exports routes such as 192.168.120.2/32 to VPRN 1 on PE-1.

Figure 3. BGP IPv4 route leaking between VPRNs

BGP leaking is disabled by default. The routing table for VPRN 1 on PE-1 includes routes that are learned from CE-11 and CE-12, as follows:

*A:PE-1# show router 1 route-table

===============================================================================
Route Table (Service: 1)
===============================================================================
Dest Prefix[Flags]                            Type    Proto     Age        Pref
      Next Hop[Interface Name]                                    Metric
-------------------------------------------------------------------------------
172.16.1.1/32                                 Local   Local     00h01m28s  0
       system                                                       0
172.16.111.0/30                               Local   Local     00h01m28s  0
       int-PE-1-CE-11                                               0
172.16.112.0/30                               Local   Local     00h01m28s  0
       int-PE-1-CE-12                                               0
192.168.90.2/32                               Remote  BGP       00h00m07s  170
       172.16.111.2                                                 0
192.168.90.3/32                               Remote  BGP       00h00m07s  170
       172.16.111.2                                                 0
192.168.90.4/30                               Remote  BGP       00h00m07s  170
       172.16.111.2                                                 0
192.168.120.2/32                              Remote  BGP       00h00m05s  170
       172.16.112.2                                                 0
192.168.120.3/32                              Remote  BGP       00h00m05s  170
       172.16.112.2                                                 0
192.168.120.4/32                              Remote  BGP       00h00m05s  170
       172.16.112.2                                                 0
-------------------------------------------------------------------------------
No. of Routes: 9
Flags: n = Number of times nexthop is repeated
       B = BGP backup route available
       L = LFA nexthop available
       S = Sticky ECMP requested
===============================================================================

These BGP routes are not leakable, by default, as follows:

*A:PE-1# show router 1 bgp routes ipv4 leakable
===============================================================================
 BGP Router ID:192.0.2.1        AS:64500       Local AS:64500
===============================================================================
 Legend -
 Status codes  : u - used, s - suppressed, h - history, d - decayed, * - valid
                 l - leaked, x - stale, > - best, b - backup, p - purge
 Origin codes  : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP IPv4 Routes
===============================================================================
Flag  Network                                            LocalPref   MED
      Nexthop (Router)                                   Path-Id     IGP Cost
      As-Path                                                        Label
-------------------------------------------------------------------------------
No Matching Entries Found.
===============================================================================

The routing table for VPRN 2 does not include any of these routes because BGP route leaking is disabled by default:

*A:PE-1# show router 2 route-table

===============================================================================
Route Table (Service: 2)
===============================================================================
Dest Prefix[Flags]                            Type    Proto     Age        Pref
      Next Hop[Interface Name]                                    Metric
-------------------------------------------------------------------------------
172.16.2.1/32                                 Local   Local     00h01m28s  0
       system                                                       0
172.16.2.2/32                                 Remote  BGP VPN   00h00m41s  170
       192.0.2.2 (tunneled)                                         10
172.16.12.0/30                                Local   Local     00h01m28s  0
       int-PE-1-PE-2_VPN2                                           0
-------------------------------------------------------------------------------
No. of Routes: 3
Flags: n = Number of times nexthop is repeated
       B = BGP backup route available
       L = LFA nexthop available
       S = Sticky ECMP requested
===============================================================================

To configure BGP route leaking, an import policy is required in VPRN 1. The BGP route leaking policy is configured on PE-1, as follows:

# on PE-1:
configure
    router Base 
        policy-options
            begin
            policy-statement "BGP-Leak-Policy"
                entry 10
                    from
                        protocol bgp
                    exit
                    action accept
                        bgp-leak
                    exit
                exit
            exit
            commit

By adding the action accept bgp-leak, BGP routes are imported and marked as BGP leakable, meaning they are available to be copied—with their complete set of BGP path attributes—to the BGP RIB-IN of another routing instance.

The BGP route leaking policy can be applied in VPRN 1 in the general bgp comtext (as is the case here), in the group context, or per neighbor:

# on PE-1:
configure 
    service 
        vprn "VPRN 1"
            bgp
                import "BGP-Leak-Policy"
            exit

With the preceding configuration, SR OS is marking all the BGP routes imported into the VPRN as leakable. The BGP routes originate from CE-11 or CE-12 in this example.

The following command shows which BGP routes in VPRN 1 are marked as leakable:

*A:PE-1# show router 1 bgp routes ipv4 leakable
===============================================================================
 BGP Router ID:192.0.2.1        AS:64500       Local AS:64500
===============================================================================
 Legend -
 Status codes  : u - used, s - suppressed, h - history, d - decayed, * - valid
                 l - leaked, x - stale, > - best, b - backup, p - purge
 Origin codes  : i - IGP, e - EGP, ? - incomplete

===============================================================================
BGP IPv4 Routes
===============================================================================
Flag  Network                                            LocalPref   MED
      Nexthop (Router)                                   Path-Id     IGP Cost
      As-Path                                                        Label
-------------------------------------------------------------------------------
u*>i  192.168.90.2/32                                    None        None
      172.16.111.2                                       None        0
      64501                                                          -
u*>i  192.168.90.3/32                                    None        None
      172.16.111.2                                       None        0
      64501                                                          -
u*>i  192.168.90.4/30                                    None        None
      172.16.111.2                                       None        0
      64501                                                          -
u*>i  192.168.120.2/32                                   None        None
      172.16.112.2                                       None        0
      64502                                                          -
u*>i  192.168.120.3/32                                   None        None
      172.16.112.2                                       None        0
      64502                                                          -
u*>i  192.168.120.4/32                                   None        None
      172.16.112.2                                       None        0
      64502                                                          -
-------------------------------------------------------------------------------
Routes : 6
===============================================================================

The routes learned from CE-11 and CE-12 are leakable. The detailed output for any route in the preceding list shows the flag "leakable". The route source is external because the routes are imported (from CE-11 or CE-12):

*A:PE-1# show router 1 bgp routes 192.168.90.2/32 detail 
===============================================================================
 BGP Router ID:192.0.2.1        AS:64500       Local AS:64500      
===============================================================================
 Legend -
 Status codes  : u - used, s - suppressed, h - history, d - decayed, * - valid
                 l - leaked, x - stale, > - best, b - backup, p - purge
 Origin codes  : i - IGP, e - EGP, ? - incomplete

===============================================================================
BGP IPv4 Routes
===============================================================================
Original Attributes

Network        : 192.168.90.2/32
Nexthop        : 172.16.111.2
Path Id        : None                   
From           : 172.16.111.2
Res. Protocol  : LOCAL                  Res. Metric    : 0
Res. Nexthop   : 172.16.111.2
Local Pref.    : n/a                    Interface Name : int-PE-1-CE-11
---snip---

Originator Id  : None                   Peer Router Id : 172.16.0.11
Fwd Class      : None                   Priority       : None
Flags          : Used Valid Best IGP Leakable In-RTM
Route Source   : External
AS-Path        : 64501
---snip---

BGP leakable routes can be imported into another VPRN. Prefix lists can be used to filter specific routes for BGP leaking, but that is not configured in this example. The following import policy is configured on PE-1 to import BGP leakable routes:

# on PE-1:
configure
    router Base
        policy-options
            begin
            policy-statement "Import-Leakable-Routes"
                entry 10
                    from
                        protocol bgp
                    exit
                    action accept
                    exit
                exit
            exit
            commit

In each of the examples, the same import policy will be used. The import policy to import BGP leakable routes is applied in the VPRN "VPRN 2" on PE-1 as follows:

# on PE-1:
configure
    service
        vprn "VPRN 2"
            bgp
                rib-management
                    ipv4
                        leak-import "Import-Leakable-Routes"
                    exit
                exit
            exit

The following command shows that VPRN 2 imported leaked BGP routes from VPRN 1. The status code "l" indicates that the route is leaked.

