BGP Route Leaking
This chapter provides information about BGP route leaking.
Topics in this chapter include:
Applicability
The information and configuration in this chapter were originally written for SR OS Release 14.0.R4. The CLI in the current edition corresponds to SR OS Release 22.2.R2.
Overview
Route leaking refers to the process of copying a route from one router context to another.
Network administrators may need to leak routes between routing instances in the same SR OS router. BGP route leaking is an alternative to using import/export policies based on communities to exchange routes between virtual router and forwarders (VRFs).
It is possible to leak a copy of a BGP route (including all its path attributes) from one routing instance to another in the same SR OS router. This BGP route leaking capability applies to IPv4, IPv6, and label-IPv4 routes. Leaking is supported from the GRT to a VPRN, from one VPRN to another VPRN, and from a VPRN to the GRT.
Any BGP route for an IPv4 or IPv6 prefix can be leaked. A BGP route does not have to be the best path or used for forwarding in the source instance in order to be leaked. In SR OS Releases earlier than 19.10.R1, the BGP route had to be valid (that is, the next-hop must be resolved; the AS PATH must not exhibit a loop, for example). In SR OS Release 19.10.R1, and later, BGP in the base router can be configured to allow unresolved route leaking, as described in the Unresolved Route Leaking from Base Router to VPRN chapter.
An IPv4 or IPv6 BGP route becomes a candidate for leaking to another instance when it is specially marked by a BGP import policy. This marking is achieved by accepting the route with a bgp-leak action in the route policy. Routes that are candidates for leaking to other instances show a leakable flag in the output of various show router bgp commands.
To copy a leakable BGP route from a source instance into the BGP RIB of a target instance, the target instance must be configured with a leak-import policy that matches and accepts the leakable route. There are separate leak-import policies for IPv4 and IPv6 routes. Up to 15 leak-import policies can be chained together for more complex examples. In the target instance, the show router bgp routes command displays leaked BGP RIB-IN routes in addition to direct RIB-IN routes learned from neighbors of the routing instance. A leaked flag is added to the leaked RIB-IN entries. BGP route leaking process shows the process of BGP route leaking.
Leaked BGP routes can be advertised to BGP neighbors (peers) of the target routing instance. The BGP next hop of a leaked route is automatically reset to self whenever it is advertised to a peer of the target instance. Normal route advertisement rules apply: by default, the leaked route is advertised if it is the overall best path that is used as the active route to the destination and it is not blocked by the IBGP-to-IBGP split-horizon rule.
A BGP route leaked into a VPRN can be exported from the VPRN as a VPN-IPv4/v6 route if it matches the VRF export policy. Normal VPN export rules apply: by default, the leaked route is exported if it is the overall best path and it is used as the active route to the destination.
This chapter describes BGP route leaking only. For other routes, such as IS-IS, OSPF, RIP, and static routes, VPRN route leaking mechanisms apply that are protocol independent, see chapter Traffic Leaking from VPRN to GRT.
Configuration
Example topology shows the example topology used in this chapter, including the IPv4 addresses. For each of the examples, a dedicated figure will show the specific topology, which is a subset of the topology in Example topology. The interfaces also have IPv6 addresses, which will be shown in BGP IPv6 route leaking between VPRNs and BGP IPv6 route leaking from GRT and VPRN to VPRN. VPRN 2 also has CEs attached, but for simplicity, these are not shown on the figures and no CLI will be shown for any CE.
The following examples will be explained:
Example 1 - BGP IPv4 route leaking between VPRNs. Global BGP policy
Example 2 - BGP IPv4 route leaking between VPRNs per neighbor
Example 3 - BGP IPv4 route leaking from VPRN to GRT per BGP group
Example 4 - BGP IPv4 route leaking from GRT to VPRN per neighbor
Example 5 - BGP IPv6 route leaking between VPRNs. Global VPRN BGP configuration.
Example 6 - BGP IPv6 route leaking from GRT to VPRN and from VPRN to VPRN
Initial configuration
The nodes in the example topology have the following initial configuration:
Cards, MDAs, ports
Router interfaces
IGP (IS-IS or OSPF) between the PEs
LDP between the PEs
VPRN 1 on PE-1; VPRN 2 on PE-1 and PE-2
BGP (IBGP between the PEs; EBGP between PE-1 and the CEs)
On the PEs, BGP is configured in the base router and in the VPRNs.
Loopback addresses and black-hole static routes in the CEs. Different routes are exported to GRT and VPRN 1 on PE-1
Example 1 - BGP IPv4 route leaking between VPRNs. Global BGP policy
BGP IPv4 route leaking between VPRNs shows the topology for this example. CE-11 exports routes such as 192.168.90.2/32 to VPRN 1 on PE-1, and CE-12 exports routes such as 192.168.120.2/32 to VPRN 1 on PE-1.
BGP leaking is disabled by default. The routing table for VPRN 1 on PE-1 includes routes that are learned from CE-11 and CE-12, as follows:
*A:PE-1# show router 1 route-table
===============================================================================
Route Table (Service: 1)
===============================================================================
Dest Prefix[Flags] Type Proto Age Pref
Next Hop[Interface Name] Metric
-------------------------------------------------------------------------------
172.16.1.1/32 Local Local 00h01m28s 0
system 0
172.16.111.0/30 Local Local 00h01m28s 0
int-PE-1-CE-11 0
172.16.112.0/30 Local Local 00h01m28s 0
int-PE-1-CE-12 0
192.168.90.2/32 Remote BGP 00h00m07s 170
172.16.111.2 0
192.168.90.3/32 Remote BGP 00h00m07s 170
172.16.111.2 0
192.168.90.4/30 Remote BGP 00h00m07s 170
172.16.111.2 0
192.168.120.2/32 Remote BGP 00h00m05s 170
172.16.112.2 0
192.168.120.3/32 Remote BGP 00h00m05s 170
172.16.112.2 0
192.168.120.4/32 Remote BGP 00h00m05s 170
172.16.112.2 0
-------------------------------------------------------------------------------
No. of Routes: 9
Flags: n = Number of times nexthop is repeated
B = BGP backup route available
L = LFA nexthop available
S = Sticky ECMP requested
===============================================================================
These BGP routes are not leakable, by default, as follows:
*A:PE-1# show router 1 bgp routes ipv4 leakable
===============================================================================
BGP Router ID:192.0.2.1 AS:64500 Local AS:64500
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP IPv4 Routes
===============================================================================
Flag Network LocalPref MED
Nexthop (Router) Path-Id IGP Cost
As-Path Label
-------------------------------------------------------------------------------
No Matching Entries Found.
