Table connections for route redistribution

Table-connections are a data model concept, standardized by OpenConfig, for managing redistribution of routes between protocols. In a network-instance, a table-connection exists for every inter-protocol route redistribution vector. For example, both of the following redistribution vectors are represented by a table-connection:

redistribution of IPv4 static routes into the IPv4 BGP RIB
redistribution of IPv6 BGP routes into the IPv6 IS-IS route table

Table-connections are structured as follows:

+--network-instances
     +--network-instance* [name]
        +--table-connections
           +--table-connection [source-protocol destination-protocol address-family]
              +--disable-metric-propagation?
              +--import-policy
              +--default-import-policy

In this model, each table-connection can have an import-policy. The import-policy controls the specific set of routes belonging to address-family to be redistributed from the source-protocol to the destination-protocol. The import-policy is evaluated against all routes of the source-protocol (across all instances of this protocol) with four possible outcomes:

Matched routes with an accept action are redistributed to the destination-protocol.
Matched routes with a reject action are not redistributed to the destination-protocol.
Unmatched routes are redistributed to the destination-protocol if the default-import-policy is accept.
Unmatched routes are not redistributed to the destination-protocol if the default-import-policy is reject.

The default value of default-import-policy is reject, which means a table-connection that does not have a configured import-policy does not redistribute any routes.

Note:

Destination protocol B cannot advertise a route of source protocol A unless there is an A → B table connection that causes the route to be accepted.
When a route of source protocol A is redistributed into destination protocol B, it is added to the RIB of protocol B, and therefore is advertisable to peers of protocol B without any export policy.
Table connection policies can change the properties of redistributed routes.

Supported table-connections in SR Linux

SR Linux supports the following table-connections for redistributing routes between protocols (both IPv4 and IPv6):

BGP → IS-IS
Static → BGP
Static → IS-IS
Local → IS-IS
Local → BGP

Each of these table-connections supports its own configurable import policy (or chain of import policies). The import policy (or policy chain) evaluates the best routes of each source protocol. (In this context, best route means the most-preferred route for the prefix considering all protocols; this is the route that is installed as the active route.)

The following table summarizes the routing policy match conditions and actions supported by each table connection:

Table 1. Supported routing policy match conditions and actions for table-connections
Table-connection	Supported match conditions	Supported actions	Effect of `disable-metric-propagation` setting
Static → BGP	`call-policy` `prefix-set` `tag-set` `family` (mismatch with `address-family` of the table-connection causes no routes to be matched) `protocol` (only `static` causes routes to be matched)	`bgp.as-path` `bgp.med` `bgp.local-preference` `bgp.standard-community` `bgp.next-hop` `bgp.communities` `bgp.extended-community`	If `disable-metric-propagation = true`, the route is originated without a MED attribute If `disable-metric-propagation = false`, the route is originated with a MED attribute and the value comes from the metric of the static route
BGP → IS-IS	`call-policy` `prefix-set` `bgp.standard-community` `tag-set` `family` (mismatch with `address-family` of the table-connection causes no routes to be matched) `protocol` (only `bgp` causes routes to be matched) `bgp.as-path` `bgp.community-set` `bgp.extended-community`	`isis.level` `isis.metric.set-style` `isis.metric.set-value`	if `disable-metric-propagation = true`, the route is originated with an external metric of 0 if `disable-metric-propagation = false`, the route is originated with an external metric copied from the MED value (but capped at 2^24-1).
Static → IS-IS	`call-policy` `prefix-set` `tag-set` `family` (mismatch with `address-family` of the table-connection causes no routes to be matched) `protocol` (only `static` causes routes to be matched)	`isis.level` `isis.metric.set-style` `isis.metric.set-value`	if `disable-metric-propagation = true`, the route is originated with an external metric of 0. if `disable-metric-propagation = false`, the route is originated with an external metric copied from the metric of the static route (but capped at 2^24-1).
Local → IS-IS	`call-policy` `prefix-set` `family` (mismatch with `address-family` of the table-connection causes no routes to be matched) `protocol` (only `local` causes routes to be matched)	`isis.level` `isis.metric.set-style` `isis.metric.set-value`	If `disable-metric-propagation = true`, or `disable-metric-propagation = false`, the route is originated with an external metric of 0.
Local → BGP	`call-policy` `prefix-set` `family` (mismatch with `address-family` of the table-connection causes no routes to be matched) `protocol` (only `local` causes routes to be matched)	`bgp.as-path` `bgp.med` `bgp.local-preference` `bgp.standard-community` `bgp.next-hop` `bgp.communities` `bgp.extended-community`	If `disable-metric-propagation = true`, the route is originated without a MED attribute if `disable-metric-propagation = false`, the route is originated with a MED attribute with a value of zero.

Enabling table-connections

Table-connections are disabled by default in SR Linux. To enable table-connections for a network-instance you set its table-connections.admin-state to enable.

When table-connections.admin-state is set to disable, configuration of table-connection list entries is not possible for the network-instance. In this case, for protocol B to advertise active routes of protocol A, protocol B must be configured with an export-policy that accepts routes of protocol A.

When table-connections.admin-state is set to enable:

Protocol B cannot advertise an active route of protocol A unless an A → B table connection is configured that causes the route to be accepted.
When a route of protocol A is redistributed to protocol B, it is added to the RIB of protocol B and therefore is advertisable to peers of protocol B without an export policy. However, if protocol B does have an export policy, it has final control over the advertisement of the redistributed route. In this context, table connection policies can change the properties of redistributed routes, and the export policies of the destination protocol can change the same route properties again.

For example, a static → BGP table connection could add a MED value of 10, and a BGP export policy applied to a particular neighbor or peer-group could further increment this MED by 10.

Note: Even though the redistributed route is added to the RIB of the destination protocol B, the protocol of the redistributed route from the point of view of export policies of protocol B remains the original protocol (A). An implication of this is that a route redistributed from protocol A to protocol B cannot be further redistributed to protocol C.

Configuring table-connections

To configure a table-connection to redistribute routes from one protocol to another, you enable table connections for the network-instance, specify the source protocol, address family, destination protocol, and import-policy. You can optionally specify the default-import-policy (either accept or reject) for routes that do not match the import-policy, as well as whether the route metric is carried over from the source to the destination protocol.

The following example configures a table-connection to redistribute routes from BGP to IS-IS. Table-connections are enabled for the default network-instance, BGP is specified as the source protocol, and IS-IS is specified as the destination protocol. The import-policy is a chain of two routing policies. The default-import-policy is accept, so routes not matching the import-policy chain are accepted.

--{ * candidate shared default }--[  ]--
# info network-instance default
    network-instance default {
        table-connections {
            admin-state enable
            table-connection bgp address-family ipv4 destination-protocol isis {
                default-import-policy accept
                import-policy [
                    p1
                    p2
                ]
            }
        }
    }