Partitioned RRs with IOS-XR

Load vpnv4.partitioned.rr.xr.init.cfg

#IOS-XE
config replace flash:vpnv4.partitioned.rr.xr.init.cfg 

#IOS-XR
configure
load bootflash:vpnv4.partitioned.rr.xr.init.cfg 
commit replace
y

This is the same as the previous lab, except the RR is moved from R6 to XR1. The CE, XR2, is peered with R6 now.

The L3VPN is fully setup. All PEs are peered with the two RRs. Configure R3 to only accept VPN_A routes and configure XR1 to only accept VPN_B routes.

Answer

#R3
ip extcommunity-list standard PERMITTED_VPNv4 permit rt 100:1
!
router bgp 100
 template peer-session IBGP
  remote-as 100
  update-so lo0
 exit-peer-session
 !
 template peer-policy IBGP
  route-reflector-client
 exit-peer-policy
 !
 neighbor 2.2.2.2 inherit peer-session IBGP
 neighbor 4.4.4.4 inherit peer-session IBGP
 neighbor 5.5.5.5 inherit peer-session IBGP
 neighbor 6.6.6.6 inherit peer-session IBGP
 !
 add vpnv4
  bgp rr-group PERMITTED_VPNv4
  neighbor 2.2.2.2 activate
  neighbor 2.2.2.2 inherit peer-policy IBGP
  neighbor 4.4.4.4 activate
  neighbor 4.4.4.4 inherit peer-policy IBGP
  neighbor 5.5.5.5 activate
  neighbor 5.5.5.5 inherit peer-policy IBGP
  neighbor 6.6.6.6 activate
  neighbor 6.6.6.6 inherit peer-policy IBGP

#XR1
route-policy VPNv4_RETAIN
  if extcommunity rt matches-any (100:2) then
    pass
  endif
end-policy
!
router bgp 100
 address-family ipv4 unicast
 !
 address-family vpnv4 unicast
  retain route-target route-policy VPNv4_RETAIN
 !
 neighbor-group IBGP
  remote-as 100
  update-source Loopback0
  address-family vpnv4 unicast
   route-reflector-client
 !
 neighbor 2.2.2.2
  use neighbor-group IBGP
 !
 neighbor 4.4.4.4
  use neighbor-group IBGP
 !
 neighbor 5.5.5.5
  use neighbor-group IBGP
 !
 neighbor 6.6.6.6
  use neighbor-group IBGP

Explanation

This lab tests your understanding of applying RT filters in IOS-XR.

As a review, in IOS-XE you can disable the RT filter in three ways:

1. Configuring the VRF locally, and importing the RT

2. Configuring the router as an RR

3. Disabling the RT filter

router bgp 100
 no bgp default route-target filter

To configure the IOS-XE router as a RR that selectively accepts VPNv4 updates, you use an RR group.

ip extcommunity-list standard PERMITTED_VPNv4 permit rt 100:1
!
router bgp 100
 add vpnv4
  bgp rr-group PERMITTED_VPNv4

On IOS-XR, the same three methods are available for disabling the default RT filter:

1. Configure the VRF locally and import the RT

2. Configure the router as an RR

3. Disable the RT filter

router bgp 100
 add vpnv4 uni
  retain route-target all

To selectively import VPNv4 prefixes on an IOS-XR RR, you simply associate a route-policy with the retain route-target command.

route-policy VPNv4_RETAIN
  if extcommunity rt matches-any (100:2) then
    pass
  endif
end-policy
!
router bgp 100
 address-family vpnv4 unicast
  retain route-target route-policy VPNv4_RETAIN

On XR1, we can see that the only VPNv4 routes in the table are for VPN_B:

If we debug bgp update we can see that the VPN_A routes are denied due to the RT filter: