BGP Route Leaking
This chapter provides information about BGP route leaking.
Topics in this chapter include:
Applicability
This chapter was initially written based on SR OS Release 14.0.R4. The MD-CLI in the current edition corresponds to SR OS Release 22.2.R2.
Overview
Route leaking refers to the process of copying a route from one router context to another.
Network administrators may need to leak routes between routing instances in the same SR OS router. BGP route leaking is an alternative to using import and export policies based on communities to exchange routes between Virtual Router and Forwarders (VRFs).
It is possible to leak a copy of a BGP route (including all its path attributes) from one routing instance to another in the same SR OS router. This BGP route leaking capability applies to IPv4, IPv6, and label-IPv4 routes. Leaking is supported from the GRT to a VPRN, from one VPRN to another VPRN, and from a VPRN to the GRT.
Any BGP route for an IPv4 or IPv6 prefix can be leaked. A BGP route does not have to be the best path or used for forwarding in the source instance in order to be leaked. In SR OS releases earlier than 19.10.R1, the BGP route had to be valid (that is, the next-hop must be resolved; the AS PATH must not exhibit a loop, for example). In SR OS Release 19.10.R1, and later, BGP in the base router can be configured to allow unresolved route leaking, as described in the Unresolved Route Leaking from Base Router to VPRN chapter in the ‟Unicast Routing Protocols” volume of 7450 ESS, 7750 SR, and 7950 XRS Advanced Configuration Guide — Part I.
An IPv4 or IPv6 BGP route becomes a candidate for leaking to another instance when it is specially marked by a BGP import policy. This marking is achieved by accepting the route with a bgp-leak action in the route policy. Routes that are candidates for leaking to other instances show a leakable flag in the output of various show router bgp commands.
To copy a leakable BGP route from a source instance into the BGP RIB of a target instance, the target instance must be configured with a leak-import policy that matches and accepts the leakable route. There are separate leak-import policies for IPv4 and IPv6 routes. Up to 15 leak-import policies can be chained together for more complex examples. In the target instance, the show router bgp routes command displays leaked BGP RIB-IN routes in addition to direct RIB-IN routes learned from neighbors of the routing instance. A leaked flag is added to the leaked RIB-IN entries. BGP route leaking process shows the process of BGP route leaking.
Leaked BGP routes can be advertised to BGP neighbors (peers) of the target routing instance. The BGP next hop of a leaked route is automatically reset to self whenever it is advertised to a peer of the target instance. Normal route advertisement rules apply: by default, the leaked route is advertised if it is the overall best path that is used as the active route to the destination and it is not blocked by the IBGP-to-IBGP split-horizon rule.
A BGP route leaked into a VPRN can be exported from the VPRN as a VPN-IPv4/v6 route if it matches the VRF export policy. Normal VPN export rules apply: by default, the leaked route is exported if it is the overall best path and it is used as the active route to the destination.
This chapter describes BGP route leaking only. For other routes, such as IS-IS, OSPF, RIP, and static routes, VPRN route leaking mechanisms apply that are protocol independent, see chapter Traffic Leaking from VPRN to GRT in the ‟Unicast Routing Protocols” volume of 7450 ESS, 7750 SR, and 7950 XRS Advanced Configuration Guide — Part I.
Configuration
Example topology shows the example topology used in this chapter, including the IPv4 addresses. For each of the examples, a dedicated figure will show the specific topology, which is a subset of the topology in Example topology. The interfaces also have IPv6 addresses, which will be shown in BGP IPv6 route leaking between VPRNs and BGP IPv6 route leaking from GRT and VPRN to VPRN. VPRN 2 also has CEs attached, but for simplicity, these are not shown on the figures and no CLI will be shown for any CE.
The following examples will be explained:
-
Example 1 - BGP IPv4 route leaking between VPRNs. Global BGP policy
-
Example 2 - BGP IPv4 route leaking between VPRNs per neighbor
-
Example 3 - BGP IPv4 route leaking from VPRN to GRT per BGP group
-
Example 4 - BGP IPv4 route leaking from GRT to VPRN per neighbor
-
Example 5 - BGP IPv6 route leaking between VPRNs. Global VPRN BGP configuration
-
Example 6 - BGP IPv6 route leaking from GRT to VPRN and from VPRN to VPRN
Initial configuration
The nodes in the example topology have the following initial configuration:
-
Cards, MDAs, ports
-
Router interfaces
-
IGP (IS-IS or OSPF) between the PEs
-
LDP between the PEs
-
VPRN "VPRN 1" on PE-1; VPRN "VPRN 2" on PE-1 and PE-2
-
BGP (IBGP between the PEs; EBGP between PE-1 and the CEs)
-
On the PEs, BGP is configured in the base router and in the VPRNs.
-
-
Loopback addresses and black-hole static routes in the CEs. Different routes are exported to GRT and VPRN 1 on PE-1
Example 1 - BGP IPv4 route leaking between VPRNs. Global BGP policy
BGP IPv4 route leaking between VPRNs shows the topology for this example. CE-11 exports routes such as 192.168.90.2/32 to VPRN 1 on PE-1, and CE-12 exports routes such as 192.168.120.2/32 to VPRN 1 on PE-1.
In MD-CLI, all EBGP routes are by default rejected unless policies are configured. The following import policy accepts all BGP routes and is applied in VPRN 1.
# on PE-1:
configure {
policy-options {
policy-statement "import-bgp" {
entry 10 {
from {
protocol {
name [bgp]
}
}
action {
action-type accept
}
}
}
}
service {
vprn "VPRN 1" {
bgp {
import {
policy ["import-bgp"]
}
}
The routing table for VPRN 1 on PE-1 includes routes that are learned from CE-11 and CE-12, as follows:
[/]
A:admin@PE-1# show router 1 route-table
===============================================================================
Route Table (Service: 1)
===============================================================================
Dest Prefix[Flags] Type Proto Age Pref
Next Hop[Interface Name] Metric
-------------------------------------------------------------------------------
172.16.1.1/32 Local Local 00h04m46s 0
system 0
172.16.111.0/30 Local Local 00h04m46s 0
int-PE-1-CE-11 0
172.16.112.0/30 Local Local 00h04m46s 0
int-PE-1-CE-12 0
192.168.90.2/32 Remote BGP 00h00m21s 170
172.16.111.2 0
192.168.90.3/32 Remote BGP 00h00m21s 170
172.16.111.2 0
192.168.90.4/30 Remote BGP 00h00m21s 170
172.16.111.2 0
192.168.120.2/32 Remote BGP 00h00m36s 170
172.16.112.2 0
192.168.120.3/32 Remote BGP 00h00m36s 170
172.16.112.2 0
192.168.120.4/32 Remote BGP 00h00m36s 170
172.16.112.2 0
-------------------------------------------------------------------------------
No. of Routes: 9
Flags: n = Number of times nexthop is repeated
B = BGP backup route available
L = LFA nexthop available
S = Sticky ECMP requested
===============================================================================
These BGP routes are not leakable, by default, as follows:
[/]
A:admin@PE-1# show router 1 bgp routes ipv4 leakable
===============================================================================
BGP Router ID:192.0.2.1 AS:64500 Local AS:64500
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP IPv4 Routes
===============================================================================
Flag Network LocalPref MED
Nexthop (Router) Path-Id IGP Cost
As-Path Label
-------------------------------------------------------------------------------
No Matching Entries Found.
