Here i have a question:- How route distinguisher works and its benefit?
I know it is used in MPLS/VPN to make the routes unique when 2 or more customers are using the overlapping address space by prepending 64 bits in front of IP address.
What I dont know the exact process. What is the use of RD becasue as per my understanding the installation of a route in a VRF depends on RT (whatever the value of RD is).
Could you please explain how RD is used exactly?
Thanks in Advance
Hello Mohit - a PE may have several VRFs, but it only has 1 BGP table. When a route is redistributed into BGP from the VRF (export), the RD is associated as part of the route, which as you mentioned, makes the route unique within the entire BGP table. Adding the RD, also makes this a VPNv4 route, separate from the IPv4 routes in BGP.
As you mentioned the RT controls which routes will be imported on the far side PE, for a given VRF.
Could you please clarify why and how route import and export works and between which routing instances such as IPv4 to VPNv4?
Thanks in Advance.
A customer shares an IPv4 route with an IGP peering PE. This route is recieved through an interface that is dedicated to the VRF for the customer.
When this route is exported from that VRF into MP-BGP, it will be assigned the Route Targets specified as export route targets in that customers VRF definition.
This route is now a VPNv4 route in MP-BGP and the RT is included as an extended BGP community.
At the other edge of the network, on a PE connected to the customers remote site, there will be another VRF for that customer. When that PE imports routes from MP-BGP, it will only import routes that have a RT that matches this routers VRF definitions for import route targets, and then those routes can be advertised from the PE to the customer's CE router.
Hope that helps,
Thank you so much Keith.
I got a bit confused before when I saw the following configuration:
ip vrf customer1
route-target import 100:1 <<< This should have been a different identifier since it is remote site.>>>
route-target export 100:1
But now I understand that it could be the same if there is no requirement to have a different identifier for each site for the same customer.
The only thing to be concerned with is that you come up with a convention that makes sense to you (or someone supporting it!). While you CAN come up with separate/same/whatever numbers, you don't want to get too insane with it, because three months down the road, who's going to be the one supporting it and/or cursing it out if they forget something!
Best practice is to use different RD values for customer's different sites to make the route globally unique (in MPBGP table) learned from different CE's but RD value can also be same to all the customer's sites on all PEs (means all sites of a single customer). The reason is that RFC doesn't define anything on this because it is unlikely that customer will advertise same route from its two different site..:)
In summary, RD value is only used to make the route unique in Gobal MP-BGP table which is present in the form of a roadmap in all PE routers.
"show ip bgp vpnv4 all" can be used to see MPBGP table. In a full mesh MPLS IPVPN network results should be same on all PE routers.
It is also important to remember that RD value is locally significant but it doesn't mean that it will remain inside the router. Here locally significant means that it will not be used anywhere by any device. Once route is imported into corrosponding vrf via import RT, then RD value is stripped off and only IPv4 route is put into the vrf routing table.
VPNv4 route=<ASN or IP address> : <VRF id>+<PE ID>
This format is used to make the VPNv4 route unique inside MP-BGP table.
Please revert in case you need more info or have additional information.
Agreed. I have seen issues before when using the same RD in the same VRF on multiple PE's with a dual-homed location using eiBGP multipath.
When advertising the same route from multiple locations (for load sharing) we found the Route Reflector would prefer only one of the paths and reflect that out to its neighbors breaking the load sharing.
This is an old threat but I have seen people is replying to it over the years.
The question about RD is making me crazy since I have been studing MPLS VPN, because I was just wondering why to use RD if we have RTs. Keith Barker has answer my question since he said:
Hello Mohit - a PE may have several VRFs, but it only has 1 BGP table. When a route is redistributed into BGP from the VRF (export), the RD is associated as part of the route, which as you mentioned, makes the route unique within the entire BGP table.
Now it makes sense to use RD if the PE has only one BGP table, but, actually does a PE have only one BGP table? Doing show commands I can see that the PE's BGP table has different sections for different VPN instances. Doesn't a PE have a different BGP table for each VPN instace?
Thanks a lot in advance!
The relevance of "RD" has been a bit brain hurty for me too. However now I get it! Look at this thread question and the first reply makes 100% sense (at least to me) on why RD is required and gives an excellent example of what would happen if RD did not exist.
Ping back on this thread if it works for you too!
Please read the explanation below.
Route Targets vs. Route Distinguishers
A CE router advertises an IPv4 route to a PE router via an IGP. On the PE router this route gets installed into a VRF (associated with some customer) through an interface dedicated to that VRF. Here the IGP process between the PE and the CE routers is called VRF-aware.
When later on the PE router this route is redistributed from that VRF into MP-BGP (what is called export), it is assigned the Export Route Target specified under that VRF`s configuration. Now this route inside the MP-BGP is a VPNv4 route and the RT is included as an extended BGP community. (However, it`s not the RT what turns an IPv4 route into a VPNv4 route; it`s the Route Distinguisher, discussed later.)
At the other edge of the network, a PE connected to the customer`s remote site will have another VRF for that customer. When the PE redistributes routes back from MP-BGP into VRFs (what is called import), the Import Route Targets specified under specific customers` VRFs control which routes are imported into which VRF. Then these routes are advertised to other CE routers via a VRF-aware IGP process.
When prefixes are redistributed from a VRF into MP-BGP, an 8-byte Route Distinguisher is added to an IPv4 prefix, turning it into a VPNv4 route; it now looks like: 220.127.116.11:1 10.0.0.0/24.
When two VPNv4 routes carrying same IPv4 prefixes and different Route Targets reach the same PE router (through the MP-BGP), they will be installed into both VRFs only if they have different Route Distinguishers. If they don`t, the first update will install the prefix into one VRF, and the second one will delete it from there and install it into another VRF.
So the RD values could be the same per customer (as it is unlikely that any customer will advertise same prefixes from two of its different locations), but they shouldn`t be the same for different customers as then all VPNv4 routes with same RDs and same IPv4 prefixes won`t get properly installed into VRFs: some updates will install prefixes into one customer`s VRF (according to its Route Target value), other updates will delete those prefixes and install them into another customer`s VRF, according to its Route Target value.
If a customer has a location with 2 connections to the ISP (going to separate PE routers), on both PE routers the same RD values could be used to provide a backup route to the primary route to that customer`s network from inside the ISP network. But for load-balancing different RD values should be used, as BGP routers inside the ISP network will chose only one best path for each destination prefix.
(The last paragraph was edited after Julian`s reply.)