The MPLS-OPS Archive

["john smith" <johnsmith0302@hotmail.com>]

would just like to ask this question to someone who said multiple RDs help
per vrf (funny even the latest version of 2547bis on ietf site seems to
suggest multiple RDs!)

if RT can decide what route enters what VRF (setting the community tag etc)

why does multiple RD help at all?

finally the route distribution is handled by RT

there was some case where guys were talking about 2 RDs so that we can "go
across VPNs"

what about the overlapping address spaces one may come across in the 2VPNs,
how will a CE-A which is connected to vrf-a and vrf-b do anything in this
scenario to help it reach the right vpn?
eg 192.168.x.x is overlapping in 2 VPNs, and you want to merge them using
RD...how can you?

and if the address space is not overlapping, isnt RT sufficient to solve the
problem?


----- Original Message -----
From: tricia ruggiero <truggier@cisco.com>
To: <MHeusinger@gmx.net>; 'Aries C' <cariesc@hotmail.com>;
<mpls-ops@mplsrc.com>
Sent: Monday, February 17, 2003 2:50 AM
Subject: RE: [MPLS-OPS]: Route Distinguisher Questions


> very good definition - just one more thing to add...
> the rd that is configured locally within a vrf is the 'section' of the bgp
table that will feed that local vrf.   this is why it may be a scaling issue
if each vrf is configured with a different rd - the locally originated
routes will have their rd 'section', and the other vpn sites' routes will
get imported into their own 'section' of the bgp table, as well as copied
into the local 'section'.    this is also why they should be globally unique
within the pe-pe-pe mesh.
> it is absolutely true that the essential part of the vpn config is the
route target, but the rd can also break routing if mis-configured.
>
> -----Original Message-----
> From: Martin Heusinger [mailto:MHeusinger@gmx.net]
> Sent: Sunday, 16 February, 2003 07:29
> To: Aries C; mpls-ops@mplsrc.com
> Subject: Re: [MPLS-OPS]: Route Distinguisher Questions
>
>
> Hi Aries,
>
> to answer your questions:
>
> Route Distinguisher (RD) has only one purpose: make IPv4 prefixes globally
> unique. MPLS VPNs are based on the distribution of routing information of
> IPv4 prefixes. Now customers may all use private IP addresses (RFC 1918).
> To be able on a PE to distinguish between f.e. 10.0.0.0/8 from one
customer
> to 10.0.0.0/8 of another customer one adds the Route Distinguisher. In
> Multiprotocol BGP the PEs are routing VPNv4 prefixes, i.e. VPNv4=RD+IPv4.
> There is no other special meaning to the RD than to make addresses
globally
> unique. Especially RD has nothing to do with VPN membership.
>
> VPN membership is solely determined through import and export rules based
> on Route Targets (RT). Those are extended communities attached to VPNv4
> prefixes. One VPNv4 prefix may have one or many different RTs attached to
> it, i.e. a IPv4 prefix may be seen in one VPN or in many VPNs or customer
> locations.
>
> In a first approach you might say an RT identifies a VPN. A customer site
> is part of several VPNs, when it´s IPv4 prefixes (f.e. 10.0.0.0/8) can be
> reached within several VPNs. This CAN be achieved by attaching the
> respective VPN-RTs to the VPNv4 prefixes in every PE a customer site is
> connected to.
> (I am aware, that there might be different usages for RT, like in central
> services VPN, but as an MPLS instructor my experience is, that this
> approach is the most simple and understandable one "for the beginner").
>
> You can think of VRFs as a virtual Router the customer Edge router (CE) is
> attached to. Within one PE very VRF has to have a unique RD. IF a customer
> has two CEs (CE1, CE2)with the same connectivity requirements connected to
> the same PE you could use ONE VRF in the beginning. This VRF would have a
> routing table with all the IPv4 prefixes to be seen by the two customer
> sites.
> Now assume a more complex VPN topology. F.e. CE1 might be part of
> additional VPNs, whereas CE2 is not. This clearly means, that CE1 should
> see a different set of IPv4 prefixes than CE2. This means one needs TWO
> VRFs one for CE1 and one for CE2. So there have to be two RDs as well.
> Starting with the simple approach of one RD for all VRFs a customer is
> attached to, this means to create a new VRF (with a unique RD) and to
> reconfigure the PE. This leads to a network outage. for at least one CE.
>
>
> now on to your questions:
>
> 1. is definition RD per VRF : all RDs are unique regardless which VPN it
> belongs to ?
> Yes, this is the most flexible setup. VPN membership can be easily changed