===============================================================================
The routing table for VPRN 2 does not include any of these routes because BGP route leaking is disabled by default:
[/]
A:admin@PE-1# show router 2 route-table
===============================================================================
Route Table (Service: 2)
===============================================================================
Dest Prefix[Flags] Type Proto Age Pref
Next Hop[Interface Name] Metric
-------------------------------------------------------------------------------
172.16.2.1/32 Local Local 00h04m46s 0
system 0
172.16.2.2/32 Remote BGP VPN 00h03m52s 170
192.0.2.2 (tunneled) 0
172.16.12.0/30 Local Local 00h04m46s 0
int-PE-1-PE-2_VPN2 0
-------------------------------------------------------------------------------
No. of Routes: 3
Flags: n = Number of times nexthop is repeated
B = BGP backup route available
L = LFA nexthop available
S = Sticky ECMP requested
===============================================================================
To configure BGP route leaking, an import policy with action>bgp-leak true is required in VPRN 1. The BGP route leaking policy is configured on PE-1, as follows:
# on PE-1:
configure {
policy-options {
policy-statement "BGP-Leak" {
entry 10 {
from {
protocol {
name [bgp]
}
}
action {
action-type accept
bgp-leak true
}
}
}
By adding action>action-type accept and action>bgp-leak true, BGP routes are imported and marked as BGP-leakable, meaning they are available to be copied—with their complete set of BGP path attributes—to the BGP RIB-IN of another routing instance.
In this example, the BGP route leaking policy replaces the import policy applied in VPRN 1 in the general BGP configuration, but the route leaking policy can also be configured in the group context, or per neighbor:
# on PE-1:
configure {
service {
vprn "VPRN 1" {
bgp {
delete import
import {
policy ["BGP-Leak"]
}
}
With the preceding configuration, SR OS is marking all the BGP routes imported into the VPRN as leakable. The BGP routes originate from CE-11 or CE-12 in this example.
The following command shows which BGP routes in VPRN 1 are marked as leakable:
[/]
A:admin@PE-1# show router 1 bgp routes ipv4 leakable
===============================================================================
BGP Router ID:192.0.2.1 AS:64500 Local AS:64500
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP IPv4 Routes
===============================================================================
Flag Network LocalPref MED
Nexthop (Router) Path-Id IGP Cost
As-Path Label
-------------------------------------------------------------------------------
u*>i 192.168.90.2/32 None None
172.16.111.2 None 0
64501 -
u*>i 192.168.90.3/32 None None
172.16.111.2 None 0
64501 -
u*>i 192.168.90.4/30 None None
172.16.111.2 None 0
64501 -
u*>i 192.168.120.2/32 None None
172.16.112.2 None 0
64502 -
u*>i 192.168.120.3/32 None None
172.16.112.2 None 0
64502 -
u*>i 192.168.120.4/32 None None
172.16.112.2 None 0
64502 -
-------------------------------------------------------------------------------
Routes : 6
===============================================================================
The routes learned from CE-11 and CE-12 are leakable. The following detailed output for one of the routes in the preceding list shows the flag "Leakable". The route source is external because the routes are imported (from CE-11 or CE-12):
[/]
A:admin@PE-1# show router 1 bgp routes 192.168.90.2/32 detail
===============================================================================
BGP Router ID:192.0.2.1 AS:64500 Local AS:64500
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP IPv4 Routes
===============================================================================
Original Attributes
Network : 192.168.90.2/32
Nexthop : 172.16.111.2
Path Id : None
From : 172.16.111.2
Res. Protocol : LOCAL Res. Metric : 0
Res. Nexthop : 172.16.111.2
Local Pref. : n/a Interface Name : int-PE-1-CE-11
---snip---
Originator Id : None Peer Router Id : 172.16.0.11
Fwd Class : None Priority : None
Flags : Used Valid Best IGP Leakable In-RTM
Route Source : External
AS-Path : 64501
---snip---
BGP leakable routes can be imported into another VPRN. Prefix lists can be used to filter specific routes for BGP leaking, but that is not configured in this example. The following import policy is configured on PE-1 to import BGP leakable routes:
# on PE-1:
configure {
policy-options {
policy-statement "Import-Leakable-Routes" {
entry 10 {
from {
protocol {
name [bgp]
}
}
action {
action-type accept
}
}
}
In each of the examples, the same import policy will be used. The import policy to import BGP leakable routes is applied in the VPRN 2 on PE-1 as follows:
# on PE-1:
configure {
service {
vprn "VPRN 2" {
bgp {
rib-management {
ipv4 {
leak-import {
policy ["Import-Leakable-Routes"]
}
}
}
}
The following command shows that VPRN 2 imported leaked BGP routes from VPRN 1. The status code "l" indicates that the route is leaked.
