The MPLS-OPS Archive

Cell Relay Retreat>MPLS-OPS Archive>month:2003-Feb> msg00145



[Date Prev][Date Next][Thread Prev][Thread Next]  
  [Date Index][Thread Index][Author Index][Subject Index]

Re: Fwd: Re: RE: Route Distinguisher Questions

  • From: Robert Raszuk <raszuk@cisco.com>
  • Date: Thu, 20 Feb 2003 17:00:44 +0100
  • CC: MPLS-ops Mailing List <mpls-ops@mplsrc.com>
  • Organization: Signature: http://www.employees.org/~raszuk/sig/
  • Resent-Date: Thu, 20 Feb 2003 12:13:20 -0500
  • To: Roger Clark Williams <rogerw@nordlink.com>

Hi Roger,

I tried to stay out from this never ending thread, but oh well ;) ...

The answer really depends on the implementation. In cisco implementation
as example RDs don't really play any role into which vrf prefixes go
into. Let me just comment on two key points below:

> If there is no RT import statement, the update is ignored by that PE.

Except when PE acts as RRs/inter-as ASBR or some extranet hosting PE.
Those are important exceptions in this topic ;).

> Once the update is allowed (via the
> RT) and has entered the PE, the RD identifies the incoming routing update
> as being part of a particular VPN, and the update information is put into
> the proper VRF.

Not really :). Once it is allowed it lands into bgp vpnv4 data
structure. Then from this we do the actual import into vrfs. If the dst
vrf RD matches the received prefix RD the route goes into the vrf and
the life is cool. When RDs don't not match, but RT import allows it we
copy the prefix (just the net) to the new vpnv4 "branch" then insert it
into vrf. 

For clarity by vrf I call vrf routing table. Also it may be usefull to
add when in the latter case above we copied the prefix to a new RD
index, the original one is left there without pointing to any vrf (any
table_id also known as from bgp cli show commands as NULL table_id).

Cheers,
R.


> Roger Clark Williams wrote:
> 
> John, it is my understanding that it works this way: The RT import
> statement allows the routing update to be accepted into a given egress PE.
> If there is no RT import statement, the update is ignored by that PE.
> Therefore the update is not put into the VRF on that egress PE even if the
> VRF exists and is part of a given VPN. Once the update is allowed (via the
> RT) and has entered the PE, the RD identifies the incoming routing update
> as being part of a particular VPN, and the update information is put into
> the proper VRF.
> 
> As to your other question ("why do you need both?"), consider that you
> might want a VPN that shared certain routes with only a few VPN members,
> not the whole VRF routing  table with all members. A good example might be
> Company A Accounting Department. The accounting department wants to be a
> member of a VPN that connects all Company A's sites, but the accounting
> department only wants to be visible to certain other members of the VPN,
> not to everyone in the VPN. By using RTs properly, the routing information
> to the accounting subnet can be delivered to only those sites that have the
> proper RT import statement specific to the AccDept subnet. The RD will
> still allow those updates into the proper VRF. With the same RD but
> different RTs, that routing information would show up in some CE routing
> tables but not others. Yet all are members of the same VPN. So the short
> answer is that the combination of RD and RT allows a segmentation of the
> routing within a single VPN, or as the vernacular has it, better granularity.
> 
> Having said that, I think my explanation is perhaps overly general (and
> maybe even wrong), and I would be happy to hear others' more detailed
> explanations.
> 
> Roger Williams
> 
> >X-Originating-IP: [210.214.114.78]
> >From: "john smith" <johnsmith0302@hotmail.com>
> >To: "Roger Clark Williams" <rogerw@nordlink.com>
> >Subject: Re: RE: [MPLS-OPS]: Route Distinguisher Questions
> >Date: Wed, 19 Feb 2003 23:51:38 +0530
> >X-Mailer: Microsoft Outlook Express 5.00.2615.200
> >X-OriginalArrivalTime: 19 Feb 2003 18:02:52.0186 (UTC)
> >FILETIME=[1ED9CFA0:01C2D841]
> >
> >
> > > In other words, they are announced by the
> > > same "word" but their function and use within the system are not the same.
> > > They play on the same team (RD and RT within one VRF) but there is no
> > > correlation between them other than that fact and their names. So no,
> >there
> > > is no underlying reason the RD and RTs have to be the same number. In
> >fact,
> > > there are all kinds of instances in which there are multiple RTs within a
> > > single VRF and yet perhaps only one pair (if that) have the same "name" as
> > > the RD.
> >
> >
> >so what identifies the route "exclusively" RD or RT?
> >if i say that given a route and it came from some VPN, would you use RD or
> >RT to identify it..what would you say?
> >why do you need both?
> 
> -------
> The MPLS-OPS Mailing List
> Subscribe/Unsubscribe:  http://www.mplsrc.com/mplsops.shtml
> Archive: http://www.mplsrc.com/mpls-ops_archive.shtml

-------
The MPLS-OPS Mailing List
Subscribe/Unsubscribe:  http://www.mplsrc.com/mplsops.shtml
Archive: http://www.mplsrc.com/mpls-ops_archive.shtml