*A:PE-1# show router 2 bgp routes ipv4 leaked 
===============================================================================
 BGP Router ID:192.0.2.1        AS:64500       Local AS:64500      
===============================================================================
 Legend -
 Status codes  : u - used, s - suppressed, h - history, d - decayed, * - valid
                 l - leaked, x - stale, > - best, b - backup, p - purge
 Origin codes  : i - IGP, e - EGP, ? - incomplete

===============================================================================
BGP IPv4 Routes
===============================================================================
Flag  Network                                            LocalPref   MED
      Nexthop (Router)                                   Path-Id     IGP Cost
      As-Path                                                        Label
-------------------------------------------------------------------------------
u*>li 192.168.90.2/32                                    100         None
      172.16.111.2 (VPRN 1)                              None        0
      64501                                                          -
u*>li 192.168.90.3/32                                    100         None
      172.16.111.2 (VPRN 1)                              None        0
      64501                                                          -
u*>li 192.168.90.4/30                                    100         None
      172.16.111.2 (VPRN 1)                              None        0
      64501                                                          -
u*>li 192.168.120.2/32                                   100         None
      172.16.112.2 (VPRN 1)                              None        0
      64502                                                          -
u*>li 192.168.120.3/32                                   100         None
      172.16.112.2 (VPRN 1)                              None        0
      64502                                                          -
u*>li 192.168.120.4/32                                   100         None
      172.16.112.2 (VPRN 1)                              None        0
      64502                                                          -
-------------------------------------------------------------------------------
Routes : 6
===============================================================================

The flags in the detailed output for a particular leaked BGP route from the preceding list include the flag "leaked". The route source for this leaked route is VPRN 1 and all BGP attributes are preserved, as follows:

*A:PE-1# show router 2 bgp routes 192.168.90.2/32 detail
===============================================================================
 BGP Router ID:192.0.2.1        AS:64500       Local AS:64500
===============================================================================
 Legend -
 Status codes  : u - used, s - suppressed, h - history, d - decayed, * - valid
                 l - leaked, x - stale, > - best, b - backup, p - purge
 Origin codes  : i - IGP, e - EGP, ? - incomplete

===============================================================================
BGP IPv4 Routes
===============================================================================
Original Attributes

Network        : 192.168.90.2/32
Nexthop        : 172.16.111.2 (VPRN 1)
Path Id        : None
From           : BGP VPRN 1
Res. Protocol  : LOCAL                  Res. Metric    : 0
Res. Nexthop   : 172.16.111.2
Local Pref.    : 100                    Interface Name : int-PE-1-CE-11
Aggregator AS  : None                   Aggregator     : None
Atomic Aggr.   : Not Atomic             MED            : None
AIGP Metric    : None                   IGP Cost       : 0
Connector      : None
Community      : No Community Members
Cluster        : No Cluster Members
Originator Id  : None                   Peer Router Id : 0.0.0.0
Fwd Class      : None                   Priority       : None
Flags          : Used Valid Best IGP Leaked In-RTM
Route Source   : Leaked from VPRN 1
AS-Path        : 64501
Route Tag      : 0
Neighbor-AS    : 64501
Orig Validation: NotFound
Source Class   : 0                      Dest Class     : 0
Add Paths Send : Default
RIB Priority   : Normal
Last Modified  : 00h02m13s
---snip---

The route table for VPRN 2 in the neighbor PE-2 contains the leaked routes, as follows:

*A:PE-2# show router 2 route-table

===============================================================================
Route Table (Service: 2)
===============================================================================
Dest Prefix[Flags]                            Type    Proto     Age        Pref
      Next Hop[Interface Name]                                    Metric
-------------------------------------------------------------------------------
172.16.2.1/32                                 Remote  BGP VPN   00h09m36s  170
       192.0.2.1 (tunneled)                                         10
172.16.2.2/32                                 Local   Local     00h10m20s  0
       system                                                       0
172.16.12.0/30                                Local   Local     00h10m20s  0
       int-PE-2-PE-1_VPN2                                           0
192.168.90.2/32                               Remote  BGP       00h02m28s  170
       172.16.12.1                                                  0
192.168.90.3/32                               Remote  BGP       00h02m28s  170
       172.16.12.1                                                  0
192.168.90.4/30                               Remote  BGP       00h02m28s  170
       172.16.12.1                                                  0
192.168.120.2/32                              Remote  BGP       00h02m28s  170
       172.16.12.1                                                  0
192.168.120.3/32                              Remote  BGP       00h02m28s  170
       172.16.12.1                                                  0
192.168.120.4/32                              Remote  BGP       00h02m28s  170
       172.16.12.1                                                  0
-------------------------------------------------------------------------------
No. of Routes: 9
Flags: n = Number of times nexthop is repeated
       B = BGP backup route available
       L = LFA nexthop available
       S = Sticky ECMP requested
===============================================================================

Example 2 - BGP IPv4 route leaking between VPRNs per neighbor

The topology used for this example is the same as for Example 1; see BGP IPv4 route leaking between VPRNs. Both CEs export the same routes as in the preceding example, and the BGP route leaking policy is identical:

# on PE-1:
configure
    router Base 
        policy-options
            begin
            policy-statement "BGP-Leak-Policy"
                entry 10
                    from
                        protocol bgp
                    exit
                    action accept
                        bgp-leak
                    exit
                exit
            exit
            commit

In the preceding example, the BGP route leaking policy was applied in the global bgp context in VPRN "VPRN 1" and consequently, it applied to routes from all neighbors. In this example, the BGP route leaking policy is applied in VPRN 1 for neighbor CE-11 only, as follows:

# on PE-1:
configure 
    service 
        vprn "VPRN 1"
            bgp 
                group "EBGP_64500to64501_IPv4" 
                    neighbor 172.16.111.2 
                        import "BGP-Leak-Policy"
                    exit
                exit
            exit

This import policy implies that only routes learned from CE-11 will be leakable. The following command shows all the BGP routes learned in VPRN 1 on PE-1. Not all of these are leakable.

*A:PE-1# show router 1 bgp routes 
===============================================================================
 BGP Router ID:192.0.2.1        AS:64500       Local AS:64500      
===============================================================================
 Legend -
 Status codes  : u - used, s - suppressed, h - history, d - decayed, * - valid
                 l - leaked, x - stale, > - best, b - backup, p - purge
 Origin codes  : i - IGP, e - EGP, ? - incomplete

===============================================================================
BGP IPv4 Routes
===============================================================================
Flag  Network                                            LocalPref   MED
      Nexthop (Router)                                   Path-Id     IGP Cost
      As-Path                                                        Label
-------------------------------------------------------------------------------
u*>i  192.168.90.2/32                                    None        None
      172.16.111.2                                       None        0
      64501                                                          -
u*>i  192.168.90.3/32                                    None        None
      172.16.111.2                                       None        0
      64501                                                          -
u*>i  192.168.90.4/30                                    None        None
      172.16.111.2                                       None        0
      64501                                                          -
u*>i  192.168.120.2/32                                   None        None
      172.16.112.2                                       None        0
      64502                                                          -
u*>i  192.168.120.3/32                                   None        None
      172.16.112.2                                       None        0
      64502                                                          -
u*>i  192.168.120.4/32                                   None        None
      172.16.112.2                                       None        0
      64502                                                          -
-------------------------------------------------------------------------------
Routes : 6
===============================================================================