[/]
A:admin@PE-1# show router 2 bgp routes ipv4 leaked
===============================================================================
BGP Router ID:192.0.2.1 AS:64500 Local AS:64500
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP IPv4 Routes
===============================================================================
Flag Network LocalPref MED
Nexthop (Router) Path-Id IGP Cost
As-Path Label
-------------------------------------------------------------------------------
u*>li 192.168.90.2/32 100 None
172.16.111.2 (VPRN 1) None 0
64501 -
u*>li 192.168.90.3/32 100 None
172.16.111.2 (VPRN 1) None 0
64501 -
u*>li 192.168.90.4/30 100 None
172.16.111.2 (VPRN 1) None 0
64501 -
u*>li 192.168.120.2/32 100 None
172.16.112.2 (VPRN 1) None 0
64502 -
u*>li 192.168.120.3/32 100 None
172.16.112.2 (VPRN 1) None 0
64502 -
u*>li 192.168.120.4/32 100 None
172.16.112.2 (VPRN 1) None 0
64502 -
-------------------------------------------------------------------------------
Routes : 6
===============================================================================
The flags in the detailed output for a particular leaked BGP route from the preceding list include the flag "Leaked". The route source for this leaked route is VPRN 1 and all BGP attributes are preserved, as follows:
[/]
A:admin@PE-1# show router 2 bgp routes 192.168.90.2/32 detail
===============================================================================
BGP Router ID:192.0.2.1 AS:64500 Local AS:64500
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP IPv4 Routes
===============================================================================
Original Attributes
Network : 192.168.90.2/32
Nexthop : 172.16.111.2 (VPRN 1)
Path Id : None
From : BGP VPRN 1
Res. Protocol : LOCAL Res. Metric : 0
Res. Nexthop : 172.16.111.2
Local Pref. : 100 Interface Name : int-PE-1-CE-11
Aggregator AS : None Aggregator : None
Atomic Aggr. : Not Atomic MED : None
AIGP Metric : None IGP Cost : 0
Connector : None
Community : No Community Members
Cluster : No Cluster Members
Originator Id : None Peer Router Id : 0.0.0.0
Fwd Class : None Priority : None
Flags : Used Valid Best IGP Leaked In-RTM
Route Source : Leaked from VPRN 1
AS-Path : 64501
Route Tag : 0
Neighbor-AS : 64501
Orig Validation: NotFound
Source Class : 0 Dest Class : 0
Add Paths Send : Default
RIB Priority : Normal
Last Modified : 00h00m36s
---snip---
The route table for VPRN 2 in the neighbor PE-2 contains the leaked routes, as follows:
[/]
A:admin@PE-2# show router 2 route-table
===============================================================================
Route Table (Service: 2)
===============================================================================
Dest Prefix[Flags] Type Proto Age Pref
Next Hop[Interface Name] Metric
-------------------------------------------------------------------------------
172.16.2.1/32 Remote BGP VPN 00h12m14s 170
192.0.2.1 (tunneled) 0
172.16.2.2/32 Local Local 00h12m59s 0
system 0
172.16.12.0/30 Local Local 00h12m59s 0
int-PE-2-PE-1_VPN2 0
192.168.90.2/32 Remote BGP 00h03m22s 170
172.16.12.1 0
192.168.90.3/32 Remote BGP 00h03m22s 170
172.16.12.1 0
192.168.90.4/30 Remote BGP 00h03m22s 170
172.16.12.1 0
192.168.120.2/32 Remote BGP 00h03m22s 170
172.16.12.1 0
192.168.120.3/32 Remote BGP 00h03m22s 170
172.16.12.1 0
192.168.120.4/32 Remote BGP 00h03m22s 170
172.16.12.1 0
-------------------------------------------------------------------------------
No. of Routes: 9
Example 2 - BGP IPv4 route leaking between VPRNs per neighbor
The topology used for this example is the same as for Example 1; see BGP IPv4 route leaking between VPRNs. Both CEs export the same routes as in the preceding example, and the BGP route leaking policy is identical:
# on PE-1:
configure {
policy-options {
policy-statement "BGP-Leak" {
entry 10 {
from {
protocol {
name [bgp]
}
}
action {
action-type accept
bgp-leak true
}
}
}
In the preceding example, the BGP route leaking policy was applied in the global bgp context in VPRN 1 and consequently, it applied to routes from all neighbors. In this example, the BGP route leaking policy is applied in VPRN 1 for neighbor CE-11 only, as follows:
# on PE-1:
configure {
service {
vprn "VPRN 1" {
bgp {
delete import
neighbor "172.16.111.2" {
import {
policy ["BGP-Leak"]
}
}
}
This import policy implies that only routes learned from CE-11 will be leakable. The following command shows all the BGP routes learned in VPRN 1 on PE-1.
[/]
A:admin@PE-1# show router 1 bgp routes
===============================================================================
BGP Router ID:192.0.2.1 AS:64500 Local AS:64500
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP IPv4 Routes
===============================================================================
Flag Network LocalPref MED
Nexthop (Router) Path-Id IGP Cost
As-Path Label
-------------------------------------------------------------------------------
u*>i 192.168.90.2/32 None None
172.16.111.2 None 0
64501 -
u*>i 192.168.90.3/32 None None
172.16.111.2 None 0
64501 -
u*>i 192.168.90.4/30 None None
172.16.111.2 None 0
64501 -
i 192.168.120.2/32 None None
172.16.112.2 None 0
64502 -
i 192.168.120.3/32 None None
172.16.112.2 None 0
64502 -
i 192.168.120.4/32 None None
172.16.112.2 None 0
64502 -
-------------------------------------------------------------------------------
Routes : 6
===============================================================================
Only the routes imported from CE-11 are accepted and leakable. The following command shows which IPv4 BGP routes are marked as leakable in VPRN 1 on PE-1:
[/]
A:admin@PE-1# show router 1 bgp routes ipv4 leakable
===============================================================================
BGP Router ID:192.0.2.1 AS:64500 Local AS:64500
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP IPv4 Routes
===============================================================================
Flag Network LocalPref MED
Nexthop (Router) Path-Id IGP Cost
As-Path Label
-------------------------------------------------------------------------------
u*>i 192.168.90.2/32 None None
172.16.111.2 None 0
64501 -
u*>i 192.168.90.3/32 None None
172.16.111.2 None 0
64501 -
u*>i 192.168.90.4/30 None None
172.16.111.2 None 0
64501 -
-------------------------------------------------------------------------------
Routes : 3
===============================================================================
The BGP leakable routes can be imported into another VPRN instance. The import policy is the same as for Example 1:
# on PE-1:
configure {
policy-options {
policy-statement "Import-Leakable-Routes" {
entry 10 {
from {
protocol {
name [bgp]
}
}
action {
action-type accept
}
}
}
This import policy is applied in VPRN 2 in the same way as in example 1:
# on PE-1:
configure {
service {
vprn "VPRN 2" {
bgp {
rib-management {
ipv4 {
leak-import {
policy ["Import-Leakable-Routes"]
}
}
}
}
The following command shows the leaked routes in VPRN 2. Each of these routes is leaked from VPRN 1, as indicated between brackets in the following output. Only routes learned from CE-11 in VPRN 1 are leaked to VPRN 2.
[/]
A:admin@PE-1# show router 2 bgp routes ipv4 leaked
===============================================================================
BGP Router ID:192.0.2.1 AS:64500 Local AS:64500
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP IPv4 Routes
===============================================================================
Flag Network LocalPref MED
Nexthop (Router) Path-Id IGP Cost
As-Path Label
-------------------------------------------------------------------------------
u*>li 192.168.90.2/32 100 None
172.16.111.2 (VPRN 1) None 0
64501 -
u*>li 192.168.90.3/32 100 None
172.16.111.2 (VPRN 1) None 0
64501 -
u*>li 192.168.90.4/30 100 None
172.16.111.2 (VPRN 1) None 0
64501 -
-------------------------------------------------------------------------------
Routes : 3
===============================================================================
The detailed output for any of these BGP routes shows that the flag "Leaked" is set and that the route source corresponds to VPRN 1, as follows for route 192.168.90.2/32:
[/]
A:admin@PE-1# show router 2 bgp routes 192.168.90.2/32 detail
===============================================================================
BGP Router ID:192.0.2.1 AS:64500 Local AS:64500
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP IPv4 Routes
===============================================================================
Original Attributes
Network : 192.168.90.2/32
Nexthop : 172.16.111.2 (VPRN 1)
Path Id : None
From : BGP VPRN 1
Res. Protocol : LOCAL Res. Metric : 0
Res. Nexthop : 172.16.111.2
Local Pref. : 100 Interface Name : int-PE-1-CE-11
Aggregator AS : None Aggregator : None
Atomic Aggr. : Not Atomic MED : None
AIGP Metric : None IGP Cost : 0
Connector : None
Community : No Community Members
Cluster : No Cluster Members
Originator Id : None Peer Router Id : 0.0.0.0
Fwd Class : None Priority : None
Flags : Used Valid Best IGP Leaked In-RTM
Route Source : Leaked from VPRN 1
AS-Path : 64501
---snip---
Example 3 - BGP IPv4 route leaking from VPRN to GRT per BGP group
BGP IPv4 route leaking from VPRN to GRT shows the topology for this example. CE-11 and CE-12 export the same routes to VPRN 1. The routes originating from CE-11 will be accepted, marked as leakable, and leaked to the GRT.