===============================================================================
The routing table for VPRN 2 does not include any of these routes because BGP route leaking is disabled by default:
*A:PE-1# show router 2 route-table
===============================================================================
Route Table (Service: 2)
===============================================================================
Dest Prefix[Flags] Type Proto Age Pref
Next Hop[Interface Name] Metric
-------------------------------------------------------------------------------
172.16.2.1/32 Local Local 00h01m28s 0
system 0
172.16.2.2/32 Remote BGP VPN 00h00m41s 170
192.0.2.2 (tunneled) 10
172.16.12.0/30 Local Local 00h01m28s 0
int-PE-1-PE-2_VPN2 0
-------------------------------------------------------------------------------
No. of Routes: 3
Flags: n = Number of times nexthop is repeated
B = BGP backup route available
L = LFA nexthop available
S = Sticky ECMP requested
===============================================================================
To configure BGP route leaking, an import policy is required in VPRN 1. The BGP route leaking policy is configured on PE-1, as follows:
# on PE-1:
configure
router Base
policy-options
begin
policy-statement "BGP-Leak-Policy"
entry 10
from
protocol bgp
exit
action accept
bgp-leak
exit
exit
exit
commit
By adding the action accept bgp-leak, BGP routes are imported and marked as BGP leakable, meaning they are available to be copied—with their complete set of BGP path attributes—to the BGP RIB-IN of another routing instance.
The BGP route leaking policy can be applied in VPRN 1 in the general bgp comtext (as is the case here), in the group context, or per neighbor:
# on PE-1:
configure
service
vprn "VPRN 1"
bgp
import "BGP-Leak-Policy"
exit
With the preceding configuration, SR OS is marking all the BGP routes imported into the VPRN as leakable. The BGP routes originate from CE-11 or CE-12 in this example.
The following command shows which BGP routes in VPRN 1 are marked as leakable:
*A:PE-1# show router 1 bgp routes ipv4 leakable
===============================================================================
BGP Router ID:192.0.2.1 AS:64500 Local AS:64500
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP IPv4 Routes
===============================================================================
Flag Network LocalPref MED
Nexthop (Router) Path-Id IGP Cost
As-Path Label
-------------------------------------------------------------------------------
u*>i 192.168.90.2/32 None None
172.16.111.2 None 0
64501 -
u*>i 192.168.90.3/32 None None
172.16.111.2 None 0
64501 -
u*>i 192.168.90.4/30 None None
172.16.111.2 None 0
64501 -
u*>i 192.168.120.2/32 None None
172.16.112.2 None 0
64502 -
u*>i 192.168.120.3/32 None None
172.16.112.2 None 0
64502 -
u*>i 192.168.120.4/32 None None
172.16.112.2 None 0
64502 -
-------------------------------------------------------------------------------
Routes : 6
===============================================================================
The routes learned from CE-11 and CE-12 are leakable. The detailed output for any route in the preceding list shows the flag "leakable". The route source is external because the routes are imported (from CE-11 or CE-12):
*A:PE-1# show router 1 bgp routes 192.168.90.2/32 detail
===============================================================================
BGP Router ID:192.0.2.1 AS:64500 Local AS:64500
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP IPv4 Routes
===============================================================================
Original Attributes
Network : 192.168.90.2/32
Nexthop : 172.16.111.2
Path Id : None
From : 172.16.111.2
Res. Protocol : LOCAL Res. Metric : 0
Res. Nexthop : 172.16.111.2
Local Pref. : n/a Interface Name : int-PE-1-CE-11
---snip---
Originator Id : None Peer Router Id : 172.16.0.11
Fwd Class : None Priority : None
Flags : Used Valid Best IGP Leakable In-RTM
Route Source : External
AS-Path : 64501
---snip---
BGP leakable routes can be imported into another VPRN. Prefix lists can be used to filter specific routes for BGP leaking, but that is not configured in this example. The following import policy is configured on PE-1 to import BGP leakable routes:
# on PE-1:
configure
router Base
policy-options
begin
policy-statement "Import-Leakable-Routes"
entry 10
from
protocol bgp
exit
action accept
exit
exit
exit
commit
In each of the examples, the same import policy will be used. The import policy to import BGP leakable routes is applied in the VPRN "VPRN 2" on PE-1 as follows:
# on PE-1:
configure
service
vprn "VPRN 2"
bgp
rib-management
ipv4
leak-import "Import-Leakable-Routes"
exit
exit
exit
The following command shows that VPRN 2 imported leaked BGP routes from VPRN 1. The status code "l" indicates that the route is leaked.
*A:PE-1# show router 2 bgp routes ipv4 leaked
===============================================================================
BGP Router ID:192.0.2.1 AS:64500 Local AS:64500
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP IPv4 Routes
===============================================================================
Flag Network LocalPref MED
Nexthop (Router) Path-Id IGP Cost
As-Path Label
-------------------------------------------------------------------------------
u*>li 192.168.90.2/32 100 None
172.16.111.2 (VPRN 1) None 0
64501 -
u*>li 192.168.90.3/32 100 None
172.16.111.2 (VPRN 1) None 0
64501 -
u*>li 192.168.90.4/30 100 None
172.16.111.2 (VPRN 1) None 0
64501 -
u*>li 192.168.120.2/32 100 None
172.16.112.2 (VPRN 1) None 0
64502 -
u*>li 192.168.120.3/32 100 None
172.16.112.2 (VPRN 1) None 0
64502 -
u*>li 192.168.120.4/32 100 None
172.16.112.2 (VPRN 1) None 0
64502 -
-------------------------------------------------------------------------------
Routes : 6
===============================================================================
The flags in the detailed output for a particular leaked BGP route from the preceding list include the flag "leaked". The route source for this leaked route is VPRN 1 and all BGP attributes are preserved, as follows:
*A:PE-1# show router 2 bgp routes 192.168.90.2/32 detail
===============================================================================
BGP Router ID:192.0.2.1 AS:64500 Local AS:64500
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP IPv4 Routes
===============================================================================
Original Attributes
Network : 192.168.90.2/32
Nexthop : 172.16.111.2 (VPRN 1)
Path Id : None
From : BGP VPRN 1
Res. Protocol : LOCAL Res. Metric : 0
Res. Nexthop : 172.16.111.2
Local Pref. : 100 Interface Name : int-PE-1-CE-11
Aggregator AS : None Aggregator : None
Atomic Aggr. : Not Atomic MED : None
AIGP Metric : None IGP Cost : 0
Connector : None
Community : No Community Members
Cluster : No Cluster Members
Originator Id : None Peer Router Id : 0.0.0.0
Fwd Class : None Priority : None
Flags : Used Valid Best IGP Leaked In-RTM
Route Source : Leaked from VPRN 1
AS-Path : 64501
Route Tag : 0
Neighbor-AS : 64501
Orig Validation: NotFound
Source Class : 0 Dest Class : 0
Add Paths Send : Default
RIB Priority : Normal
Last Modified : 00h02m13s
---snip---
