Configuring VPN ORF

After BGP peer relationships are established in the BGP-VPN-Target (VT) address family, VPN ORF filters the routes to be advertised to PEs based on the VPN target of each VPN instance bound to each PE.

Usage Scenario

As the network increases in size and complexity, a PE receives a larger number of routes. To enable the PE to receive only the expected routes, thereby reducing pressure on the PE, you can configure VPN ORF. After VPN ORF is enabled, the local device filters the routes to be advertised to PEs based on the VPN target of each VPN instance bound to each PE.

On the network shown in Figure 1, before the VPN ORF capability is enabled, the RR advertises all the VPN routes received from the VPN instances on PE1 to PE2. However, only the IRT 1:1 in these routes matches the ERT 1:1 of PE2. Similarly, the RR also advertises all the VPN routes received from the VPN instances on PE2 to PE1, and only the IRT 1:1 in these routes matches the ERT 1:1 of PE1. In this case, PE1 and PE2 both receive many unwanted routes. To prevent this issue, you can establish VPN ORF route-based peer relationships between the RR and PE1 and between the RR and PE2 in the BGP-VPN-Target address family. The VPN ORF route-based peers negotiate the VPN ORF capability. Then, PE1 and PE2 send VPN ORF routes to their peer (the RR). These VPN ORF routes carry the IRTs of the expected routes and original AS numbers. Based on the received routes, the RR constructs an export policy. The RR learns the routes matching the ERTs 1:1 and 2:2 from PE1 and the routes matching the ERTs 1:1 and 3:3 from PE2. Subsequently, because PE1 and PE2 require the same IRT, the RR sends only the routes with the IRT 1:1 to PE1 and PE2.

Figure 1 Networking of VPN ORF

Pre-configuration Tasks

Before configuring VPN ORF, complete the following tasks:

Configure basic BGP functions.
Configure a basic BGP/MPLS IP VPN and establish VPNv4 connections.

Procedure

Perform the following steps on each PE:
1. Run system-view
  The system view is displayed.
2. Run bgp as-number
  The BGP view is displayed.
3. Run ipv4-family vpn-target
  The BGP-VPN-Target address family view is displayed.
4. Run peer { ipv4-address | group-name } enable
  A VPN ORF route-based peer relationship is established, and the capability to exchange VPN ORF routing information with the specified peer or peer group is enabled.
5. (Optional) Run external-path path-number
  The maximum number of EBGP peers allowed in the BGP-VT address family is set.
  
  By default, when BGP receives the same VPN ORF route from multiple peers, BGP selects one of the identical VPN ORF routes with the same prefix as the preferred route. BGP advertises VPN routes matching VPN ORF only to the preferred peer. As a result, fast reroute (FRR) and load balancing cannot be implemented. To resolve this problem, run this command to set the maximum number of EBGP peers allowed in the BGP-VT address family so that FRR and load balancing can be implemented among ASBRs.
6. Run commit
  The configuration is committed.
Perform the following steps on the device that is to function as an RR:
1. Run system-view
  The system view is displayed.
2. Run bgp as-number
  The BGP view is displayed.
3. Run ipv4-family vpn-target
  The BGP-VPN-Target address family view is displayed.
4. Run peer { peeripv4addr | group-name } enable
  A VPN ORF route-based peer relationship is established, and the capability to exchange VPN ORF routing information with the specified peer or peer group is enabled.
5. Run peer { group-name | ipv4-address } reflect-client in the BGP-VPNv4 address family view and BGP-VPN-Target address family view
  The local device is configured as an RR, and the specified peer or peer group is configured as a client of the RR.
6. (Optional) Run peer ipv4-address default-route-advertise
  The device is enabled to advertise default VPN ORF routes to the specified peer or peer group.
  
  If a device that does not support VPN ORF exists on the network, you can configure the RR to advertise default VPN ORF routes to the peer or peer group in the BGP-VPN-Target address family view so that the RR can establish a VPN ORF route-based peer relationship with the specified peer or peer group. Take the network shown in Figure 1 as an example. If PE2 does not support VPN ORF, run this command to enable the RR to send default VPN ORF routes to PE1. PE1 then sends all its local VPN routes to the RR. As a result, PE1 receives the route with the VPN target 1:1, and PE2 receives the routes with the VPN targets 1:1 and 2:2.
7. Run commit
  The configuration is committed.

Verifying the Configuration

After VPN ORF is enabled, run the display bgp vpn-target routing-table command to check routing information in the BGP VT address family.

Run the display bgp vpnv4 routing-table command to check information about BGP VPNv4 and BGP VPN routes.