The import policy is the same as in the preceding examples:
# on PE-1:
configure {
policy-options {
policy-statement "BGP-Leak" {
entry 10 {
from {
protocol {
name [bgp]
}
}
action {
action-type accept
bgp-leak true
}
}
}
This policy is applied for BGP group "EBGP_64500to64501_IPv4", so the routes from CE-11 will be accepted and marked as leakable:
# on PE-1:
configure {
service {
vprn "VPRN 1" {
bgp {
group "EBGP_64500to64501_IPv4" {
import {
policy ["BGP-Leak"]
}
}
}
The routing table for VPRN 1 in PE-1 contains the BGP routes exported by CE-11, as follows:
[/]
A:admin@PE-1# show router 1 route-table
===============================================================================
Route Table (Service: 1)
===============================================================================
Dest Prefix[Flags] Type Proto Age Pref
Next Hop[Interface Name] Metric
-------------------------------------------------------------------------------
172.16.1.1/32 Local Local 00h14m37s 0
system 0
172.16.111.0/30 Local Local 00h14m37s 0
int-PE-1-CE-11 0
172.16.112.0/30 Local Local 00h14m37s 0
int-PE-1-CE-12 0
192.168.90.2/32 Remote BGP 00h01m45s 170
172.16.111.2 0
192.168.90.3/32 Remote BGP 00h01m45s 170
172.16.111.2 0
192.168.90.4/30 Remote BGP 00h01m45s 170
172.16.111.2 0
-------------------------------------------------------------------------------
No. of Routes: 6
Flags: n = Number of times nexthop is repeated
B = BGP backup route available
L = LFA nexthop available
S = Sticky ECMP requested
===============================================================================
The routing table of the base router does not include any of the BGP routes exported by the CEs, as follows:
[/]
A:admin@PE-1# show router route-table
===============================================================================
Route Table (Router: Base)
===============================================================================
Dest Prefix[Flags] Type Proto Age Pref
Next Hop[Interface Name] Metric
-------------------------------------------------------------------------------
172.17.111.0/30 Local Local 00h14m37s 0
int-PE-1-CE-11 0
172.17.112.0/30 Local Local 00h14m37s 0
int-PE-1-CE-12 0
192.0.2.1/32 Local Local 00h14m37s 0
system 0
192.0.2.2/32 Remote ISIS 00h14m13s 15
192.168.12.2 10
192.168.12.0/30 Local Local 00h14m37s 0
int-PE-1-PE-2 0
-------------------------------------------------------------------------------
No. of Routes: 5
Flags: n = Number of times nexthop is repeated
B = BGP backup route available
L = LFA nexthop available
S = Sticky ECMP requested
===============================================================================
The following command shows the leakable BGP routes in VPRN 1:
[/]
A:admin@PE-1# show router 1 bgp routes ipv4 leakable
===============================================================================
BGP Router ID:192.0.2.1 AS:64500 Local AS:64500
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP IPv4 Routes
===============================================================================
Flag Network LocalPref MED
Nexthop (Router) Path-Id IGP Cost
As-Path Label
-------------------------------------------------------------------------------
u*>i 192.168.90.2/32 None None
172.16.111.2 None 0
64501 -
u*>i 192.168.90.3/32 None None
172.16.111.2 None 0
64501 -
u*>i 192.168.90.4/30 None None
172.16.111.2 None 0
64501 -
-------------------------------------------------------------------------------
Routes : 3
===============================================================================
The leakable BGP routes in VPRN 1 can be imported into the GRT. The import policy is identical to the import policy in the preceding examples, as follows:
# on PE-1:
configure {
policy-options {
policy-statement "Import-Leakable-Routes" {
entry 10 {
from {
protocol {
name [bgp]
}
}
action {
action-type accept
}
}
}
This import policy is applied in the base router, as follows:
# on PE-1:
configure {
router "Base" {
bgp {
rib-management {
ipv4 {
leak-import {
policy ["Import-Leakable-Routes"]
}
}
}
As a result, the leakable BGP routes in VPRN 1 are leaked to the GRT, as follows:
[/]
A:admin@PE-1# show router bgp routes ipv4 leaked
===============================================================================
BGP Router ID:192.0.2.1 AS:64500 Local AS:64500
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP IPv4 Routes
===============================================================================
Flag Network LocalPref MED
Nexthop (Router) Path-Id IGP Cost
As-Path Label
-------------------------------------------------------------------------------
u*>li 192.168.90.2/32 100 None
172.16.111.2 (VPRN 1) None 0
64501 -
u*>li 192.168.90.3/32 100 None
172.16.111.2 (VPRN 1) None 0
64501 -
u*>li 192.168.90.4/30 100 None
172.16.111.2 (VPRN 1) None 0
64501 -
-------------------------------------------------------------------------------
Routes : 3
===============================================================================
The detailed information for any of these leaked routes shows that the flag "Leaked" is present and that the route source is VPRN 1, as follows:
[/]
A:admin@PE-1# show router bgp routes 192.168.90.2/32 detail
===============================================================================
BGP Router ID:192.0.2.1 AS:64500 Local AS:64500
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP IPv4 Routes
===============================================================================
Original Attributes
Network : 192.168.90.2/32
Nexthop : 172.16.111.2 (VPRN 1)
Path Id : None
From : BGP VPRN 1
Res. Protocol : LOCAL Res. Metric : 0
Res. Nexthop : 172.16.111.2
Local Pref. : 100 Interface Name : int-PE-1-CE-11
Aggregator AS : None Aggregator : None
Atomic Aggr. : Not Atomic MED : None
AIGP Metric : None IGP Cost : 0
Connector : None
Community : No Community Members
Cluster : No Cluster Members
Originator Id : None Peer Router Id : 0.0.0.0
Fwd Class : None Priority : None
Flags : Used Valid Best IGP Leaked In-RTM
Route Source : Leaked from VPRN 1
AS-Path : 64501
---snip---
The GRT includes the leaked routes, as follows:
[/]
A:admin@PE-1# show router route-table
===============================================================================
Route Table (Router: Base)
===============================================================================
Dest Prefix[Flags] Type Proto Age Pref
Next Hop[Interface Name] Metric
-------------------------------------------------------------------------------
172.17.111.0/30 Local Local 00h16m10s 0
int-PE-1-CE-11 0