Some routes are learned from CE-11 and other routes are learned from CE-12, and only the routes imported from CE-11 are leakable. The following command shows which IPv4 BGP routes are marked as leakable in VPRN 1 on PE-1:

*A:PE-1# show router 1 bgp routes ipv4 leakable 
===============================================================================
 BGP Router ID:192.0.2.1        AS:64500       Local AS:64500      
===============================================================================
 Legend -
 Status codes  : u - used, s - suppressed, h - history, d - decayed, * - valid
                 l - leaked, x - stale, > - best, b - backup, p - purge
 Origin codes  : i - IGP, e - EGP, ? - incomplete

===============================================================================
BGP IPv4 Routes
===============================================================================
Flag  Network                                            LocalPref   MED
      Nexthop (Router)                                   Path-Id     IGP Cost
      As-Path                                                        Label
-------------------------------------------------------------------------------
u*>i  192.168.90.2/32                                    None        None
      172.16.111.2                                       None        0
      64501                                                          -
u*>i  192.168.90.3/32                                    None        None
      172.16.111.2                                       None        0
      64501                                                          -
u*>i  192.168.90.4/30                                    None        None
      172.16.111.2                                       None        0
      64501                                                          -
-------------------------------------------------------------------------------
Routes : 3
===============================================================================

The BGP leakable routes can be imported into another VPRN instance. The import policy is the same as for Example 1:

# on PE-1:
configure
    router Base
        policy-options
            begin
            policy-statement "Import-Leakable-Routes"
                entry 10
                    from
                        protocol bgp
                    exit
                    action accept
                    exit
                exit
            exit
            commit

This import policy is applied in VPRN 2 in the same way as in Example 1:

# on PE-1:
configure
    service
        vprn "VPRN 2"
            bgp
                rib-management
                    ipv4
                        leak-import "Import-Leakable-Routes"
                    exit
                exit
            exit

The following command shows the leaked routes in VPRN 2. Each of these routes is leaked from VPRN 1, as indicated between brackets in the following output. Only routes learned from CE-11 in VPRN 1 are leaked to VPRN 2.

*A:PE-1# show router 2 bgp routes ipv4 leaked 
===============================================================================
 BGP Router ID:192.0.2.1        AS:64500       Local AS:64500      
===============================================================================
 Legend -
 Status codes  : u - used, s - suppressed, h - history, d - decayed, * - valid
                 l - leaked, x - stale, > - best, b - backup, p - purge
 Origin codes  : i - IGP, e - EGP, ? - incomplete

===============================================================================
BGP IPv4 Routes
===============================================================================
Flag  Network                                            LocalPref   MED
      Nexthop (Router)                                   Path-Id     IGP Cost
      As-Path                                                        Label
-------------------------------------------------------------------------------
u*>li 192.168.90.2/32                                    100         None
      172.16.111.2 (VPRN 1)                              None        0
      64501                                                          -
u*>li 192.168.90.3/32                                    100         None
      172.16.111.2 (VPRN 1)                              None        0
      64501                                                          -
u*>li 192.168.90.4/30                                    100         None
      172.16.111.2 (VPRN 1)                              None        0
      64501                                                          -
-------------------------------------------------------------------------------
Routes : 3
===============================================================================

The detailed output for any of these BGP routes shows that the flag "leaked" is set and that the route source corresponds to VPRN 1, as shown for route 192.168.90.2/32:

*A:PE-1# show router 2 bgp routes 192.168.90.2/32 detail 
===============================================================================
 BGP Router ID:192.0.2.1        AS:64500       Local AS:64500      
===============================================================================
 Legend -
 Status codes  : u - used, s - suppressed, h - history, d - decayed, * - valid
                 l - leaked, x - stale, > - best, b - backup, p - purge
 Origin codes  : i - IGP, e - EGP, ? - incomplete

===============================================================================
BGP IPv4 Routes
===============================================================================
Original Attributes

Network        : 192.168.90.2/32
Nexthop        : 172.16.111.2 (VPRN 1)
Path Id        : None                   
From           : BGP VPRN 1
Res. Protocol  : LOCAL                  Res. Metric    : 0
Res. Nexthop   : 172.16.111.2
Local Pref.    : 100                    Interface Name : int-PE-1-CE-11
Aggregator AS  : None                   Aggregator     : None
Atomic Aggr.   : Not Atomic             MED            : None
AIGP Metric    : None                   IGP Cost       : 0
Connector      : None
Community      : No Community Members
Cluster        : No Cluster Members
Originator Id  : None                   Peer Router Id : 0.0.0.0
Fwd Class      : None                   Priority       : None
Flags          : Used Valid Best IGP Leaked In-RTM
Route Source   : Leaked from VPRN 1
AS-Path        : 64501 
---snip---

Example 3 - BGP IPv4 route leaking from VPRN to GRT per BGP group

BGP IPv4 route leaking from VPRN to GRT shows the topology for this example. CE-11 and CE-12 export the same routes to VPRN 1. These routes will be marked as leakable and leaked to the GRT.

Figure 4. BGP IPv4 route leaking from VPRN to GRT

The routing table for VPRN 1 in PE-1 contains the BGP routes exported by CE-11 and CE-12, as follows:

*A:PE-1# show router 1 route-table

===============================================================================
Route Table (Service: 1)
===============================================================================
Dest Prefix[Flags]                            Type    Proto     Age        Pref
      Next Hop[Interface Name]                                    Metric
-------------------------------------------------------------------------------
172.16.1.1/32                                 Local   Local     00h14m59s  0
       system                                                       0
172.16.111.0/30                               Local   Local     00h14m59s  0
       int-PE-1-CE-11                                               0
172.16.112.0/30                               Local   Local     00h14m59s  0
       int-PE-1-CE-12                                               0
192.168.90.2/32                               Remote  BGP       00h00m16s  170
       172.16.111.2                                                 0
192.168.90.3/32                               Remote  BGP       00h00m16s  170
       172.16.111.2                                                 0
192.168.90.4/30                               Remote  BGP       00h00m16s  170
       172.16.111.2                                                 0
192.168.120.2/32                              Remote  BGP       00h03m30s  170
       172.16.112.2                                                 0
192.168.120.3/32                              Remote  BGP       00h03m30s  170
       172.16.112.2                                                 0
192.168.120.4/32                              Remote  BGP       00h03m30s  170
       172.16.112.2                                                 0
-------------------------------------------------------------------------------
No. of Routes: 9
Flags: n = Number of times nexthop is repeated
       B = BGP backup route available
       L = LFA nexthop available
       S = Sticky ECMP requested
===============================================================================

The routing table of the base router does not include any of the BGP routes exported by the CEs, as follows:

*A:PE-1# show router route-table

===============================================================================
Route Table (Router: Base)
===============================================================================
Dest Prefix[Flags]                            Type    Proto     Age        Pref
      Next Hop[Interface Name]                                    Metric
-------------------------------------------------------------------------------
172.17.111.0/30                               Local   Local     00h14m59s  0
       int-PE-1-CE-11                                               0
172.17.112.0/30                               Local   Local     00h14m59s  0
       int-PE-1-CE-12                                               0
192.0.2.1/32                                  Local   Local     00h14m59s  0
       system                                                       0
192.0.2.2/32                                  Remote  ISIS      00h14m44s  15
       192.168.12.2                                                 10
192.168.12.0/30                               Local   Local     00h14m59s  0
       int-PE-1-PE-2                                                0
-------------------------------------------------------------------------------
No. of Routes: 5
Flags: n = Number of times nexthop is repeated
       B = BGP backup route available
       L = LFA nexthop available
       S = Sticky ECMP requested
===============================================================================

