Option D takes advantage of Option A and Option B. We're not setting up ASBR connections for both A and B, just for B and telling the VRFs to rely on option B to exchange routing information. This option is only supported on IOS for IPv4. All of the Option B components need to be implemented. This includes the VPNv4 eBGP peering between the ASBRs and Locally configured VRFs to import routes from the local PE routers.
We'll focus specifically on the Option D components.
CSR5
router bgp 1
bgp log-neighbor-changes
no bgp default ipv4-unicast
neighbor 12.5.6.6 remote-as 2
!
address-family vpnv4
no bgp default route-target filter
neighbor 12.5.6.6 activate
neighbor 12.5.6.6 send-community extended
neighbor 12.5.6.6 inter-as-hybrid
!
vrf definition C1
address-family ipv4
inter-as-hybrid next-hop 101.5.6.6
exit-address-family
Technically the "no bgp default route-target filter" isn't necessary, this is because there are locally configured VRFs importing the RT values from the PE routers. However, in our environment, each PE and ASBR have their own RT values, so imports and exports are still necessary.
CSR6
router bgp 2
bgp log-neighbor-changes
no bgp default ipv4-unicast
neighbor 12.5.6.5 remote-as 1
!
address-family vpnv4
no bgp default route-target filter
neighbor 12.5.6.5 activate
neighbor 12.5.6.5 send-community extended
neighbor 12.5.6.5 inter-as-hybrid
!
vrf definition C1
address-family ipv4
inter-as-hybrid next-hop 101.5.6.5
exit-address-family
When I initially got this working with eBGP VPNv4, routes from the ASBR weren't being learned via VPNv4 or the VRF C1. It took me a little while to realize the issue, specific to Option B, where RT values need to be imported to work correctly. This isn't an issue with normal Option B, since the ASBRs are just using VPNv4 to exchange routes between the ASBRs. In this variation, not importing the RT value of the other ASBR for those VRFs, will result in a loss of route propagation.
BGP(4): (base) 101.1.19.19 send unreachable (format) 10.1.25.0/24
BGP(4): (base) 102.1.20.20 send unreachable (format) 10.2.26.0/24
BGP(4): (base) 103.1.21.21 send unreachable (format) 10.3.27.0/24
CSR1#sh bgp vpnv4 unicast all
BGP table version is 640, local router ID is 1.0.0.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 1:1 (default for vrf C1)
*> 10.1.19.0/24 101.1.19.19 0 0 119 i
*>i 10.1.22.0/24 1.0.0.2 0 100 0 122 i
Route Distinguisher: 1:2 (default for vrf C2)
*> 10.2.20.0/24 102.1.20.20 0 0 220 i
*>i 10.2.23.0/24 1.0.0.2 0 100 0 223 i
Route Distinguisher: 1:3 (default for vrf C3)
*> 10.3.21.0/24 103.1.21.21 0 0 321 i
*>i 10.3.24.0/24 1.0.0.2 0 100 0 324 i
CSR5
vrf definition C1
route-target import 2:6
!
do clear ip bgp * soft
BGP(4): (base) 101.1.19.19 send UPDATE (format) 10.1.25.0/24, next 101.1.19.1, metric 0, path 2 125, extended community RT:1:5
BGP(4): (base) 101.1.19.19 send UPDATE (format) 10.1.28.0/24, next 101.1.19.1, metric 0, path 2 128, extended community RT:1:5
BGP(4): (base) 101.1.19.19 send UPDATE (format) 10.1.25.0/24, next 101.1.19.1, metric 0, path 2 125, extended community RT:1:5
BGP(4): (base) 101.1.19.19 send UPDATE (format) 10.1.28.0/24, next 101.1.19.1, metric 0, path 2 128, extended community RT:1:5
CSR1#sh bgp vpnv4 unicast all
BGP table version is 646, local router ID is 1.0.0.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 1:1 (default for vrf C1)
*> 10.1.19.0/24 101.1.19.19 0 0 119 i
*>i 10.1.22.0/24 1.0.0.2 0 100 0 122 i
*>i 10.1.25.0/24 1.0.0.5 0 100 0 2 125 i
*>i 10.1.28.0/24 1.0.0.5 0 100 0 2 128 i
Route Distinguisher: 1:2 (default for vrf C2)
*> 10.2.20.0/24 102.1.20.20 0 0 220 i
*>i 10.2.23.0/24 1.0.0.2 0 100 0 223 i
Route Distinguisher: 1:3 (default for vrf C3)
*> 10.3.21.0/24 103.1.21.21 0 0 321 i
*>i 10.3.24.0/24 1.0.0.2 0 100 0 324 i
CSR1# sh ip route vrf C1 bgp
Gateway of last resort is not set
10.0.0.0/24 is subnetted, 4 subnets
B 10.1.19.0 [20/0] via 101.1.19.19, 4d12h
B 10.1.22.0 [200/0] via 1.0.0.2, 14:30:14
B 10.1.25.0 [200/0] via 1.0.0.5, 00:02:07
B 10.1.28.0 [200/0] via 1.0.0.5, 00:02:07
CSR6
vrf definition C1
route-target import 1:5
R19#traceroute 10.1.25.25 source loopback 1 numeric
Type escape sequence to abort.
