Table of Contents
Advertisement
VPN-IPv4 Addresses
Route Targets
Copyright © 2010, Juniper Networks, Inc.
Because each VPN has its own private address space, the same IP address might be
used in several VPNs. To provide for more than one route to a given IPv4 address (each
route unique to a single VPN), BGP/MPLS VPNs use route distinguishers (RDs) followed
by an IPv4 address to create unique VPN-IPv4 addresses. A route can have only one RD.
The RD contains no routing information; it simply enables you to create unique VPN-IPv4
address prefixes. You can specify the RD in either of the following ways:
An autonomous system (AS) number followed by a 32-bit assigned number. If the AS
number is from the public address space, it must have been assigned to the service
provider by the Internet Assigned Numbers Authority (IANA). The service provider can
choose the assigned number. We recommend you do not use numbers from the private
AS number space.
An IP address followed by a 16-bit assigned number. If the IP address is from the public
IP address space, it must have been assigned to the service provider by IANA. The
assigned number may be chosen by the service provider. Use of numbers from the
private IP address space is strongly discouraged.
You can create unique VPN-IPv4 addresses by assigning a unique RD to each VRF in your
network. However, the optimal strategy depends on the configuration of your network.
For example, if each VRF always belongs to only one VPN, you might use a single RD for
all VRFs that belong to a particular VPN.
A route-target extended community, or route target, is a type of BGP extended community
that you use to define VPN membership. The route target appears in a field in the update
messages associated with VPN-IPv4.
You create route-target import lists and route-target export lists for each VRF. The route
targets that you place in a route target export list are attached to every route advertised
to other PE routers. When a PE router receives a route from another PE router, it compares
the route targets attached to each route against the route-target import list defined for
each of its VRFs. If any route target attached to a route matches the import list for a VRF,
then the route is imported to that VRF. If no route target matches the import list, then
the route is rejected for that VRF.
Depending on your network configuration, the import and export lists may be identical.
Typically, you do the following:
Allocate one route-target extended-community value per VPN.
Configure the import list and the export list to include the same information: the set
of VPNs comprising the sites associated with the VRF.
For more complicated scenarios—for example, hub-and-spoke VPNs—the route-target
import list and the route-target export list might not be identical.
Chapter 6: Configuring BGP-MPLS Applications
389
Advertisement
Table of Contents
Troubleshooting