The BGP routes are marked as leakable after applying the following configuration:

# on PE-1:
configure
    router Base 
        policy-options
            begin
            policy-statement "BGP-Leak-Policy"
                entry 10
                    from
                        protocol bgp
                    exit
                    action accept
                        bgp-leak
                    exit
                exit
            exit
            commit

This BGP route leaking policy can be applied in the general BGP configuration of VPRN 1, or per BGP group (as is the case here), or per BGP neighbor:

# on PE-1:
configure 
    service
        vprn "VPRN 1"
            bgp 
                group "EBGP_64500to64501_IPv4"
                    import "BGP-Leak-Policy"
                exit
            exit
        exit

The following command shows the leakable BGP routes in VPRN 1:

*A:PE-1# show router 1 bgp routes ipv4 leakable
===============================================================================
 BGP Router ID:192.0.2.1        AS:64500       Local AS:64500      
===============================================================================
 Legend -
 Status codes  : u - used, s - suppressed, h - history, d - decayed, * - valid
                 l - leaked, x - stale, > - best, b - backup, p - purge
 Origin codes  : i - IGP, e - EGP, ? - incomplete

===============================================================================
BGP IPv4 Routes
===============================================================================
Flag  Network                                            LocalPref   MED
      Nexthop (Router)                                   Path-Id     IGP Cost
      As-Path                                                        Label
-------------------------------------------------------------------------------
u*>i  192.168.90.2/32                                    None        None
      172.16.111.2                                       None        0
      64501                                                          -
u*>i  192.168.90.3/32                                    None        None
      172.16.111.2                                       None        0
      64501                                                          -
u*>i  192.168.90.4/30                                    None        None
      172.16.111.2                                       None        0
      64501                                                          -
-------------------------------------------------------------------------------
Routes : 3
===============================================================================

The leakable BGP routes in VPRN 1 can be imported into the GRT. The import policy is identical to the import policy in the preceding examples, as follows:

# PE-1:
configure
    router Base
        policy-options
            begin
            policy-statement "Import-Leakable-Routes"
                entry 10
                    from
                        protocol bgp
                    exit
                    action accept
                    exit
                exit
            exit
            commit

This import policy is applied in the base router, as follows:

# on PE-1:
configure
    router
        bgp
            rib-management
                ipv4
                    leak-import "Import-Leakable-Routes"
                exit
            exit
        exit

As a result, the leakable BGP routes in VPRN 1 are leaked to the GRT, as follows:

*A:PE-1# show router bgp routes ipv4 leaked 
===============================================================================
 BGP Router ID:192.0.2.1        AS:64500       Local AS:64500      
===============================================================================
 Legend -
 Status codes  : u - used, s - suppressed, h - history, d - decayed, * - valid
                 l - leaked, x - stale, > - best, b - backup, p - purge
 Origin codes  : i - IGP, e - EGP, ? - incomplete

===============================================================================
BGP IPv4 Routes
===============================================================================
Flag  Network                                            LocalPref   MED
      Nexthop (Router)                                   Path-Id     IGP Cost
      As-Path                                                        Label
-------------------------------------------------------------------------------
u*>li 192.168.90.2/32                                    100         None
      172.16.111.2 (VPRN 1)                              None        0
      64501                                                          -
u*>li 192.168.90.3/32                                    100         None
      172.16.111.2 (VPRN 1)                              None        0
      64501                                                          -
u*>li 192.168.90.4/30                                    100         None
      172.16.111.2 (VPRN 1)                              None        0
      64501                                                          -
-------------------------------------------------------------------------------
Routes : 3
===============================================================================

The detailed information for any of these leaked routes shows that the flag "leaked" is present and that the route source is VPRN 1, as follows:

*A:PE-1# show router bgp routes 192.168.90.2/32 detail 
===============================================================================
 BGP Router ID:192.0.2.1        AS:64500       Local AS:64500      
===============================================================================
 Legend -
 Status codes  : u - used, s - suppressed, h - history, d - decayed, * - valid
                 l - leaked, x - stale, > - best, b - backup, p - purge
 Origin codes  : i - IGP, e - EGP, ? - incomplete

===============================================================================
BGP IPv4 Routes
===============================================================================
Original Attributes

Network        : 192.168.90.2/32
Nexthop        : 172.16.111.2 (VPRN 1)
Path Id        : None
From           : BGP VPRN 1
Res. Protocol  : LOCAL                  Res. Metric    : 0
Res. Nexthop   : 172.16.111.2
Local Pref.    : 100                    Interface Name : int-PE-1-CE-11
Aggregator AS  : None                   Aggregator     : None
Atomic Aggr.   : Not Atomic             MED            : None
AIGP Metric    : None                   IGP Cost       : 0
Connector      : None
Community      : No Community Members
Cluster        : No Cluster Members
Originator Id  : None                   Peer Router Id : 0.0.0.0
Fwd Class      : None                   Priority       : None
Flags          : Used Valid Best IGP Leaked In-RTM
Route Source   : Leaked from VPRN 1
AS-Path        : 64501
---snip---

The GRT includes the leaked routes, as follows:

*A:PE-1# show router route-table

===============================================================================
Route Table (Router: Base)
===============================================================================
Dest Prefix[Flags]                            Type    Proto     Age        Pref
      Next Hop[Interface Name]                                    Metric
-------------------------------------------------------------------------------
172.17.111.0/30                               Local   Local     00h23m13s  0
       int-PE-1-CE-11                                               0
172.17.112.0/30                               Local   Local     00h23m13s  0
       int-PE-1-CE-12                                               0
192.0.2.1/32                                  Local   Local     00h23m13s  0
       system                                                       0
192.0.2.2/32                                  Remote  ISIS      00h22m57s  15
       192.168.12.2                                                 10
192.168.12.0/30                               Local   Local     00h23m13s  0
       int-PE-1-PE-2                                                0
192.168.90.2/32                               Remote  BGP       00h04m49s  170
       172.16.111.2                                                 0
192.168.90.3/32                               Remote  BGP       00h04m49s  170
       172.16.111.2                                                 0
192.168.90.4/30                               Remote  BGP       00h04m49s  170
       172.16.111.2                                                 0
-------------------------------------------------------------------------------
No. of Routes: 8
Flags: n = Number of times nexthop is repeated
       B = BGP backup route available
       L = LFA nexthop available
       S = Sticky ECMP requested
===============================================================================

The GRT on neighbor PE-2 also includes the leaked routes, as follows:

*A:PE-2# show router route-table

===============================================================================
Route Table (Router: Base)
===============================================================================
Dest Prefix[Flags]                            Type    Proto     Age        Pref
      Next Hop[Interface Name]                                    Metric
-------------------------------------------------------------------------------
192.0.2.1/32                                  Remote  ISIS      00h22m58s  15
       192.168.12.1                                                 10
192.0.2.2/32                                  Local   Local     00h23m06s  0
       system                                                       0
192.168.12.0/30                               Local   Local     00h23m06s  0
       int-PE-2-PE-1                                                0
192.168.90.2/32                               Remote  BGP       00h04m45s  170
       192.168.12.1                                                 10
192.168.90.3/32                               Remote  BGP       00h04m45s  170
       192.168.12.1                                                 10
192.168.90.4/30                               Remote  BGP       00h04m45s  170
       192.168.12.1                                                 10
-------------------------------------------------------------------------------
No. of Routes: 6
Flags: n = Number of times nexthop is repeated
       B = BGP backup route available
       L = LFA nexthop available
       S = Sticky ECMP requested
===============================================================================

Example 4 - BGP IPv4 route leaking from GRT to VPRN per neighbor

BGP IPv4 route leaking from GRT to VPRN shows the topology for this example, and the corresponding IP addresses. CE-11 exports routes such as 192.168.100.2/32 to the base router and CE-12 exports routes such as 192.168.121.2/32 to the base router. The routes will be leaked from the base router to VPRN 2.