Tracing the route to 10.1.25.25
VRF info: (vrf in name/id, vrf out name/id)
1 101.1.19.1 8 msec 2 msec 3 msec
2 1.1.3.3 [MPLS: Labels 24/54 Exp 0] 16 msec 17 msec 13 msec
3 1.3.10.10 [MPLS: Labels 24004/54 Exp 0] 13 msec 12 msec 25 msec
4 101.5.6.5 [MPLS: Label 54 Exp 0] 16 msec 13 msec 13 msec
5 101.5.6.6 14 msec 16 msec 13 msec
6 2.6.13.13 [MPLS: Labels 24018/38 Exp 0] 29 msec 31 msec 26 msec
7 2.13.15.15 [MPLS: Labels 24018/38 Exp 0] 27 msec 32 msec 27 msec
8 101.8.25.8 [MPLS: Label 38 Exp 0] 29 msec 25 msec 24 msec
9 101.8.25.25 26 msec * 36 msec
The control plane is handled by the VPNv4 or Option B and the data plane is handled by Option A via the VRF. The VRF needs the inter-as-hybrid command defined and so does the VPNv4 connection. This ties the VRF data plane to the VPNv4 control plane and allows the solution to work.
We'll focus specifically on the Option D components.
CSR5
router bgp 1
bgp log-neighbor-changes
no bgp default ipv4-unicast
neighbor 12.5.6.6 remote-as 2
!
address-family vpnv4
no bgp default route-target filter
neighbor 12.5.6.6 activate
neighbor 12.5.6.6 send-community extended
neighbor 12.5.6.6 inter-as-hybrid
!
vrf definition C1
address-family ipv4
inter-as-hybrid next-hop 101.5.6.6
exit-address-family
Technically the "no bgp default route-target filter" isn't necessary, this is because there are locally configured VRFs importing the RT values from the PE routers. However, in our environment, each PE and ASBR have their own RT values, so imports and exports are still necessary.
CSR6
router bgp 2
bgp log-neighbor-changes
no bgp default ipv4-unicast
neighbor 12.5.6.5 remote-as 1
!
address-family vpnv4
no bgp default route-target filter
neighbor 12.5.6.5 activate
neighbor 12.5.6.5 send-community extended
neighbor 12.5.6.5 inter-as-hybrid
!
vrf definition C1
address-family ipv4
inter-as-hybrid next-hop 101.5.6.5
exit-address-family
When I initially got this working with eBGP VPNv4, routes from the ASBR weren't being learned via VPNv4 or the VRF C1. It took me a little while to realize the issue, specific to Option B, where RT values need to be imported to work correctly. This isn't an issue with normal Option B, since the ASBRs are just using VPNv4 to exchange routes between the ASBRs. In this variation, not importing the RT value of the other ASBR for those VRFs, will result in a loss of route propagation.