The route table for VPRN 2 in the neighbor PE-2 contains the leaked routes, as follows:
*A:PE-2# show router 2 route-table
===============================================================================
Route Table (Service: 2)
===============================================================================
Dest Prefix[Flags] Type Proto Age Pref
Next Hop[Interface Name] Metric
-------------------------------------------------------------------------------
172.16.2.1/32 Remote BGP VPN 00h09m36s 170
192.0.2.1 (tunneled) 10
172.16.2.2/32 Local Local 00h10m20s 0
system 0
172.16.12.0/30 Local Local 00h10m20s 0
int-PE-2-PE-1_VPN2 0
192.168.90.2/32 Remote BGP 00h02m28s 170
172.16.12.1 0
192.168.90.3/32 Remote BGP 00h02m28s 170
172.16.12.1 0
192.168.90.4/30 Remote BGP 00h02m28s 170
172.16.12.1 0
192.168.120.2/32 Remote BGP 00h02m28s 170
172.16.12.1 0
192.168.120.3/32 Remote BGP 00h02m28s 170
172.16.12.1 0
192.168.120.4/32 Remote BGP 00h02m28s 170
172.16.12.1 0
-------------------------------------------------------------------------------
No. of Routes: 9
Flags: n = Number of times nexthop is repeated
B = BGP backup route available
L = LFA nexthop available
S = Sticky ECMP requested
===============================================================================
Example 2 - BGP IPv4 route leaking between VPRNs per neighbor
The topology used for this example is the same as for Example 1; see BGP IPv4 route leaking between VPRNs. Both CEs export the same routes as in the preceding example, and the BGP route leaking policy is identical:
# on PE-1:
configure
router Base
policy-options
begin
policy-statement "BGP-Leak-Policy"
entry 10
from
protocol bgp
exit
action accept
bgp-leak
exit
exit
exit
commit
In the preceding example, the BGP route leaking policy was applied in the global bgp context in VPRN "VPRN 1" and consequently, it applied to routes from all neighbors. In this example, the BGP route leaking policy is applied in VPRN 1 for neighbor CE-11 only, as follows:
# on PE-1:
configure
service
vprn "VPRN 1"
bgp
group "EBGP_64500to64501_IPv4"
neighbor 172.16.111.2
import "BGP-Leak-Policy"
exit
exit
exit
This import policy implies that only routes learned from CE-11 will be leakable. The following command shows all the BGP routes learned in VPRN 1 on PE-1. Not all of these are leakable.
*A:PE-1# show router 1 bgp routes
===============================================================================
BGP Router ID:192.0.2.1 AS:64500 Local AS:64500
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP IPv4 Routes
===============================================================================
Flag Network LocalPref MED
Nexthop (Router) Path-Id IGP Cost
As-Path Label
-------------------------------------------------------------------------------
u*>i 192.168.90.2/32 None None
172.16.111.2 None 0
64501 -
u*>i 192.168.90.3/32 None None
172.16.111.2 None 0
64501 -
u*>i 192.168.90.4/30 None None
172.16.111.2 None 0
64501 -
u*>i 192.168.120.2/32 None None
172.16.112.2 None 0
64502 -
u*>i 192.168.120.3/32 None None
172.16.112.2 None 0
64502 -
u*>i 192.168.120.4/32 None None
172.16.112.2 None 0
64502 -
-------------------------------------------------------------------------------
Routes : 6
===============================================================================
Some routes are learned from CE-11 and other routes are learned from CE-12, and only the routes imported from CE-11 are leakable. The following command shows which IPv4 BGP routes are marked as leakable in VPRN 1 on PE-1:
*A:PE-1# show router 1 bgp routes ipv4 leakable
===============================================================================
BGP Router ID:192.0.2.1 AS:64500 Local AS:64500
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP IPv4 Routes
===============================================================================
Flag Network LocalPref MED
Nexthop (Router) Path-Id IGP Cost
As-Path Label
-------------------------------------------------------------------------------
u*>i 192.168.90.2/32 None None
172.16.111.2 None 0
64501 -
u*>i 192.168.90.3/32 None None
172.16.111.2 None 0
64501 -
u*>i 192.168.90.4/30 None None
172.16.111.2 None 0
64501 -
-------------------------------------------------------------------------------
Routes : 3
===============================================================================
The BGP leakable routes can be imported into another VPRN instance. The import policy is the same as for Example 1:
# on PE-1:
configure
router Base
policy-options
begin
policy-statement "Import-Leakable-Routes"
entry 10
from
protocol bgp
exit
action accept
exit
exit
exit
commit
This import policy is applied in VPRN 2 in the same way as in Example 1:
# on PE-1:
configure
service
vprn "VPRN 2"
bgp
rib-management
ipv4
leak-import "Import-Leakable-Routes"
exit
exit
exit
The following command shows the leaked routes in VPRN 2. Each of these routes is leaked from VPRN 1, as indicated between brackets in the following output. Only routes learned from CE-11 in VPRN 1 are leaked to VPRN 2.
*A:PE-1# show router 2 bgp routes ipv4 leaked
===============================================================================
BGP Router ID:192.0.2.1 AS:64500 Local AS:64500
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP IPv4 Routes
===============================================================================
Flag Network LocalPref MED
Nexthop (Router) Path-Id IGP Cost
As-Path Label
-------------------------------------------------------------------------------
u*>li 192.168.90.2/32 100 None
172.16.111.2 (VPRN 1) None 0
64501 -
u*>li 192.168.90.3/32 100 None
172.16.111.2 (VPRN 1) None 0
64501 -
u*>li 192.168.90.4/30 100 None
172.16.111.2 (VPRN 1) None 0
64501 -
-------------------------------------------------------------------------------
Routes : 3
===============================================================================
The detailed output for any of these BGP routes shows that the flag "leaked" is set and that the route source corresponds to VPRN 1, as shown for route 192.168.90.2/32:
*A:PE-1# show router 2 bgp routes 192.168.90.2/32 detail
===============================================================================
BGP Router ID:192.0.2.1 AS:64500 Local AS:64500
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP IPv4 Routes
===============================================================================
Original Attributes
Network : 192.168.90.2/32
Nexthop : 172.16.111.2 (VPRN 1)
Path Id : None
From : BGP VPRN 1
Res. Protocol : LOCAL Res. Metric : 0
Res. Nexthop : 172.16.111.2
Local Pref. : 100 Interface Name : int-PE-1-CE-11
Aggregator AS : None Aggregator : None
Atomic Aggr. : Not Atomic MED : None
AIGP Metric : None IGP Cost : 0
Connector : None
Community : No Community Members
Cluster : No Cluster Members
Originator Id : None Peer Router Id : 0.0.0.0
Fwd Class : None Priority : None
Flags : Used Valid Best IGP Leaked In-RTM
Route Source : Leaked from VPRN 1
AS-Path : 64501
---snip---
Example 3 - BGP IPv4 route leaking from VPRN to GRT per BGP group
BGP IPv4 route leaking from VPRN to GRT shows the topology for this example. CE-11 and CE-12 export the same routes to VPRN 1. These routes will be marked as leakable and leaked to the GRT.