Figure 5. BGP IPv4 route leaking from GRT to VPRN

The GRT in PE-1 includes BGP routes learned from CE-11 and CE-12, as follows:

*A:PE-1# show router route-table

===============================================================================
Route Table (Router: Base)
===============================================================================
Dest Prefix[Flags]                            Type    Proto     Age        Pref
      Next Hop[Interface Name]                                    Metric
-------------------------------------------------------------------------------
172.17.111.0/30                               Local   Local     00h25m58s  0
       int-PE-1-CE-11                                               0
172.17.112.0/30                               Local   Local     00h25m58s  0
       int-PE-1-CE-12                                               0
192.0.2.1/32                                  Local   Local     00h25m58s  0
       system                                                       0
192.0.2.2/32                                  Remote  ISIS      00h25m43s  15
       192.168.12.2                                                 10
192.168.12.0/30                               Local   Local     00h25m58s  0
       int-PE-1-PE-2                                                0
192.168.100.2/32                              Remote  BGP       00h00m57s  170
       172.17.111.2                                                 0
192.168.100.3/32                              Remote  BGP       00h00m57s  170
       172.17.111.2                                                 0
192.168.100.4/30                              Remote  BGP       00h00m57s  170
       172.17.111.2                                                 0
192.168.121.2/32                              Remote  BGP       00h01m08s  170
       172.17.112.2                                                 0
192.168.121.3/32                              Remote  BGP       00h01m08s  170
       172.17.112.2                                                 0
192.168.121.4/30                              Remote  BGP       00h01m08s  170
       172.17.112.2                                                 0
-------------------------------------------------------------------------------
No. of Routes: 11
Flags: n = Number of times nexthop is repeated
       B = BGP backup route available
       L = LFA nexthop available
       S = Sticky ECMP requested
===============================================================================

The BGP leaking policy is the same as in the preceding examples:

# on PE-1:
configure
    router Base 
        policy-options
            begin
            policy-statement "BGP-Leak-Policy"
                entry 10
                    from
                        protocol bgp
                    exit
                    action accept
                        bgp-leak
                    exit
                exit
            exit
            commit

The BGP route leaking policy is applied on the base router for neighbor CE-11 only, as follows:

# on PE-1:
configure 
    router 
        bgp 
            group "EBGP_64500to64501_IPv4" 
                neighbor 172.17.111.2 
                    import "BGP-Leak-Policy"
                exit
            exit
        exit

The following command shows that only the routes imported from neighbor CE-11 are marked as leakable in the GRT:

*A:PE-1# show router bgp routes ipv4 leakable
===============================================================================
 BGP Router ID:192.0.2.1        AS:64500       Local AS:64500      
===============================================================================
 Legend -
 Status codes  : u - used, s - suppressed, h - history, d - decayed, * - valid
                 l - leaked, x - stale, > - best, b - backup, p - purge
 Origin codes  : i - IGP, e - EGP, ? - incomplete

===============================================================================
BGP IPv4 Routes
===============================================================================
Flag  Network                                            LocalPref   MED
      Nexthop (Router)                                   Path-Id     IGP Cost
      As-Path                                                        Label
-------------------------------------------------------------------------------
u*>i  192.168.100.2/32                                   None        None
      172.17.111.2                                       None        0
      64501                                                          -
u*>i  192.168.100.3/32                                   None        None
      172.17.111.2                                       None        0
      64501                                                          -
u*>i  192.168.100.4/30                                   None        None
      172.17.111.2                                       None        0
      64501                                                          -
-------------------------------------------------------------------------------
Routes : 3
===============================================================================

The leakable BGP routes in the GRT can be imported into VPRN 2. The import policy is identical to the import policy in the preceding examples, as follows:

# on PE-1:
configure
    router Base
        policy-options
            begin
            policy-statement "Import-Leakable-Routes"
                entry 10
                    from
                        protocol bgp
                    exit
                    action accept
                    exit
                exit
            exit
            commit

This import policy is applied in VPRN 2, as follows:

# on PE-1:
configure
    service
        vprn 2
            bgp
                rib-management
                    ipv4
                        leak-import "Import-Leakable-Routes"
                    exit
                exit
            exit

The following command shows the imported leaked BGP routes in VPRN 2. The source of these leaked routes is the base router, not a VPRN.

*A:PE-1# show router 2 bgp routes ipv4 leaked 
===============================================================================
 BGP Router ID:192.0.2.1        AS:64500       Local AS:64500      
===============================================================================
 Legend -
 Status codes  : u - used, s - suppressed, h - history, d - decayed, * - valid
                 l - leaked, x - stale, > - best, b - backup, p - purge
 Origin codes  : i - IGP, e - EGP, ? - incomplete

===============================================================================
BGP IPv4 Routes
===============================================================================
Flag  Network                                            LocalPref   MED
      Nexthop (Router)                                   Path-Id     IGP Cost
      As-Path                                                        Label
-------------------------------------------------------------------------------
u*>li 192.168.100.2/32                                   100         None
      172.17.111.2 (Base)                                None        0
      64501                                                          -
u*>li 192.168.100.3/32                                   100         None
      172.17.111.2 (Base)                                None        0
      64501                                                          -
u*>li 192.168.100.4/30                                   100         None
      172.17.111.2 (Base)                                None        0
      64501                                                          -
-------------------------------------------------------------------------------
Routes : 3
===============================================================================

Any of these leaked BGP routes has the flag "leaked", and the route source is the base router (leaked from base), as follows:

*A:PE-1# show router 2 bgp routes 192.168.100.2/32 detail 
===============================================================================
 BGP Router ID:192.0.2.1        AS:64500       Local AS:64500      
===============================================================================
 Legend -
 Status codes  : u - used, s - suppressed, h - history, d - decayed, * - valid
                 l - leaked, x - stale, > - best, b - backup, p - purge
 Origin codes  : i - IGP, e - EGP, ? - incomplete

===============================================================================
BGP IPv4 Routes
===============================================================================
Original Attributes

Network        : 192.168.100.2/32
Nexthop        : 172.17.111.2 (Base)
Path Id        : None                   
From           : BGP Base
Res. Protocol  : LOCAL                  Res. Metric    : 0
Res. Nexthop   : 172.17.111.2
Local Pref.    : 100                    Interface Name : int-PE-1-CE-11
Aggregator AS  : None                   Aggregator     : None
Atomic Aggr.   : Not Atomic             MED            : None
AIGP Metric    : None                   IGP Cost       : 0
Connector      : None
Community      : No Community Members
Cluster        : No Cluster Members
Originator Id  : None                   Peer Router Id : 0.0.0.0
Fwd Class      : None                   Priority       : None
Flags          : Used Valid Best IGP Leaked In-RTM 
Route Source   : Leaked from Base
AS-Path        : 64501 
---snip---

Example 5 - BGP IPv6 route leaking between VPRNs. Global VPRN BGP configuration.