172.17.112.0/30 Local Local 00h16m10s 0
int-PE-1-CE-12 0
192.0.2.1/32 Local Local 00h16m10s 0
system 0
192.0.2.2/32 Remote ISIS 00h15m47s 15
192.168.12.2 10
192.168.12.0/30 Local Local 00h16m10s 0
int-PE-1-PE-2 0
192.168.90.2/32 Remote BGP 00h00m36s 170
172.16.111.2 0
192.168.90.3/32 Remote BGP 00h00m36s 170
172.16.111.2 0
192.168.90.4/30 Remote BGP 00h00m36s 170
172.16.111.2 0
-------------------------------------------------------------------------------
No. of Routes: 8
Flags: n = Number of times nexthop is repeated
B = BGP backup route available
L = LFA nexthop available
S = Sticky ECMP requested
===============================================================================
The GRT on neighbor PE-2 also includes the leaked routes, as follows:
[/]
A:admin@PE-2# show router route-table
===============================================================================
Route Table (Router: Base)
===============================================================================
Dest Prefix[Flags] Type Proto Age Pref
Next Hop[Interface Name] Metric
-------------------------------------------------------------------------------
192.0.2.1/32 Remote ISIS 00h15m47s 15
192.168.12.1 10
192.0.2.2/32 Local Local 00h15m55s 0
system 0
192.168.12.0/30 Local Local 00h15m55s 0
int-PE-2-PE-1 0
192.168.90.2/32 Remote BGP 00h00m07s 170
192.168.12.1 10
192.168.90.3/32 Remote BGP 00h00m07s 170
192.168.12.1 10
192.168.90.4/30 Remote BGP 00h00m07s 170
192.168.12.1 10
-------------------------------------------------------------------------------
No. of Routes: 6
Flags: n = Number of times nexthop is repeated
B = BGP backup route available
L = LFA nexthop available
S = Sticky ECMP requested
===============================================================================
Example 4 - BGP IPv4 route leaking from GRT to VPRN per neighbor
BGP IPv4 route leaking from GRT to VPRN shows the topology for this example, and the corresponding IP addresses. CE-11 exports routes such as 192.168.100.2/32 to the base router and CE-12 exports routes such as 192.168.121.2/32 to the base router. The routes will be leaked from the base router to VPRN 2 if matched by an import policy in the base router of PE-1.
On PE-1, the following import policy accepts BGP routes and marks them as leakable:
# on PE-1:
configure {
policy-options {
policy-statement "BGP-Leak" {
entry 10 {
from {
protocol {
name [bgp]
}
}
action {
action-type accept
bgp-leak true
}
}
}
This import policy is applied for neighbor 172.17.111.2 in the base router, as follows:
# on PE-1:
configure {
router "Base" {
bgp {
neighbor "172.17.111.2" {
group "EBGP_64500to64501_IPv4"
import {
policy ["BGP-Leak"]
}
}
}
The policy is not applied for neighbor 172.17.112.2 on CE-12, so only the routes from CE-11 will be accepted and marked as leakable:
[/]
A:admin@PE-1# show router bgp routes
===============================================================================
BGP Router ID:192.0.2.1 AS:64500 Local AS:64500
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP IPv4 Routes
===============================================================================
Flag Network LocalPref MED
Nexthop (Router) Path-Id IGP Cost
As-Path Label
-------------------------------------------------------------------------------
u*>i 192.168.100.2/32 None None
172.17.111.2 None 0
64501 -
u*>i 192.168.100.3/32 None None
172.17.111.2 None 0
64501 -
u*>i 192.168.100.4/30 None None
172.17.111.2 None 0
64501 -
i 192.168.121.2/32 None None
172.17.112.2 None 0
64502 -
i 192.168.121.3/32 None None
172.17.112.2 None 0
64502 -
i 192.168.121.4/30 None None
172.17.112.2 None 0
64502 -
-------------------------------------------------------------------------------
Routes : 6
===============================================================================
The GRT in PE-1 includes BGP routes learned from CE-11, as follows:
[/]
A:admin@PE-1# show router route-table
===============================================================================
Route Table (Router: Base)
===============================================================================
Dest Prefix[Flags] Type Proto Age Pref
Next Hop[Interface Name] Metric
-------------------------------------------------------------------------------
172.17.111.0/30 Local Local 00h21m08s 0
int-PE-1-CE-11 0
172.17.112.0/30 Local Local 00h21m08s 0
int-PE-1-CE-12 0
192.0.2.1/32 Local Local 00h21m08s 0
system 0
192.0.2.2/32 Remote ISIS 00h20m48s 15
192.168.12.2 10
192.168.12.0/30 Local Local 00h21m08s 0
int-PE-1-PE-2 0
192.168.100.2/32 Remote BGP 00h01m21s 170
172.17.111.2 0
192.168.100.3/32 Remote BGP 00h01m21s 170
172.17.111.2 0
192.168.100.4/30 Remote BGP 00h01m21s 170
172.17.111.2 0
-------------------------------------------------------------------------------
No. of Routes: 8
Flags: n = Number of times nexthop is repeated
B = BGP backup route available
L = LFA nexthop available
S = Sticky ECMP requested
===============================================================================
The following command shows that only the routes imported from neighbor CE-11 are marked as leakable in the GRT:
[/]
A:admin@PE-1# show router bgp routes ipv4 leakable
===============================================================================
BGP Router ID:192.0.2.1 AS:64500 Local AS:64500
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP IPv4 Routes
===============================================================================
Flag Network LocalPref MED
Nexthop (Router) Path-Id IGP Cost
As-Path Label
-------------------------------------------------------------------------------
u*>i 192.168.100.2/32 None None
172.17.111.2 None 0
64501 -
u*>i 192.168.100.3/32 None None
172.17.111.2 None 0
64501 -
u*>i 192.168.100.4/30 None None
172.17.111.2 None 0
64501 -
-------------------------------------------------------------------------------
Routes : 3
===============================================================================
The leakable BGP routes in the GRT can be imported into VPRN 2. The import policy is identical to the import policy in the preceding examples, as follows:
# on PE-1:
configure {
policy-options {
policy-statement "Import-Leakable-Routes" {
entry 10 {
from {
protocol {
name [bgp]
}
}
action {
action-type accept
}
}
}
This import policy is applied in VPRN 2, as follows:
# on PE-1:
configure {
service {
vprn "VPRN 2" {
bgp {
rib-management {
ipv4 {
leak-import {
policy ["Import-Leakable-Routes"]
}
}
}
The following command shows the imported leaked BGP routes in VPRN 2. The source of these leaked routes is the base router, not a VPRN.