The routing table for VPRN 1 in PE-1 contains the BGP routes exported by CE-11 and CE-12, as follows:
*A:PE-1# show router 1 route-table
===============================================================================
Route Table (Service: 1)
===============================================================================
Dest Prefix[Flags] Type Proto Age Pref
Next Hop[Interface Name] Metric
-------------------------------------------------------------------------------
172.16.1.1/32 Local Local 00h14m59s 0
system 0
172.16.111.0/30 Local Local 00h14m59s 0
int-PE-1-CE-11 0
172.16.112.0/30 Local Local 00h14m59s 0
int-PE-1-CE-12 0
192.168.90.2/32 Remote BGP 00h00m16s 170
172.16.111.2 0
192.168.90.3/32 Remote BGP 00h00m16s 170
172.16.111.2 0
192.168.90.4/30 Remote BGP 00h00m16s 170
172.16.111.2 0
192.168.120.2/32 Remote BGP 00h03m30s 170
172.16.112.2 0
192.168.120.3/32 Remote BGP 00h03m30s 170
172.16.112.2 0
192.168.120.4/32 Remote BGP 00h03m30s 170
172.16.112.2 0
-------------------------------------------------------------------------------
No. of Routes: 9
Flags: n = Number of times nexthop is repeated
B = BGP backup route available
L = LFA nexthop available
S = Sticky ECMP requested
===============================================================================
The routing table of the base router does not include any of the BGP routes exported by the CEs, as follows:
*A:PE-1# show router route-table
===============================================================================
Route Table (Router: Base)
===============================================================================
Dest Prefix[Flags] Type Proto Age Pref
Next Hop[Interface Name] Metric
-------------------------------------------------------------------------------
172.17.111.0/30 Local Local 00h14m59s 0
int-PE-1-CE-11 0
172.17.112.0/30 Local Local 00h14m59s 0
int-PE-1-CE-12 0
192.0.2.1/32 Local Local 00h14m59s 0
system 0
192.0.2.2/32 Remote ISIS 00h14m44s 15
192.168.12.2 10
192.168.12.0/30 Local Local 00h14m59s 0
int-PE-1-PE-2 0
-------------------------------------------------------------------------------
No. of Routes: 5
Flags: n = Number of times nexthop is repeated
B = BGP backup route available
L = LFA nexthop available
S = Sticky ECMP requested
===============================================================================
The BGP routes are marked as leakable after applying the following configuration:
# on PE-1:
configure
router Base
policy-options
begin
policy-statement "BGP-Leak-Policy"
entry 10
from
protocol bgp
exit
action accept
bgp-leak
exit
exit
exit
commit
This BGP route leaking policy can be applied in the general BGP configuration of VPRN 1, or per BGP group (as is the case here), or per BGP neighbor:
# on PE-1:
configure
service
vprn "VPRN 1"
bgp
group "EBGP_64500to64501_IPv4"
import "BGP-Leak-Policy"
exit
exit
exit
The following command shows the leakable BGP routes in VPRN 1:
*A:PE-1# show router 1 bgp routes ipv4 leakable
===============================================================================
BGP Router ID:192.0.2.1 AS:64500 Local AS:64500
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP IPv4 Routes
===============================================================================
Flag Network LocalPref MED
Nexthop (Router) Path-Id IGP Cost
As-Path Label
-------------------------------------------------------------------------------
u*>i 192.168.90.2/32 None None
172.16.111.2 None 0
64501 -
u*>i 192.168.90.3/32 None None
172.16.111.2 None 0
64501 -
u*>i 192.168.90.4/30 None None
172.16.111.2 None 0
64501 -
-------------------------------------------------------------------------------
Routes : 3
===============================================================================
The leakable BGP routes in VPRN 1 can be imported into the GRT. The import policy is identical to the import policy in the preceding examples, as follows:
# PE-1:
configure
router Base
policy-options
begin
policy-statement "Import-Leakable-Routes"
entry 10
from
protocol bgp
exit
action accept
exit
exit
exit
commit
This import policy is applied in the base router, as follows:
# on PE-1:
configure
router
bgp
rib-management
ipv4
leak-import "Import-Leakable-Routes"
exit
exit
exit
As a result, the leakable BGP routes in VPRN 1 are leaked to the GRT, as follows:
*A:PE-1# show router bgp routes ipv4 leaked
===============================================================================
BGP Router ID:192.0.2.1 AS:64500 Local AS:64500
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP IPv4 Routes
===============================================================================
Flag Network LocalPref MED
Nexthop (Router) Path-Id IGP Cost
As-Path Label
-------------------------------------------------------------------------------
u*>li 192.168.90.2/32 100 None
172.16.111.2 (VPRN 1) None 0
64501 -
u*>li 192.168.90.3/32 100 None
172.16.111.2 (VPRN 1) None 0
64501 -
u*>li 192.168.90.4/30 100 None
172.16.111.2 (VPRN 1) None 0
64501 -
-------------------------------------------------------------------------------
Routes : 3
===============================================================================
The detailed information for any of these leaked routes shows that the flag "leaked" is present and that the route source is VPRN 1, as follows:
*A:PE-1# show router bgp routes 192.168.90.2/32 detail
===============================================================================
BGP Router ID:192.0.2.1 AS:64500 Local AS:64500
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP IPv4 Routes
===============================================================================
Original Attributes
Network : 192.168.90.2/32
Nexthop : 172.16.111.2 (VPRN 1)
Path Id : None
From : BGP VPRN 1
Res. Protocol : LOCAL Res. Metric : 0
Res. Nexthop : 172.16.111.2
Local Pref. : 100 Interface Name : int-PE-1-CE-11
Aggregator AS : None Aggregator : None
Atomic Aggr. : Not Atomic MED : None
AIGP Metric : None IGP Cost : 0
Connector : None
Community : No Community Members
Cluster : No Cluster Members
Originator Id : None Peer Router Id : 0.0.0.0
Fwd Class : None Priority : None