BGP IPv6 route leaking between VPRNs shows the topology and the IP addresses used for this example. CE-11 exports routes such as 2001:db8:90::2/128 to VPRN 1 on PE-1, and CE-12 exports routes such as 2001:db8:120::2/128 to VPRN 1 on PE-1.

Figure 6. BGP IPv6 route leaking between VPRNs
*A:PE-1# show router 1 route-table ipv6

===============================================================================
IPv6 Route Table (Service: 1)
===============================================================================
Dest Prefix[Flags]                            Type    Proto     Age        Pref
      Next Hop[Interface Name]                                    Metric
-------------------------------------------------------------------------------
2001:db8::1:1/128                             Local   Local     00h32m46s  0
       system                                                       0
2001:db8:90::2/128                            Remote  BGP       00h00m44s  170
       2001:db8:111::1                                              0
2001:db8:90::3/128                            Remote  BGP       00h00m44s  170
       2001:db8:111::1                                              0
2001:db8:90::4/126                            Remote  BGP       00h00m44s  170
       2001:db8:111::1                                              0
2001:db8:111::/127                            Local   Local     00h32m46s  0
       int-PE-1-CE-11                                               0
2001:db8:112::/127                            Local   Local     00h32m46s  0
       int-PE-1-CE-12                                               0
2001:db8:120::2/128                           Remote  BGP       00h00m48s  170
       2001:db8:112::1                                              0
2001:db8:120::3/128                           Remote  BGP       00h00m48s  170
       2001:db8:112::1                                              0
2001:db8:120::4/126                           Remote  BGP       00h00m48s  170
       2001:db8:112::1                                              0
-------------------------------------------------------------------------------
No. of Routes: 9
Flags: n = Number of times nexthop is repeated
       B = BGP backup route available
       L = LFA nexthop available
       S = Sticky ECMP requested
===============================================================================

The BGP route leaking policy is the same as for IPv4 routes:

# PE-1:
configure
    router Base 
        policy-options
            begin
            policy-statement "BGP-Leak-Policy"
                entry 10
                    from
                        protocol bgp
                    exit
                    action accept
                        bgp-leak
                    exit
                exit
            exit
            commit

This import policy is applied in the bgp context of VPRN 1, as follows:

@ on PE-1:
configure
    service 
        vprn "VPRN 1" 
            bgp 
                import "BGP-Leak-Policy"
            exit
        exit

With the preceding configuration, all the routes imported into the VPRN using BGP are marked as leakable.

The following command shows which BGP IPv6 routes are marked as leakable in VPRN 1:

*A:PE-1# show router 1 bgp routes ipv6 leakable 
===============================================================================
 BGP Router ID:192.0.2.1        AS:64500       Local AS:64500      
===============================================================================
 Legend -
 Status codes  : u - used, s - suppressed, h - history, d - decayed, * - valid
                 l - leaked, x - stale, > - best, b - backup, p - purge
 Origin codes  : i - IGP, e - EGP, ? - incomplete

===============================================================================
BGP IPv6 Routes
===============================================================================
Flag  Network                                            LocalPref   MED
      Nexthop (Router)                                   Path-Id     IGP Cost
      As-Path                                                        Label
-------------------------------------------------------------------------------
u*>i  2001:db8:90::2/128                                 None        None
      2001:db8:111::1                                    None        0
      64501                                                          -
u*>i  2001:db8:90::3/128                                 None        None
      2001:db8:111::1                                    None        0
      64501                                                          -
u*>i  2001:db8:90::4/126                                 None        None
      2001:db8:111::1                                    None        0
      64501                                                          -
u*>i  2001:db8:120::2/128                                None        None
      2001:db8:112::1                                    None        0
      64502                                                          -
u*>i  2001:db8:120::3/128                                None        None
      2001:db8:112::1                                    None        0
      64502                                                          -
u*>i  2001:db8:120::4/126                                None        None
      2001:db8:112::1                                    None        0
      64502                                                          -
-------------------------------------------------------------------------------
Routes : 6
===============================================================================

The BGP leakable routes can be imported into VPRN 2 when the following import policy is configured and applied in VPRN 2:

# on PE-1:
configure
    router Base
        policy-options
            begin
            policy-statement "Import-Leakable-Routes"
                entry 10
                    from
                        protocol bgp
                    exit
                    action accept
                    exit
                exit
            exit
            commit

The only difference from IPv4 routes is that the policy is applied to the ipv6 context of the RIB management:

# on PE-1:
configure
    service
        vprn 2
            bgp
                rib-management
                    ipv6
                        leak-import "Import-Leakable-Routes"
                    exit
                exit
            exit

The following command shows that the VPRN is importing the leaked BGP IPv6 routes from another VPRN instance:

*A:PE-1# show router 2 bgp routes ipv6 leaked 
===============================================================================
 BGP Router ID:192.0.2.1        AS:64500       Local AS:64500      
===============================================================================
 Legend -
 Status codes  : u - used, s - suppressed, h - history, d - decayed, * - valid
                 l - leaked, x - stale, > - best, b - backup, p - purge
 Origin codes  : i - IGP, e - EGP, ? - incomplete

===============================================================================
BGP IPv6 Routes
===============================================================================
Flag  Network                                            LocalPref   MED
      Nexthop (Router)                                   Path-Id     IGP Cost
      As-Path                                                        Label
-------------------------------------------------------------------------------
u*>li 2001:db8:90::2/128                                 100         None
      2001:db8:111::1 (VPRN 1)                           None        0
      64501                                                          -
u*>li 2001:db8:90::3/128                                 100         None
      2001:db8:111::1 (VPRN 1)                           None        0
      64501                                                          -
u*>li 2001:db8:90::4/126                                 100         None
      2001:db8:111::1 (VPRN 1)                           None        0
      64501                                                          -
u*>li 2001:db8:120::2/128                                100         None
      2001:db8:112::1 (VPRN 1)                           None        0
      64502                                                          -
u*>li 2001:db8:120::3/128                                100         None
      2001:db8:112::1 (VPRN 1)                           None        0
      64502                                                          -
u*>li 2001:db8:120::4/126                                100         None
      2001:db8:112::1 (VPRN 1)                           None        0
      64502                                                          -
-------------------------------------------------------------------------------
Routes : 6
===============================================================================

The BGP routes have the flag "leaked" and the route source is VPRN 1, as follows:

*A:PE-1# show router 2 bgp routes 2001:db8:90::2/128 detail 
===============================================================================
 BGP Router ID:192.0.2.1        AS:64500       Local AS:64500      
===============================================================================
 Legend -
 Status codes  : u - used, s - suppressed, h - history, d - decayed, * - valid
                 l - leaked, x - stale, > - best, b - backup, p - purge
 Origin codes  : i - IGP, e - EGP, ? - incomplete

===============================================================================
BGP IPv6 Routes
===============================================================================
Original Attributes

Network        : 2001:db8:90::2/128
Nexthop        : 2001:db8:111::1 (VPRN 1)
Path Id        : None                   
From           : BGP VPRN 1
Res. Protocol  : LOCAL                  Res. Metric    : 0
Res. Nexthop   : 2001:db8:111::1
Local Pref.    : 100                    Interface Name : int-PE-1-CE-11
Aggregator AS  : None                   Aggregator     : None
Atomic Aggr.   : Not Atomic             MED            : None
AIGP Metric    : None                   IGP Cost       : 0
Connector      : None
Community      : No Community Members
Cluster        : No Cluster Members
Originator Id  : None                   Peer Router Id : 0.0.0.0
Fwd Class      : None                   Priority       : None
Flags          : Used  Valid  Best  IGP  Leaked
Route Source   : Leaked from VPRN 1
AS-Path        : 64501 
---snip---

Example 6 - BGP IPv6 route leaking from GRT to VPRN and from VPRN to VPRN

BGP IPv6 route leaking from GRT and VPRN to VPRN shows the topology and the IPv6 addresses used in this example. CE-11 exports IPv6 routes such as 2001:db8:90::2/128 to VPRN 1 and IPv6 routes such as 2001:db8:100::2/128 to the GRT. CE-12 exports IPv6 routes such as 2001:db8:120::2/128 to VPRN 1 and IPv6 routes such as 2001:db8:121::2/128 to the GRT.

Figure 7. BGP IPv6 route leaking from GRT and VPRN to VPRN

The IPv6 routing table in the GRT contains routes exported by CE-11 and CE-12, as follows:

*A:PE-1# show router route-table ipv6

===============================================================================
IPv6 Route Table (Router: Base)
===============================================================================
Dest Prefix[Flags]                            Type    Proto     Age        Pref
      Next Hop[Interface Name]                                    Metric
-------------------------------------------------------------------------------
2001:db8::1/128                               Local   Local     00h42m19s  0
       system                                                       0
2001:db8::2/128                               Remote  ISIS      00h42m04s  15
       fe80::14:1ff:fe01:1-"int-PE-1-PE-2"                          10
2001:db8:12::/126                             Local   Local     00h42m18s  0
       int-PE-1-PE-2                                                0
2001:db8:17:111::/127                         Local   Local     00h42m18s  0
       int-PE-1-CE-11                                               0
2001:db8:17:112::/127                         Local   Local     00h42m18s  0
       int-PE-1-CE-12                                               0
2001:db8:100::2/128                           Remote  BGP       00h02m54s  170
       2001:db8:17:111::1                                           0
2001:db8:100::3/128                           Remote  BGP       00h02m54s  170
       2001:db8:17:111::1                                           0
2001:db8:100::4/126                           Remote  BGP       00h02m54s  170
       2001:db8:17:111::1                                           0
2001:db8:121::2/128                           Remote  BGP       00h03m03s  170
       2001:db8:17:112::1                                           0
2001:db8:121::3/128                           Remote  BGP       00h03m03s  170
       2001:db8:17:112::1                                           0
2001:db8:121::4/126                           Remote  BGP       00h03m03s  170
       2001:db8:17:112::1                                           0
-------------------------------------------------------------------------------
No. of Routes: 11
Flags: n = Number of times nexthop is repeated
       B = BGP backup route available
       L = LFA nexthop available
       S = Sticky ECMP requested
===============================================================================

The IPv6 routing table for VPRN 1 also contains routes exported by CE-11 and CE-12, as follows:

*A:PE-1# show router 1 route-table ipv6

===============================================================================
IPv6 Route Table (Service: 1)
===============================================================================
Dest Prefix[Flags]                            Type    Proto     Age        Pref
      Next Hop[Interface Name]                                    Metric
-------------------------------------------------------------------------------
2001:db8::1:1/128                             Local   Local     00h42m18s  0
       system                                                       0
2001:db8:90::2/128                            Remote  BGP       00h03m57s  170
       2001:db8:111::1                                              0
2001:db8:90::3/128                            Remote  BGP       00h03m57s  170
       2001:db8:111::1                                              0
2001:db8:90::4/126                            Remote  BGP       00h03m57s  170
       2001:db8:111::1                                              0
2001:db8:111::/127                            Local   Local     00h42m18s  0
       int-PE-1-CE-11                                               0
2001:db8:112::/127                            Local   Local     00h42m18s  0
       int-PE-1-CE-12                                               0
2001:db8:120::2/128                           Remote  BGP       00h03m57s  170
       2001:db8:112::1                                              0
2001:db8:120::3/128                           Remote  BGP       00h03m57s  170
       2001:db8:112::1                                              0
2001:db8:120::4/126                           Remote  BGP       00h03m57s  170
       2001:db8:112::1                                              0
-------------------------------------------------------------------------------
No. of Routes: 9
Flags: n = Number of times nexthop is repeated
       B = BGP backup route available
       L = LFA nexthop available
       S = Sticky ECMP requested
===============================================================================

The policy to mark imported BGP routes as leakable can be identical to the policy used in the preceding examples. However, in this case, prefix-lists are added as a filter. VPRN 1 may accept routes such as 2001:db8:90::2/128 and 2001:db8:120::2/128.

# on PE-1:
configure
    router Base 
        policy-options
            begin
            prefix-list "2001:db8:90::"
                prefix 2001:db8:90::/100 longer
            exit
            prefix-list "2001:db8:120::"
                prefix 2001:db8:120::/100 longer
            exit
            policy-statement "BGP-Leak-Policy_90_120"
                entry 10
                    from
                        protocol bgp
                        prefix-list "2001:db8:90::"
                    exit
                    action accept
                        bgp-leak
                    exit
                exit
                entry 20
                    from
                        protocol bgp
                        prefix-list "2001:db8:120::"
                    exit
                    action accept
                        bgp-leak
                    exit
                exit
            exit
            commit

This import policy is applied in the general BGP settings for VPRN 1, as follows:

# on PE-1:
configure
    service
        vprn "VPRN 1"
            bgp
                import "BGP-Leak-Policy_90_120"
            exit
        exit

In a similar way, the base router may accept routes such as 2001:8db:100::2/128 and 2001:8db:121::2/128:

# on PE-1:
configure
    router Base 
        policy-options
            begin
            prefix-list "2001:db8:100::"
                prefix 2001:db8:100::/100 longer
            exit
            prefix-list "2001:db8:121::"
                prefix 2001:db8:121::/100 longer
            exit
            policy-statement "BGP-Leak-Policy_100_121"
                entry 10
                    from
                        protocol bgp
                        prefix-list "2001:db8:100::"
                    exit
                    action accept
                        bgp-leak
                    exit
                exit
                entry 20
                    from
                        protocol bgp
                        prefix-list "2001:db8:121::"
                    exit
                    action accept
                        bgp-leak
                    exit
                exit
            exit
            commit

This BGP leaking policy is applied for neighbor CE-11 in the base router, as follows. The routes exported by CE-12 will not be marked as leakable.

# on PE-1:
configure
    router Base
        bgp
            group "EBGP_64500to64501_IPv6"
                neighbor 2001:db8:17:111::1
                    import "BGP-Leak-Policy_100_121"
                exit
            exit

The following command shows which routes are marked as leakable in the GRT:

*A:PE-1# show router bgp routes ipv6 leakable
===============================================================================
 BGP Router ID:192.0.2.1        AS:64500       Local AS:64500      
===============================================================================
 Legend -
 Status codes  : u - used, s - suppressed, h - history, d - decayed, * - valid
                 l - leaked, x - stale, > - best, b - backup, p - purge
 Origin codes  : i - IGP, e - EGP, ? - incomplete

===============================================================================
BGP IPv6 Routes
===============================================================================
Flag  Network                                            LocalPref   MED
      Nexthop (Router)                                   Path-Id     IGP Cost
      As-Path                                                        Label
-------------------------------------------------------------------------------
u*>i  2001:db8:100::2/128                                None        None
      2001:db8:17:111::1                                 None        0
      64501                                                          -
u*>i  2001:db8:100::3/128                                None        None
      2001:db8:17:111::1                                 None        0
      64501                                                          -
u*>i  2001:db8:100::4/126                                None        None
      2001:db8:17:111::1                                 None        0
      64501                                                          -
-------------------------------------------------------------------------------
Routes : 3
===============================================================================

The following command shows which routes are marked as leakable in VPRN 1:

*A:PE-1# show router 1 bgp routes ipv6 leakable
===============================================================================
 BGP Router ID:192.0.2.1        AS:64500       Local AS:64500      
===============================================================================
 Legend -
 Status codes  : u - used, s - suppressed, h - history, d - decayed, * - valid
                 l - leaked, x - stale, > - best, b - backup, p - purge
 Origin codes  : i - IGP, e - EGP, ? - incomplete

===============================================================================
BGP IPv6 Routes
===============================================================================
Flag  Network                                            LocalPref   MED
      Nexthop (Router)                                   Path-Id     IGP Cost
      As-Path                                                        Label
-------------------------------------------------------------------------------
u*>i  2001:db8:90::2/128                                 None        None
      2001:db8:111::1                                    None        0
      64501                                                          -
u*>i  2001:db8:90::3/128                                 None        None
      2001:db8:111::1                                    None        0
      64501                                                          -
u*>i  2001:db8:90::4/126                                 None        None
      2001:db8:111::1                                    None        0
      64501                                                          -
u*>i  2001:db8:120::2/128                                None        None
      2001:db8:112::1                                    None        0
      64502                                                          -
u*>i  2001:db8:120::3/128                                None        None
      2001:db8:112::1                                    None        0
      64502                                                          -
u*>i  2001:db8:120::4/126                                None        None
      2001:db8:112::1                                    None        0
      64502                                                          -
-------------------------------------------------------------------------------
Routes : 6
===============================================================================

On PE-1, a policy is created to import the BGP leakable routes (the same as in the preceding examples), as follows:

# on PE-1:
configure
    router Base
        policy-options
            begin
            policy-statement "Import-Leakable-Routes"
                entry 10
                    from
                        protocol bgp
                    exit
                    action accept
                    exit
                exit
            exit
            commit

This import policy is configured for IPv6 routes in VPRN2, as follows:

# on PE-1:
configure
    service
        vprn "VPRN 2"
            bgp
                rib-management
                    ipv6
                        leak-import "Import-Leakable-Routes"
                    exit
                exit
            exit
        exit

The following command shows the leaked IPv6 routes in VPRN 2:

*A:PE-1# show router 2 bgp routes ipv6 leaked
===============================================================================
 BGP Router ID:192.0.2.1        AS:64500       Local AS:64500      
===============================================================================
 Legend -
 Status codes  : u - used, s - suppressed, h - history, d - decayed, * - valid
                 l - leaked, x - stale, > - best, b - backup, p - purge
 Origin codes  : i - IGP, e - EGP, ? - incomplete

===============================================================================
BGP IPv6 Routes
===============================================================================
Flag  Network                                            LocalPref   MED
      Nexthop (Router)                                   Path-Id     IGP Cost
      As-Path                                                        Label
-------------------------------------------------------------------------------
u*>li 2001:db8:90::2/128                                 100         None
      2001:db8:111::1 (VPRN 1)                           None        0
      64501                                                          -
u*>li 2001:db8:90::3/128                                 100         None
      2001:db8:111::1 (VPRN 1)                           None        0
      64501                                                          -
u*>li 2001:db8:90::4/126                                 100         None
      2001:db8:111::1 (VPRN 1)                           None        0
      64501                                                          -
u*>li 2001:db8:100::2/128                                100         None
      2001:db8:17:111::1 (Base)                          None        0
      64501                                                          -
u*>li 2001:db8:100::3/128                                100         None
      2001:db8:17:111::1 (Base)                          None        0
      64501                                                          -
u*>li 2001:db8:100::4/126                                100         None
      2001:db8:17:111::1 (Base)                          None        0
      64501                                                          -
u*>li 2001:db8:120::2/128                                100         None
      2001:db8:112::1 (VPRN 1)                           None        0
      64502                                                          -
u*>li 2001:db8:120::3/128                                100         None
      2001:db8:112::1 (VPRN 1)                           None        0
      64502                                                          -
u*>li 2001:db8:120::4/126                                100         None
      2001:db8:112::1 (VPRN 1)                           None        0
      64502                                                          -
-------------------------------------------------------------------------------
Routes : 9
===============================================================================

Some of these routes are leaked from the base router and some routes are leaked from VPRN 1. The detailed information for any of these leaked routes shows that the flag "leaked" is present. For route 2001:db8:100::2/128, the route source is the base router, as follows:

*A:PE-1# show router 2 bgp routes 2001:db8:100::2/128 detail 
===============================================================================
 BGP Router ID:192.0.2.1        AS:64500       Local AS:64500      
===============================================================================
 Legend -
 Status codes  : u - used, s - suppressed, h - history, d - decayed, * - valid
                 l - leaked, x - stale, > - best, b - backup, p - purge
 Origin codes  : i - IGP, e - EGP, ? - incomplete

===============================================================================
BGP IPv6 Routes
===============================================================================
Original Attributes

Network        : 2001:db8:100::2/128
Nexthop        : 2001:db8:17:111::1 (Base)
Path Id        : None                   
From           : BGP Base
Res. Protocol  : LOCAL                  Res. Metric    : 0
Res. Nexthop   : 2001:db8:17:111::1
Local Pref.    : 100                    Interface Name : int-PE-1-CE-11
Aggregator AS  : None                   Aggregator     : None
Atomic Aggr.   : Not Atomic             MED            : None
AIGP Metric    : None                   IGP Cost       : 0
Connector      : None
Community      : No Community Members
Cluster        : No Cluster Members
Originator Id  : None                   Peer Router Id : 0.0.0.0
Fwd Class      : None                   Priority       : None
Flags          : Used Valid Best IGP Leaked In-RTM 
Route Source   : Leaked from Base
AS-Path        : 64501 
---snip---

For route 2001:db8:90::2/128, the route source is VPRN 1, as follows:

*A:PE-1# show router 2 bgp routes 2001:db8:90::2/128 detail 
===============================================================================
 BGP Router ID:192.0.2.1        AS:64500       Local AS:64500      
===============================================================================
 Legend -
 Status codes  : u - used, s - suppressed, h - history, d - decayed, * - valid
                 l - leaked, x - stale, > - best, b - backup, p - purge
 Origin codes  : i - IGP, e - EGP, ? - incomplete

===============================================================================
BGP IPv6 Routes
===============================================================================
Original Attributes

Network        : 2001:db8:90::2/128
Nexthop        : 2001:db8:111::1 (VPRN 1)
Path Id        : None                   
From           : BGP VPRN 1
Res. Protocol  : LOCAL                  Res. Metric    : 0
Res. Nexthop   : 2001:db8:111::1
Local Pref.    : 100                    Interface Name : int-PE-1-CE-11
Aggregator AS  : None                   Aggregator     : None
Atomic Aggr.   : Not Atomic             MED            : None
AIGP Metric    : None                   IGP Cost       : 0
Connector      : None
Community      : No Community Members
Cluster        : No Cluster Members
Originator Id  : None                   Peer Router Id : 0.0.0.0
Fwd Class      : None                   Priority       : None
Flags          : Used Valid Best IGP Leaked In-RTM 
Route Source   : Leaked from VPRN 1
AS-Path        : 64501 
---snip---

Conclusion

BGP provides many ways to manipulate routes. In this example, IPv4/IPv6 routes learned from BGP neighbors could be marked as "leakable" and imported into other routing instances (VPRN to VPRN, VPRN to GRT, GRT to VPRN) without the use of communities in the network policy.