BGP(4): (base) 101.1.19.19 send unreachable (format) 10.1.25.0/24
BGP(4): (base) 102.1.20.20 send unreachable (format) 10.2.26.0/24
BGP(4): (base) 103.1.21.21 send unreachable (format) 10.3.27.0/24
CSR1#sh bgp vpnv4 unicast all
BGP table version is 640, local router ID is 1.0.0.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 1:1 (default for vrf C1)
*> 10.1.19.0/24 101.1.19.19 0 0 119 i
*>i 10.1.22.0/24 1.0.0.2 0 100 0 122 i
Route Distinguisher: 1:2 (default for vrf C2)
*> 10.2.20.0/24 102.1.20.20 0 0 220 i
*>i 10.2.23.0/24 1.0.0.2 0 100 0 223 i
Route Distinguisher: 1:3 (default for vrf C3)
*> 10.3.21.0/24 103.1.21.21 0 0 321 i
*>i 10.3.24.0/24 1.0.0.2 0 100 0 324 i
CSR5
vrf definition C1
route-target import 2:6
!
do clear ip bgp * soft
BGP(4): (base) 101.1.19.19 send UPDATE (format) 10.1.25.0/24, next 101.1.19.1, metric 0, path 2 125, extended community RT:1:5
BGP(4): (base) 101.1.19.19 send UPDATE (format) 10.1.28.0/24, next 101.1.19.1, metric 0, path 2 128, extended community RT:1:5
BGP(4): (base) 101.1.19.19 send UPDATE (format) 10.1.25.0/24, next 101.1.19.1, metric 0, path 2 125, extended community RT:1:5
BGP(4): (base) 101.1.19.19 send UPDATE (format) 10.1.28.0/24, next 101.1.19.1, metric 0, path 2 128, extended community RT:1:5
CSR1#sh bgp vpnv4 unicast all
BGP table version is 646, local router ID is 1.0.0.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 1:1 (default for vrf C1)
*> 10.1.19.0/24 101.1.19.19 0 0 119 i
*>i 10.1.22.0/24 1.0.0.2 0 100 0 122 i
*>i 10.1.25.0/24 1.0.0.5 0 100 0 2 125 i
*>i 10.1.28.0/24 1.0.0.5 0 100 0 2 128 i
Route Distinguisher: 1:2 (default for vrf C2)
*> 10.2.20.0/24 102.1.20.20 0 0 220 i
*>i 10.2.23.0/24 1.0.0.2 0 100 0 223 i
Route Distinguisher: 1:3 (default for vrf C3)
*> 10.3.21.0/24 103.1.21.21 0 0 321 i
*>i 10.3.24.0/24 1.0.0.2 0 100 0 324 i
CSR1# sh ip route vrf C1 bgp
Gateway of last resort is not set
10.0.0.0/24 is subnetted, 4 subnets
B 10.1.19.0 [20/0] via 101.1.19.19, 4d12h
B 10.1.22.0 [200/0] via 1.0.0.2, 14:30:14
B 10.1.25.0 [200/0] via 1.0.0.5, 00:02:07
B 10.1.28.0 [200/0] via 1.0.0.5, 00:02:07
CSR6
vrf definition C1
route-target import 1:5
R19#traceroute 10.1.25.25 source loopback 1 numeric
Type escape sequence to abort.
Tracing the route to 10.1.25.25
VRF info: (vrf in name/id, vrf out name/id)
1 101.1.19.1 8 msec 2 msec 3 msec
2 1.1.3.3 [MPLS: Labels 24/54 Exp 0] 16 msec 17 msec 13 msec
3 1.3.10.10 [MPLS: Labels 24004/54 Exp 0] 13 msec 12 msec 25 msec
4 101.5.6.5 [MPLS: Label 54 Exp 0] 16 msec 13 msec 13 msec
5 101.5.6.6 14 msec 16 msec 13 msec
6 2.6.13.13 [MPLS: Labels 24018/38 Exp 0] 29 msec 31 msec 26 msec
7 2.13.15.15 [MPLS: Labels 24018/38 Exp 0] 27 msec 32 msec 27 msec
8 101.8.25.8 [MPLS: Label 38 Exp 0] 29 msec 25 msec 24 msec
9 101.8.25.25 26 msec * 36 msec
The control plane is handled by the VPNv4 or Option B and the data plane is handled by Option A via the VRF. The VRF needs the inter-as-hybrid command defined and so does the VPNv4 connection. This ties the VRF data plane to the VPNv4 control plane and allows the solution to work.