Flags : Used Valid Best IGP Leaked In-RTM
Route Source : Leaked from VPRN 1
AS-Path : 64501
---snip---
The GRT includes the leaked routes, as follows:
*A:PE-1# show router route-table
===============================================================================
Route Table (Router: Base)
===============================================================================
Dest Prefix[Flags] Type Proto Age Pref
Next Hop[Interface Name] Metric
-------------------------------------------------------------------------------
172.17.111.0/30 Local Local 00h23m13s 0
int-PE-1-CE-11 0
172.17.112.0/30 Local Local 00h23m13s 0
int-PE-1-CE-12 0
192.0.2.1/32 Local Local 00h23m13s 0
system 0
192.0.2.2/32 Remote ISIS 00h22m57s 15
192.168.12.2 10
192.168.12.0/30 Local Local 00h23m13s 0
int-PE-1-PE-2 0
192.168.90.2/32 Remote BGP 00h04m49s 170
172.16.111.2 0
192.168.90.3/32 Remote BGP 00h04m49s 170
172.16.111.2 0
192.168.90.4/30 Remote BGP 00h04m49s 170
172.16.111.2 0
-------------------------------------------------------------------------------
No. of Routes: 8
Flags: n = Number of times nexthop is repeated
B = BGP backup route available
L = LFA nexthop available
S = Sticky ECMP requested
===============================================================================
The GRT on neighbor PE-2 also includes the leaked routes, as follows:
*A:PE-2# show router route-table
===============================================================================
Route Table (Router: Base)
===============================================================================
Dest Prefix[Flags] Type Proto Age Pref
Next Hop[Interface Name] Metric
-------------------------------------------------------------------------------
192.0.2.1/32 Remote ISIS 00h22m58s 15
192.168.12.1 10
192.0.2.2/32 Local Local 00h23m06s 0
system 0
192.168.12.0/30 Local Local 00h23m06s 0
int-PE-2-PE-1 0
192.168.90.2/32 Remote BGP 00h04m45s 170
192.168.12.1 10
192.168.90.3/32 Remote BGP 00h04m45s 170
192.168.12.1 10
192.168.90.4/30 Remote BGP 00h04m45s 170
192.168.12.1 10
-------------------------------------------------------------------------------
No. of Routes: 6
Flags: n = Number of times nexthop is repeated
B = BGP backup route available
L = LFA nexthop available
S = Sticky ECMP requested
===============================================================================
Example 4 - BGP IPv4 route leaking from GRT to VPRN per neighbor
BGP IPv4 route leaking from GRT to VPRN shows the topology for this example, and the corresponding IP addresses. CE-11 exports routes such as 192.168.100.2/32 to the base router and CE-12 exports routes such as 192.168.121.2/32 to the base router. The routes will be leaked from the base router to VPRN 2.
The GRT in PE-1 includes BGP routes learned from CE-11 and CE-12, as follows:
*A:PE-1# show router route-table
===============================================================================
Route Table (Router: Base)
===============================================================================
Dest Prefix[Flags] Type Proto Age Pref
Next Hop[Interface Name] Metric
-------------------------------------------------------------------------------
172.17.111.0/30 Local Local 00h25m58s 0
int-PE-1-CE-11 0
172.17.112.0/30 Local Local 00h25m58s 0
int-PE-1-CE-12 0
192.0.2.1/32 Local Local 00h25m58s 0
system 0
192.0.2.2/32 Remote ISIS 00h25m43s 15
192.168.12.2 10
192.168.12.0/30 Local Local 00h25m58s 0
int-PE-1-PE-2 0
192.168.100.2/32 Remote BGP 00h00m57s 170
172.17.111.2 0
192.168.100.3/32 Remote BGP 00h00m57s 170
172.17.111.2 0
192.168.100.4/30 Remote BGP 00h00m57s 170
172.17.111.2 0
192.168.121.2/32 Remote BGP 00h01m08s 170
172.17.112.2 0
192.168.121.3/32 Remote BGP 00h01m08s 170
172.17.112.2 0
192.168.121.4/30 Remote BGP 00h01m08s 170
172.17.112.2 0
-------------------------------------------------------------------------------
No. of Routes: 11
Flags: n = Number of times nexthop is repeated
B = BGP backup route available
L = LFA nexthop available
S = Sticky ECMP requested
===============================================================================
The BGP leaking policy is the same as in the preceding examples:
# on PE-1:
configure
router Base
policy-options
begin
policy-statement "BGP-Leak-Policy"
entry 10
from
protocol bgp
exit
action accept
bgp-leak
exit
exit
exit
commit
The BGP route leaking policy is applied on the base router for neighbor CE-11 only, as follows:
# on PE-1:
configure
router
bgp
group "EBGP_64500to64501_IPv4"
neighbor 172.17.111.2
import "BGP-Leak-Policy"
exit
exit
exit
The following command shows that only the routes imported from neighbor CE-11 are marked as leakable in the GRT:
*A:PE-1# show router bgp routes ipv4 leakable
===============================================================================
BGP Router ID:192.0.2.1 AS:64500 Local AS:64500
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP IPv4 Routes
===============================================================================
Flag Network LocalPref MED
Nexthop (Router) Path-Id IGP Cost
As-Path Label
-------------------------------------------------------------------------------
u*>i 192.168.100.2/32 None None
172.17.111.2 None 0
64501 -
u*>i 192.168.100.3/32 None None
172.17.111.2 None 0
64501 -
u*>i 192.168.100.4/30 None None
172.17.111.2 None 0
64501 -
-------------------------------------------------------------------------------
Routes : 3
===============================================================================
The leakable BGP routes in the GRT can be imported into VPRN 2. The import policy is identical to the import policy in the preceding examples, as follows:
# on PE-1:
configure
router Base
policy-options
begin
policy-statement "Import-Leakable-Routes"
entry 10
from
protocol bgp
exit
action accept
exit
exit
exit
commit
This import policy is applied in VPRN 2, as follows:
# on PE-1:
configure
service
vprn 2
bgp
rib-management
ipv4
leak-import "Import-Leakable-Routes"
exit
exit
exit
The following command shows the imported leaked BGP routes in VPRN 2. The source of these leaked routes is the base router, not a VPRN.