> by adding or removing RTs
>
> 2. Is definition RD per VPN : one RD is used acrossed all VRF belongs to a
> VPN ?
> Yes, this can be used in a "simple VPN" scenario, i.e. all customer sites
> have connectivity to each other.
>
> 3. Why the paragraph mentions RD per VRF is more recommended ( because
> configuration conflict and reduce the memory requirements), as compared to
> RD per VPN ?
> The answer is: RTs are BGP communities. Changing/manipulating them is
> rather simple. To change the RD (in Cisco routers) one has to delete the
> VRF and to add it again. This means a lot of work and network outage.
>
> 4. Can I use RD per VPN, though a site could belong to multiple VPN.
> Because theoritically, we can use Route Target to control export and
import
> (again the uniqueness is taken care with RD, and also different VPN has
> different RD anyway i.e. VPN A = RD 100:27 and VPN B = 101:27).
>
> No. VPN and RD have nothing to do with each other. Also PLEASE: the
> official RD format is <AS number>:<any number (32 Bit)> or <official
> IP>:<any number (16 Bit)>!! Using any different numbering scheme is like
> using "unofficial" IP addresses! DO NOT DO THIS!
> Use 100:27 and 100:28 IF AND ONLY IF your official AS number is 100.
>
> The confusion about RD and RT and their usage is unfortunately pushed by
> the fact, that RT has the same format.
>
> Hope this helps more than it confuses ;-)
>
> Martin
>
> P.S.: The book is right, Ivan understands the matter :-)
>
> On Sun, 16 Feb 2003 08:58:10 +0000, Aries C <cariesc@hotmail.com> wrote:
>
> > Hi All,
> >
> > I m reading a book of Ivan Pepelnjak's book (MPLS and VPN Arch.)
> > At page 191 Chapter 10, there's 3 paragraph get me confused :
> >
> >
> > "Each VRF within the PE router configuration needs to have an associated
> > RD, which might or might not be related to a particular site or VPN
> > membership of that site. In the most common case, where a site belongs
> > only to one intranet VPN, it's technically possible and recommended, to
> > use unique RD for the VPN. However, if this site at some point in the
> > future will become a member of an extraner VPN, do not take this
approach
> > because it might incur config. issues when trying to provision the
> > extranet VPN.
> >
> > For example, suppose a different RD is used for each VPN. If a
particular
> > site wants to be a member of multiple VPNs, it's not possible to to
> > identify which route distinguisher to use for the site because it
belongs
> > to more than one VPN.
> >
> > Therefore, for network topologies other than simple intranet model, use
> > the same route distinguisher per VRF, rather than per VPN, to avoid this
> > type of conflicting config. and to reduce the memory requirements of the
> > PE router. In the case of an extranet VPN, this means the VRF that makes
> > up the VPN uses the same RD regardless of the particular VPN site to
> > which the VRF belongs. "
> >
> >
> > The question are :
> >
> > 1. is definition RD per VRF : all RDs are unique regardless which VPN it
> > belongs to ?
> > 2. Is definition RD per VPN : one RD is used acrossed all VRF belongs to
> > a VPN ?
> > 3. Why the paragraph mentions RD per VRF is more recommended ( because
> > configuration conflict and reduce the memory requirements), as compared
> > to RD per VPN ?
> > 4. Can I use RD per VPN, though a site could belong to multiple VPN.
> > Because theoritically, we can use Route Target to control export and
> > import (again the uniqueness is taken care with RD, and also different
> > VPN has different RD anyway i.e. VPN A = RD 100:27 and VPN B = 101:27).
> >
> >
> > Could anyone educate me on this.
> >
> >
> > TIA
> >
> > Aries C.
> >
> >
> >
> >
> >
> > _________________________________________________________________
> > Hotmail now available on Australian mobile phones. Go to
> > http://ninemsn.com.au/mobilecentral/hotmail_mobile.asp
> >
> > -------
> > The MPLS-OPS Mailing List
> > Subscribe/Unsubscribe:  http://www.mplsrc.com/mplsops.shtml
> > Archive: http://www.mplsrc.com/mpls-ops_archive.shtml
> >
> >
>
>
>
>
> -------
> The MPLS-OPS Mailing List
> Subscribe/Unsubscribe:  http://www.mplsrc.com/mplsops.shtml
> Archive: http://www.mplsrc.com/mpls-ops_archive.shtml
>
> -------
> The MPLS-OPS Mailing List
> Subscribe/Unsubscribe:  http://www.mplsrc.com/mplsops.shtml
> Archive: http://www.mplsrc.com/mpls-ops_archive.shtml
>

-------
The MPLS-OPS Mailing List
Subscribe/Unsubscribe:  http://www.mplsrc.com/mplsops.shtml
Archive: http://www.mplsrc.com/mpls-ops_archive.shtml