[/]
A:admin@PE-1# show router 2 bgp routes ipv4 leaked
===============================================================================
BGP Router ID:192.0.2.1 AS:64500 Local AS:64500
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP IPv4 Routes
===============================================================================
Flag Network LocalPref MED
Nexthop (Router) Path-Id IGP Cost
As-Path Label
-------------------------------------------------------------------------------
u*>li 192.168.100.2/32 100 None
172.17.111.2 (Base) None 0
64501 -
u*>li 192.168.100.3/32 100 None
172.17.111.2 (Base) None 0
64501 -
u*>li 192.168.100.4/30 100 None
172.17.111.2 (Base) None 0
64501 -
-------------------------------------------------------------------------------
Routes : 3
===============================================================================
Any of these leaked BGP routes has the flag "leaked", and the route source is the base router (leaked from base), as follows:
[/]
A:admin@PE-1# show router 2 bgp routes 192.168.100.2/32 detail
===============================================================================
BGP Router ID:192.0.2.1 AS:64500 Local AS:64500
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP IPv4 Routes
===============================================================================
Original Attributes
Network : 192.168.100.2/32
Nexthop : 172.17.111.2 (Base)
Path Id : None
From : BGP Base
Res. Protocol : LOCAL Res. Metric : 0
Res. Nexthop : 172.17.111.2
Local Pref. : 100 Interface Name : int-PE-1-CE-11
Aggregator AS : None Aggregator : None
Atomic Aggr. : Not Atomic MED : None
AIGP Metric : None IGP Cost : 0
Connector : None
Community : No Community Members
Cluster : No Cluster Members
Originator Id : None Peer Router Id : 0.0.0.0
Fwd Class : None Priority : None
Flags : Used Valid Best IGP Leaked In-RTM
Route Source : Leaked from Base
AS-Path : 64501
---snip---
Example 5 - BGP IPv6 route leaking between VPRNs. Global VPRN BGP configuration
BGP IPv6 route leaking between VPRNs shows the topology and the IP addresses used for this example. CE-11 exports routes such as 2001:db8:90::2/128 to VPRN 1 on PE-1, and CE-12 exports routes such as 2001:db8:120::2/128 to VPRN 1 on PE-1.
The following policy imports BGP routes and marks them as leakable:
# on PE-1:
configure {
policy-options {
policy-statement "BGP-Leak" {
entry 10 {
from {
protocol {
name [bgp]
}
}
action {
action-type accept
bgp-leak true
}
}
}
This import policy is applied in the general bgp context in VPRN 1:
# on PE-1:
configure {
service {
vprn "VPRN 1" {
bgp {
import {
policy ["BGP-Leak"]
}
}
The following route table includes three BGP routes exported by CE-11 and three BGP routes exported by CE-12:
[/]
A:admin@PE-1# show router 1 route-table family ipv6
===============================================================================
IPv6 Route Table (Service: 1)
===============================================================================
Dest Prefix[Flags] Type Proto Age Pref
Next Hop[Interface Name] Metric
-------------------------------------------------------------------------------
2001:db8::1:1/128 Local Local 00h25m40s 0
system 0
2001:db8:90::2/128 Remote BGP 00h01m22s 170
2001:db8:111::1 0
2001:db8:90::3/128 Remote BGP 00h01m22s 170
2001:db8:111::1 0
2001:db8:90::4/126 Remote BGP 00h01m22s 170
2001:db8:111::1 0
2001:db8:111::/127 Local Local 00h25m40s 0
int-PE-1-CE-11 0
2001:db8:112::/127 Local Local 00h25m40s 0
int-PE-1-CE-12 0
2001:db8:120::2/128 Remote BGP 00h01m04s 170
2001:db8:112::1 0
2001:db8:120::3/128 Remote BGP 00h01m04s 170
2001:db8:112::1 0
2001:db8:120::4/126 Remote BGP 00h01m04s 170
2001:db8:112::1 0
-------------------------------------------------------------------------------
No. of Routes: 9
Flags: n = Number of times nexthop is repeated
B = BGP backup route available
L = LFA nexthop available
S = Sticky ECMP requested
===============================================================================
All the routes imported into the VPRN using BGP are marked as leakable. The following command shows which BGP IPv6 routes are marked as leakable in VPRN 1:
[/]
A:admin@PE-1# show router 1 bgp routes ipv6 leakable
===============================================================================
BGP Router ID:192.0.2.1 AS:64500 Local AS:64500
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP IPv6 Routes
===============================================================================
Flag Network LocalPref MED
Nexthop (Router) Path-Id IGP Cost
As-Path Label
-------------------------------------------------------------------------------
u*>i 2001:db8:90::2/128 None None
2001:db8:111::1 None 0
64501 -
u*>i 2001:db8:90::3/128 None None
2001:db8:111::1 None 0
64501 -
u*>i 2001:db8:90::4/126 None None
2001:db8:111::1 None 0
64501 -
u*>i 2001:db8:120::2/128 None None
2001:db8:112::1 None 0
64502 -
u*>i 2001:db8:120::3/128 None None
2001:db8:112::1 None 0
64502 -
u*>i 2001:db8:120::4/126 None None
2001:db8:112::1 None 0
64502 -
-------------------------------------------------------------------------------
Routes : 6
===============================================================================
The BGP leakable routes can be imported into VPRN 2 when the following import policy is configured and applied in VPRN 2:
# on PE-1:
configure {
policy-options {
policy-statement "Import-Leakable-Routes" {
entry 10 {
from {
protocol {
name [bgp]
}
}
action {
action-type accept
}
}
}
The only difference from IPv4 routes is that the policy is applied to the IPv6 context of the RIB management:
# on PE-1:
configure {
service {
vprn "VPRN 2" {
bgp {
rib-management {
ipv6 {
leak-import {
policy ["Import-Leakable-Routes"]
}
}
The following command shows that the VPRN is importing the leaked BGP IPv6 routes from another VPRN instance:
[/]
A:admin@PE-1# show router 2 bgp routes ipv6 leaked
===============================================================================
BGP Router ID:192.0.2.1 AS:64500 Local AS:64500
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP IPv6 Routes
===============================================================================
Flag Network LocalPref MED
Nexthop (Router) Path-Id IGP Cost
As-Path Label
-------------------------------------------------------------------------------
u*>li 2001:db8:90::2/128 100 None
2001:db8:111::1 (VPRN 1) None 0
64501 -
u*>li 2001:db8:90::3/128 100 None
2001:db8:111::1 (VPRN 1) None 0
64501 -
u*>li 2001:db8:90::4/126 100 None
2001:db8:111::1 (VPRN 1) None 0
64501 -
u*>li 2001:db8:120::2/128 100 None
2001:db8:112::1 (VPRN 1) None 0
64502 -
u*>li 2001:db8:120::3/128 100 None
2001:db8:112::1 (VPRN 1) None 0
64502 -
u*>li 2001:db8:120::4/126 100 None
2001:db8:112::1 (VPRN 1) None 0
64502 -
-------------------------------------------------------------------------------
Routes : 6
===============================================================================
The BGP routes have the flag "leaked" and the route source is VPRN 1, as follows:
[/]
A:admin@PE-1# show router 2 bgp routes 2001:db8:90::2/128 detail
===============================================================================
BGP Router ID:192.0.2.1 AS:64500 Local AS:64500
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP IPv6 Routes
===============================================================================
Original Attributes
Network : 2001:db8:90::2/128
Nexthop : 2001:db8:111::1 (VPRN 1)
Path Id : None
From : BGP VPRN 1
Res. Protocol : LOCAL Res. Metric : 0
Res. Nexthop : 2001:db8:111::1
Local Pref. : 100 Interface Name : int-PE-1-CE-11
Aggregator AS : None Aggregator : None
Atomic Aggr. : Not Atomic MED : None
AIGP Metric : None IGP Cost : 0
Connector : None
Community : No Community Members
Cluster : No Cluster Members
Originator Id : None Peer Router Id : 0.0.0.0
Fwd Class : None Priority : None
Flags : Used Valid Best IGP Leaked In-RTM
Route Source : Leaked from VPRN 1
AS-Path : 64501
---snip---
Example 6 - BGP IPv6 route leaking from GRT to VPRN and from VPRN to VPRN
BGP IPv6 route leaking from GRT and VPRN to VPRN shows the topology and the IPv6 addresses used in this example. CE-11 exports IPv6 routes such as 2001:db8:90::2/128 to VPRN 1 and IPv6 routes such as 2001:db8:100::2/128 to the GRT. CE-12 exports IPv6 routes such as 2001:db8:120::2/128 to VPRN 1 and IPv6 routes such as 2001:db8:121::2/128 to the GRT.