*A:PE-1# show router 2 bgp routes ipv4 leaked
===============================================================================
BGP Router ID:192.0.2.1 AS:64500 Local AS:64500
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP IPv4 Routes
===============================================================================
Flag Network LocalPref MED
Nexthop (Router) Path-Id IGP Cost
As-Path Label
-------------------------------------------------------------------------------
u*>li 192.168.100.2/32 100 None
172.17.111.2 (Base) None 0
64501 -
u*>li 192.168.100.3/32 100 None
172.17.111.2 (Base) None 0
64501 -
u*>li 192.168.100.4/30 100 None
172.17.111.2 (Base) None 0
64501 -
-------------------------------------------------------------------------------
Routes : 3
===============================================================================
Any of these leaked BGP routes has the flag "leaked", and the route source is the base router (leaked from base), as follows:
*A:PE-1# show router 2 bgp routes 192.168.100.2/32 detail
===============================================================================
BGP Router ID:192.0.2.1 AS:64500 Local AS:64500
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP IPv4 Routes
===============================================================================
Original Attributes
Network : 192.168.100.2/32
Nexthop : 172.17.111.2 (Base)
Path Id : None
From : BGP Base
Res. Protocol : LOCAL Res. Metric : 0
Res. Nexthop : 172.17.111.2
Local Pref. : 100 Interface Name : int-PE-1-CE-11
Aggregator AS : None Aggregator : None
Atomic Aggr. : Not Atomic MED : None
AIGP Metric : None IGP Cost : 0
Connector : None
Community : No Community Members
Cluster : No Cluster Members
Originator Id : None Peer Router Id : 0.0.0.0
Fwd Class : None Priority : None
Flags : Used Valid Best IGP Leaked In-RTM
Route Source : Leaked from Base
AS-Path : 64501
---snip---
Example 5 - BGP IPv6 route leaking between VPRNs. Global VPRN BGP configuration.
BGP IPv6 route leaking between VPRNs shows the topology and the IP addresses used for this example. CE-11 exports routes such as 2001:db8:90::2/128 to VPRN 1 on PE-1, and CE-12 exports routes such as 2001:db8:120::2/128 to VPRN 1 on PE-1.
*A:PE-1# show router 1 route-table ipv6
===============================================================================
IPv6 Route Table (Service: 1)
===============================================================================
Dest Prefix[Flags] Type Proto Age Pref
Next Hop[Interface Name] Metric
-------------------------------------------------------------------------------
2001:db8::1:1/128 Local Local 00h32m46s 0
system 0
2001:db8:90::2/128 Remote BGP 00h00m44s 170
2001:db8:111::1 0
2001:db8:90::3/128 Remote BGP 00h00m44s 170
2001:db8:111::1 0
2001:db8:90::4/126 Remote BGP 00h00m44s 170
2001:db8:111::1 0
2001:db8:111::/127 Local Local 00h32m46s 0
int-PE-1-CE-11 0
2001:db8:112::/127 Local Local 00h32m46s 0
int-PE-1-CE-12 0
2001:db8:120::2/128 Remote BGP 00h00m48s 170
2001:db8:112::1 0
2001:db8:120::3/128 Remote BGP 00h00m48s 170
2001:db8:112::1 0
2001:db8:120::4/126 Remote BGP 00h00m48s 170
2001:db8:112::1 0
-------------------------------------------------------------------------------
No. of Routes: 9
Flags: n = Number of times nexthop is repeated
B = BGP backup route available
L = LFA nexthop available
S = Sticky ECMP requested
===============================================================================
The BGP route leaking policy is the same as for IPv4 routes:
# PE-1:
configure
router Base
policy-options
begin
policy-statement "BGP-Leak-Policy"
entry 10
from
protocol bgp
exit
action accept
bgp-leak
exit
exit
exit
commit
This import policy is applied in the bgp context of VPRN 1, as follows:
@ on PE-1:
configure
service
vprn "VPRN 1"
bgp
import "BGP-Leak-Policy"
exit
exit
With the preceding configuration, all the routes imported into the VPRN using BGP are marked as leakable.
The following command shows which BGP IPv6 routes are marked as leakable in VPRN 1:
*A:PE-1# show router 1 bgp routes ipv6 leakable
===============================================================================
BGP Router ID:192.0.2.1 AS:64500 Local AS:64500
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP IPv6 Routes
===============================================================================
Flag Network LocalPref MED
Nexthop (Router) Path-Id IGP Cost
As-Path Label
-------------------------------------------------------------------------------
u*>i 2001:db8:90::2/128 None None
2001:db8:111::1 None 0
64501 -
u*>i 2001:db8:90::3/128 None None
2001:db8:111::1 None 0
64501 -
u*>i 2001:db8:90::4/126 None None
2001:db8:111::1 None 0
64501 -
u*>i 2001:db8:120::2/128 None None
2001:db8:112::1 None 0
64502 -
u*>i 2001:db8:120::3/128 None None
2001:db8:112::1 None 0
64502 -
u*>i 2001:db8:120::4/126 None None
2001:db8:112::1 None 0
64502 -
-------------------------------------------------------------------------------
Routes : 6
===============================================================================
The BGP leakable routes can be imported into VPRN 2 when the following import policy is configured and applied in VPRN 2:
# on PE-1:
configure
router Base
policy-options
begin
policy-statement "Import-Leakable-Routes"
entry 10
from
protocol bgp
exit
action accept
exit
exit
exit
commit
The only difference from IPv4 routes is that the policy is applied to the ipv6 context of the RIB management:
# on PE-1:
configure
service
vprn 2
bgp
rib-management
ipv6
leak-import "Import-Leakable-Routes"
exit
exit
exit
The following command shows that the VPRN is importing the leaked BGP IPv6 routes from another VPRN instance:
*A:PE-1# show router 2 bgp routes ipv6 leaked
===============================================================================
BGP Router ID:192.0.2.1 AS:64500 Local AS:64500
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP IPv6 Routes
===============================================================================
Flag Network LocalPref MED
Nexthop (Router) Path-Id IGP Cost
As-Path Label
-------------------------------------------------------------------------------
u*>li 2001:db8:90::2/128 100 None
2001:db8:111::1 (VPRN 1) None 0
64501 -
u*>li 2001:db8:90::3/128 100 None
2001:db8:111::1 (VPRN 1) None 0
64501 -
u*>li 2001:db8:90::4/126 100 None
2001:db8:111::1 (VPRN 1) None 0
64501 -
u*>li 2001:db8:120::2/128 100 None
2001:db8:112::1 (VPRN 1) None 0
64502 -
u*>li 2001:db8:120::3/128 100 None
2001:db8:112::1 (VPRN 1) None 0
64502 -
u*>li 2001:db8:120::4/126 100 None
2001:db8:112::1 (VPRN 1) None 0
64502 -
-------------------------------------------------------------------------------
Routes : 6
===============================================================================
The BGP routes have the flag "leaked" and the route source is VPRN 1, as follows:
*A:PE-1# show router 2 bgp routes 2001:db8:90::2/128 detail
===============================================================================
BGP Router ID:192.0.2.1 AS:64500 Local AS:64500
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP IPv6 Routes
===============================================================================
Original Attributes
Network : 2001:db8:90::2/128
Nexthop : 2001:db8:111::1 (VPRN 1)
Path Id : None
From : BGP VPRN 1
Res. Protocol : LOCAL Res. Metric : 0
Res. Nexthop : 2001:db8:111::1
Local Pref. : 100 Interface Name : int-PE-1-CE-11
Aggregator AS : None Aggregator : None
Atomic Aggr. : Not Atomic MED : None
AIGP Metric : None IGP Cost : 0
Connector : None
Community : No Community Members
Cluster : No Cluster Members
Originator Id : None Peer Router Id : 0.0.0.0
Fwd Class : None Priority : None
Flags : Used Valid Best IGP Leaked
Route Source : Leaked from VPRN 1
AS-Path : 64501
---snip---
Example 6 - BGP IPv6 route leaking from GRT to VPRN and from VPRN to VPRN
BGP IPv6 route leaking from GRT and VPRN to VPRN shows the topology and the IPv6 addresses used in this example. CE-11 exports IPv6 routes such as 2001:db8:90::2/128 to VPRN 1 and IPv6 routes such as 2001:db8:100::2/128 to the GRT. CE-12 exports IPv6 routes such as 2001:db8:120::2/128 to VPRN 1 and IPv6 routes such as 2001:db8:121::2/128 to the GRT.
The IPv6 routing table in the GRT contains routes exported by CE-11 and CE-12, as follows:
*A:PE-1# show router route-table ipv6
===============================================================================
IPv6 Route Table (Router: Base)
===============================================================================
Dest Prefix[Flags] Type Proto Age Pref
Next Hop[Interface Name] Metric
-------------------------------------------------------------------------------
2001:db8::1/128 Local Local 00h42m19s 0
system 0
2001:db8::2/128 Remote ISIS 00h42m04s 15
fe80::14:1ff:fe01:1-"int-PE-1-PE-2" 10
2001:db8:12::/126 Local Local 00h42m18s 0
int-PE-1-PE-2 0
2001:db8:17:111::/127 Local Local 00h42m18s 0
int-PE-1-CE-11 0
2001:db8:17:112::/127 Local Local 00h42m18s 0
int-PE-1-CE-12 0
2001:db8:100::2/128 Remote BGP 00h02m54s 170
2001:db8:17:111::1 0
2001:db8:100::3/128 Remote BGP 00h02m54s 170
2001:db8:17:111::1 0
2001:db8:100::4/126 Remote BGP 00h02m54s 170
2001:db8:17:111::1 0
2001:db8:121::2/128 Remote BGP 00h03m03s 170
2001:db8:17:112::1 0
2001:db8:121::3/128 Remote BGP 00h03m03s 170
2001:db8:17:112::1 0
2001:db8:121::4/126 Remote BGP 00h03m03s 170
2001:db8:17:112::1 0
-------------------------------------------------------------------------------
No. of Routes: 11
Flags: n = Number of times nexthop is repeated
B = BGP backup route available
L = LFA nexthop available
S = Sticky ECMP requested
===============================================================================
The IPv6 routing table for VPRN 1 also contains routes exported by CE-11 and CE-12, as follows:
*A:PE-1# show router 1 route-table ipv6
===============================================================================
IPv6 Route Table (Service: 1)
===============================================================================
Dest Prefix[Flags] Type Proto Age Pref
Next Hop[Interface Name] Metric
-------------------------------------------------------------------------------
2001:db8::1:1/128 Local Local 00h42m18s 0
system 0
2001:db8:90::2/128 Remote BGP 00h03m57s 170
2001:db8:111::1 0
2001:db8:90::3/128 Remote BGP 00h03m57s 170
2001:db8:111::1 0
2001:db8:90::4/126 Remote BGP 00h03m57s 170
2001:db8:111::1 0
2001:db8:111::/127 Local Local 00h42m18s 0
int-PE-1-CE-11 0
2001:db8:112::/127 Local Local 00h42m18s 0
int-PE-1-CE-12 0
2001:db8:120::2/128 Remote BGP 00h03m57s 170
2001:db8:112::1 0
2001:db8:120::3/128 Remote BGP 00h03m57s 170
2001:db8:112::1 0
2001:db8:120::4/126 Remote BGP 00h03m57s 170
2001:db8:112::1 0
-------------------------------------------------------------------------------
No. of Routes: 9
Flags: n = Number of times nexthop is repeated
B = BGP backup route available
L = LFA nexthop available
S = Sticky ECMP requested
===============================================================================
The policy to mark imported BGP routes as leakable can be identical to the policy used in the preceding examples. However, in this case, prefix-lists are added as a filter. VPRN 1 may accept routes such as 2001:db8:90::2/128 and 2001:db8:120::2/128.
# on PE-1:
configure
router Base
policy-options
begin
prefix-list "2001:db8:90::"
prefix 2001:db8:90::/100 longer
exit
prefix-list "2001:db8:120::"
prefix 2001:db8:120::/100 longer
exit
policy-statement "BGP-Leak-Policy_90_120"
entry 10
from
protocol bgp
prefix-list "2001:db8:90::"
exit
action accept
bgp-leak
exit
exit
entry 20
from
protocol bgp
prefix-list "2001:db8:120::"
exit
action accept
bgp-leak
exit
exit
exit
commit
This import policy is applied in the general BGP settings for VPRN 1, as follows:
# on PE-1:
configure
service
vprn "VPRN 1"
bgp
import "BGP-Leak-Policy_90_120"
exit
exit
In a similar way, the base router may accept routes such as 2001:8db:100::2/128 and 2001:8db:121::2/128:
# on PE-1:
configure
router Base
policy-options
begin
prefix-list "2001:db8:100::"
prefix 2001:db8:100::/100 longer
exit
prefix-list "2001:db8:121::"
prefix 2001:db8:121::/100 longer
exit
policy-statement "BGP-Leak-Policy_100_121"
entry 10
from
protocol bgp
prefix-list "2001:db8:100::"
exit
action accept
bgp-leak
exit
exit
entry 20
from
protocol bgp
prefix-list "2001:db8:121::"
exit
action accept
bgp-leak
exit
exit
exit
commit
This BGP leaking policy is applied for neighbor CE-11 in the base router, as follows. The routes exported by CE-12 will not be marked as leakable.