The policy to mark imported BGP routes as leakable can be identical to the policy used in the preceding examples. However, in this case, prefix-lists are added as a filter. VPRN 1 may accept routes such as 2001:db8:90::2/128 and 2001:db8:120::2/128.
# on PE-1:
configure {
policy-options {
prefix-list "2001:db8:120::" {
prefix 2001:db8:120::/100 type longer {
}
}
prefix-list "2001:db8:90::" {
prefix 2001:db8:90::/100 type longer {
}
}
policy-statement "BGP-Leak-VPRN1_90_120" {
entry 10 {
from {
prefix-list ["2001:db8:90::"]
protocol {
name [bgp]
}
}
action {
action-type accept
bgp-leak true
}
}
entry 20 {
from {
prefix-list ["2001:db8:120::"]
protocol {
name [bgp]
}
}
action {
action-type accept
bgp-leak true
}
}
}
This import policy is applied in the general BGP settings for VPRN 1, as follows:
# on PE-1:
configure {
service {
vprn "VPRN 1" {
bgp {
import {
policy ["BGP-Leak-VPRN1_90_120"]
}
}
In a similar way, the base router may accept routes such as 2001:8db:100::2/128 and 2001:8db:121::2/128:
# on PE-1:
configure {
policy-options {
prefix-list "2001:db8:100::" {
prefix 2001:db8:100::/100 type longer {
}
}
prefix-list "2001:db8:121::" {
prefix 2001:db8:121::/100 type longer {
}
}
policy-statement "BGP-Leak-Base_100_121" {
entry 10 {
from {
prefix-list ["2001:db8:100::"]
protocol {
name [bgp]
}
}
action {
action-type accept
bgp-leak true
}
}
entry 20 {
from {
prefix-list ["2001:db8:121::"]
protocol {
name [bgp]
}
}
action {
action-type accept
bgp-leak true
}
}
}
This policy is applied in the base router for BGP neighbor 2001:db8:17:111::1 (CE-11), as follows:
# on PE-1:
configure {
router "Base" {
bgp {
neighbor "2001:db8:17:111::1" {
import {
policy ["BGP-Leak-Base_100_121"]
}
}
The import policy in the base router is not applied for BGP neighbor 2001:db8::112::1 (CE-12), so only the routes exported by CE-11 will be accepted and marked as leakable. The IPv6 routing table in the base router is as follows:
[/]
A:admin@PE-1# show router route-table family ipv6
===============================================================================
IPv6 Route Table (Router: Base)
===============================================================================
Dest Prefix[Flags] Type Proto Age Pref
Next Hop[Interface Name] Metric
-------------------------------------------------------------------------------
2001:db8::1/128 Local Local 00h31m24s 0
system 0
2001:db8::2/128 Remote ISIS 00h31m04s 15
fe80::b:1ff:fe01:1-"int-PE-1-PE-2" 10
2001:db8:12::/126 Local Local 00h31m23s 0
int-PE-1-PE-2 0
2001:db8:17:111::/127 Local Local 00h31m22s 0
int-PE-1-CE-11 0
2001:db8:17:112::/127 Local Local 00h31m23s 0
int-PE-1-CE-12 0
2001:db8:100::2/128 Remote BGP 00h01m18s 170
2001:db8:17:111::1 0
2001:db8:100::3/128 Remote BGP 00h01m18s 170
2001:db8:17:111::1 0
2001:db8:100::4/126 Remote BGP 00h01m18s 170
2001:db8:17:111::1 0
-------------------------------------------------------------------------------
No. of Routes: 8
Flags: n = Number of times nexthop is repeated
B = BGP backup route available
L = LFA nexthop available
S = Sticky ECMP requested
===============================================================================
The IPv6 routing table for VPRN 1 contains routes exported by CE-11 and CE-12, as follows:
[/]
A:admin@PE-1# show router 1 route-table family ipv6
===============================================================================
IPv6 Route Table (Service: 1)
===============================================================================
Dest Prefix[Flags] Type Proto Age Pref
Next Hop[Interface Name] Metric
-------------------------------------------------------------------------------
2001:db8::1:1/128 Local Local 00h31m22s 0
system 0
2001:db8:90::2/128 Remote BGP 00h02m03s 170
2001:db8:111::1 0
2001:db8:90::3/128 Remote BGP 00h02m03s 170
2001:db8:111::1 0
2001:db8:90::4/126 Remote BGP 00h02m03s 170
2001:db8:111::1 0
2001:db8:111::/127 Local Local 00h31m22s 0
int-PE-1-CE-11 0
2001:db8:112::/127 Local Local 00h31m21s 0
int-PE-1-CE-12 0
2001:db8:120::2/128 Remote BGP 00h02m03s 170
2001:db8:112::1 0
2001:db8:120::3/128 Remote BGP 00h02m03s 170
2001:db8:112::1 0
2001:db8:120::4/126 Remote BGP 00h02m03s 170
2001:db8:112::1 0
-------------------------------------------------------------------------------
No. of Routes: 9
Flags: n = Number of times nexthop is repeated
B = BGP backup route available
L = LFA nexthop available
S = Sticky ECMP requested
===============================================================================
The following command shows which routes are marked as leakable in the GRT:
[/]
A:admin@PE-1# show router bgp routes ipv6 leakable
===============================================================================
BGP Router ID:192.0.2.1 AS:64500 Local AS:64500
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP IPv6 Routes
===============================================================================
Flag Network LocalPref MED
Nexthop (Router) Path-Id IGP Cost
As-Path Label
-------------------------------------------------------------------------------
u*>i 2001:db8:100::2/128 None None
2001:db8:17:111::1 None 0
64501 -
u*>i 2001:db8:100::3/128 None None
2001:db8:17:111::1 None 0
64501 -
u*>i 2001:db8:100::4/126 None None
2001:db8:17:111::1 None 0
64501 -
-------------------------------------------------------------------------------
Routes : 3
===============================================================================
The following command shows which routes are marked as leakable in VPRN 1:
[/]
A:admin@PE-1# show router 1 bgp routes ipv6 leakable
===============================================================================
BGP Router ID:192.0.2.1 AS:64500 Local AS:64500
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP IPv6 Routes
===============================================================================
Flag Network LocalPref MED
Nexthop (Router) Path-Id IGP Cost
As-Path Label
-------------------------------------------------------------------------------
u*>i 2001:db8:90::2/128 None None
2001:db8:111::1 None 0
64501 -
u*>i 2001:db8:90::3/128 None None
2001:db8:111::1 None 0
64501 -
u*>i 2001:db8:90::4/126 None None
2001:db8:111::1 None 0
64501 -
u*>i 2001:db8:120::2/128 None None
2001:db8:112::1 None 0
64502 -
u*>i 2001:db8:120::3/128 None None
2001:db8:112::1 None 0
64502 -
u*>i 2001:db8:120::4/126 None None
2001:db8:112::1 None 0
64502 -
-------------------------------------------------------------------------------
Routes : 6
===============================================================================
On PE-1, a policy is created to import the BGP leakable routes (the same as in the preceding examples), as follows:
# on PE-1:
configure {
policy-options {
policy-statement "Import-Leakable-Routes" {
entry 10 {
from {
protocol {
name [bgp]
}
}
action {
action-type accept
}
}
}
This import policy is configured for IPv6 routes in VPRN 2, as follows:
# on PE-1:
configure {
service {
vprn "VPRN 2" {
bgp {
rib-management {
ipv6 {
leak-import {
policy ["Import-Leakable-Routes"]
}
}
}
The following command shows the leaked IPv6 routes in VPRN 2:
[/]
A:admin@PE-1# show router 2 bgp routes ipv6 leaked
===============================================================================
BGP Router ID:192.0.2.1 AS:64500 Local AS:64500
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP IPv6 Routes
===============================================================================
Flag Network LocalPref MED
Nexthop (Router) Path-Id IGP Cost
As-Path Label
-------------------------------------------------------------------------------
u*>li 2001:db8:90::2/128 100 None
2001:db8:111::1 (VPRN 1) None 0
64501 -
u*>li 2001:db8:90::3/128 100 None
2001:db8:111::1 (VPRN 1) None 0
64501 -
u*>li 2001:db8:90::4/126 100 None
2001:db8:111::1 (VPRN 1) None 0
64501 -
u*>li 2001:db8:100::2/128 100 None
2001:db8:17:111::1 (Base) None 0
64501 -
u*>li 2001:db8:100::3/128 100 None
2001:db8:17:111::1 (Base) None 0
64501 -
u*>li 2001:db8:100::4/126 100 None
2001:db8:17:111::1 (Base) None 0
64501 -
u*>li 2001:db8:120::2/128 100 None
2001:db8:112::1 (VPRN 1) None 0
64502 -
u*>li 2001:db8:120::3/128 100 None
2001:db8:112::1 (VPRN 1) None 0
64502 -
u*>li 2001:db8:120::4/126 100 None
2001:db8:112::1 (VPRN 1) None 0
64502 -
-------------------------------------------------------------------------------
Routes : 9
===============================================================================
Some of these routes are leaked from the base router and some routes are leaked from VPRN 1. The detailed information for any of these leaked routes shows that the flag "Leaked" is present. For route 2001:db8:100::2/128, the route source is the base router, as follows:
[/]
A:admin@PE-1# show router 2 bgp routes 2001:db8:100::2/128 detail
===============================================================================
BGP Router ID:192.0.2.1 AS:64500 Local AS:64500
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP IPv6 Routes
===============================================================================
Original Attributes
Network : 2001:db8:100::2/128
Nexthop : 2001:db8:17:111::1 (Base)
Path Id : None
From : BGP Base
Res. Protocol : LOCAL Res. Metric : 0
Res. Nexthop : 2001:db8:17:111::1
Local Pref. : 100 Interface Name : int-PE-1-CE-11
Aggregator AS : None Aggregator : None
Atomic Aggr. : Not Atomic MED : None
AIGP Metric : None IGP Cost : 0
Connector : None
Community : No Community Members
Cluster : No Cluster Members
Originator Id : None Peer Router Id : 0.0.0.0
Fwd Class : None Priority : None
Flags : Used Valid Best IGP Leaked In-RTM
Route Source : Leaked from Base
AS-Path : 64501
---snip---
For route 2001:db8:90::2/128, the route source is VPRN 1, as follows:
[/]
A:admin@PE-1# show router 2 bgp routes 2001:db8:90::2/128 detail
===============================================================================
BGP Router ID:192.0.2.1 AS:64500 Local AS:64500
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
l - leaked, x - stale, > - best, b - backup, p - purge
Origin codes : i - IGP, e - EGP, ? - incomplete
===============================================================================
BGP IPv6 Routes
===============================================================================
Original Attributes
Network : 2001:db8:90::2/128
Nexthop : 2001:db8:111::1 (VPRN 1)
Path Id : None
From : BGP VPRN 1
Res. Protocol : LOCAL Res. Metric : 0
Res. Nexthop : 2001:db8:111::1
Local Pref. : 100 Interface Name : int-PE-1-CE-11
Aggregator AS : None Aggregator : None
Atomic Aggr. : Not Atomic MED : None
AIGP Metric : None IGP Cost : 0
Connector : None
Community : No Community Members
Cluster : No Cluster Members
Originator Id : None Peer Router Id : 0.0.0.0
Fwd Class : None Priority : None
Flags : Used Valid Best IGP Leaked In-RTM
Route Source : Leaked from VPRN 1
AS-Path : 64501
---snip---
Conclusion
BGP provides many ways to manipulate routes. In this example, IPv4/IPv6 routes learned from BGP neighbors could be marked as "leakable" and imported into other routing instances (VPRN to VPRN, VPRN to GRT, GRT to VPRN) without the use of communities in the network policy.