# on PE-1:
configure
router Base
bgp
group "EBGP_64500to64501_IPv6"
neighbor 2001:db8:17:111::1
import "BGP-Leak-Policy_100_121"
exit
exit
The following command shows which routes are marked as leakable in the GRT:
*A:PE-1# show router bgp routes ipv6 leakable
===============================================================================
BGP Router ID:192.0.2.1 AS:64500 Local AS:64500
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP IPv6 Routes
===============================================================================
Flag Network LocalPref MED
Nexthop (Router) Path-Id IGP Cost
As-Path Label
-------------------------------------------------------------------------------
u*>i 2001:db8:100::2/128 None None
2001:db8:17:111::1 None 0
64501 -
u*>i 2001:db8:100::3/128 None None
2001:db8:17:111::1 None 0
64501 -
u*>i 2001:db8:100::4/126 None None
2001:db8:17:111::1 None 0
64501 -
-------------------------------------------------------------------------------
Routes : 3
===============================================================================
The following command shows which routes are marked as leakable in VPRN 1:
*A:PE-1# show router 1 bgp routes ipv6 leakable
===============================================================================
BGP Router ID:192.0.2.1 AS:64500 Local AS:64500
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP IPv6 Routes
===============================================================================
Flag Network LocalPref MED
Nexthop (Router) Path-Id IGP Cost
As-Path Label
-------------------------------------------------------------------------------
u*>i 2001:db8:90::2/128 None None
2001:db8:111::1 None 0
64501 -
u*>i 2001:db8:90::3/128 None None
2001:db8:111::1 None 0
64501 -
u*>i 2001:db8:90::4/126 None None
2001:db8:111::1 None 0
64501 -
u*>i 2001:db8:120::2/128 None None
2001:db8:112::1 None 0
64502 -
u*>i 2001:db8:120::3/128 None None
2001:db8:112::1 None 0
64502 -
u*>i 2001:db8:120::4/126 None None
2001:db8:112::1 None 0
64502 -
-------------------------------------------------------------------------------
Routes : 6
===============================================================================
On PE-1, a policy is created to import the BGP leakable routes (the same as in the preceding examples), as follows:
# on PE-1:
configure
router Base
policy-options
begin
policy-statement "Import-Leakable-Routes"
entry 10
from
protocol bgp
exit
action accept
exit
exit
exit
commit
This import policy is configured for IPv6 routes in VPRN2, as follows:
# on PE-1:
configure
service
vprn "VPRN 2"
bgp
rib-management
ipv6
leak-import "Import-Leakable-Routes"
exit
exit
exit
exit
The following command shows the leaked IPv6 routes in VPRN 2:
*A:PE-1# show router 2 bgp routes ipv6 leaked
===============================================================================
BGP Router ID:192.0.2.1 AS:64500 Local AS:64500
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP IPv6 Routes
===============================================================================
Flag Network LocalPref MED
Nexthop (Router) Path-Id IGP Cost
As-Path Label
-------------------------------------------------------------------------------
u*>li 2001:db8:90::2/128 100 None
2001:db8:111::1 (VPRN 1) None 0
64501 -
u*>li 2001:db8:90::3/128 100 None
2001:db8:111::1 (VPRN 1) None 0
64501 -
u*>li 2001:db8:90::4/126 100 None
2001:db8:111::1 (VPRN 1) None 0
64501 -
u*>li 2001:db8:100::2/128 100 None
2001:db8:17:111::1 (Base) None 0
64501 -
u*>li 2001:db8:100::3/128 100 None
2001:db8:17:111::1 (Base) None 0
64501 -
u*>li 2001:db8:100::4/126 100 None
2001:db8:17:111::1 (Base) None 0
64501 -
u*>li 2001:db8:120::2/128 100 None
2001:db8:112::1 (VPRN 1) None 0
64502 -
u*>li 2001:db8:120::3/128 100 None
2001:db8:112::1 (VPRN 1) None 0
64502 -
u*>li 2001:db8:120::4/126 100 None
2001:db8:112::1 (VPRN 1) None 0
64502 -
-------------------------------------------------------------------------------
Routes : 9
===============================================================================
Some of these routes are leaked from the base router and some routes are leaked from VPRN 1. The detailed information for any of these leaked routes shows that the flag "leaked" is present. For route 2001:db8:100::2/128, the route source is the base router, as follows:
*A:PE-1# show router 2 bgp routes 2001:db8:100::2/128 detail
===============================================================================
BGP Router ID:192.0.2.1 AS:64500 Local AS:64500
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP IPv6 Routes
===============================================================================
Original Attributes
Network : 2001:db8:100::2/128
Nexthop : 2001:db8:17:111::1 (Base)
Path Id : None
From : BGP Base
Res. Protocol : LOCAL Res. Metric : 0
Res. Nexthop : 2001:db8:17:111::1
Local Pref. : 100 Interface Name : int-PE-1-CE-11
Aggregator AS : None Aggregator : None
Atomic Aggr. : Not Atomic MED : None
AIGP Metric : None IGP Cost : 0
Connector : None
Community : No Community Members
Cluster : No Cluster Members
Originator Id : None Peer Router Id : 0.0.0.0
Fwd Class : None Priority : None
Flags : Used Valid Best IGP Leaked In-RTM
Route Source : Leaked from Base
AS-Path : 64501
---snip---
For route 2001:db8:90::2/128, the route source is VPRN 1, as follows:
*A:PE-1# show router 2 bgp routes 2001:db8:90::2/128 detail
===============================================================================
BGP Router ID:192.0.2.1 AS:64500 Local AS:64500
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP IPv6 Routes
===============================================================================
Original Attributes
Network : 2001:db8:90::2/128
Nexthop : 2001:db8:111::1 (VPRN 1)
Path Id : None
From : BGP VPRN 1
Res. Protocol : LOCAL Res. Metric : 0
Res. Nexthop : 2001:db8:111::1
Local Pref. : 100 Interface Name : int-PE-1-CE-11
Aggregator AS : None Aggregator : None
Atomic Aggr. : Not Atomic MED : None
AIGP Metric : None IGP Cost : 0
Connector : None
Community : No Community Members
Cluster : No Cluster Members
Originator Id : None Peer Router Id : 0.0.0.0
Fwd Class : None Priority : None
Flags : Used Valid Best IGP Leaked In-RTM
Route Source : Leaked from VPRN 1
AS-Path : 64501
---snip---
Conclusion
BGP provides many ways to manipulate routes. In this example, IPv4/IPv6 routes learned from BGP neighbors could be marked as "leakable" and imported into other routing instances (VPRN to VPRN, VPRN to GRT, GRT to VPRN) without the use of communities in the network policy.