.. _bgp-user-guide-route-target-family:

Route Target Constrain Family
=============================
The BGP Multicast Route Target (RT) Constrain Multiprotocol extension can be used to restrict advertisement of VPN NLRI to peers that have advertised
their respective Route Targets, effectively building a route distribution graph.

.. contents:: Contents
   :depth: 2
   :local:

Configuration
^^^^^^^^^^^^^
This section shows a way to enable ROUTE-TARGET-CONSTRAIN family in BGP speaker and peer configuration.

BGP Speaker
'''''''''''
To enable ROUTE-TARGET-CONSTRAIN support in BGP plugin, first configure BGP speaker instance:

**URL:** ``/rests/data/openconfig-network-instance:network-instances/network-instance=global-bgp/openconfig-network-instance:protocols``

**Method:** ``POST``

.. tabs::

   .. tab:: XML

      **Content-Type:** ``application/xml``

      **Request Body:**

      .. code-block:: xml

         <protocol xmlns="http://openconfig.net/yang/network-instance">
             <name>bgp-example</name>
             <identifier xmlns:x="http://openconfig.net/yang/policy-types">x:BGP</identifier>
             <bgp xmlns="urn:opendaylight:params:xml:ns:yang:bgp:openconfig-extensions">
                 <global>
                     <config>
                         <router-id>192.0.2.2</router-id>
                         <as>65000</as>
                     </config>
                     <afi-safis>
                         <afi-safi>
                             <afi-safi-name>ROUTE-TARGET-CONSTRAIN</afi-safi-name>
                         </afi-safi>
                     </afi-safis>
                 </global>
             </bgp>
         </protocol>

   .. tab:: JSON

      **Content-Type:** ``application/json``

      **Request Body:**

      .. code-block:: json

         {
             "protocol": [
                 {
                     "identifier": "openconfig-policy-types:BGP",
                     "name": "bgp-example",
                     "bgp-openconfig-extensions:bgp": {
                         "global": {
                             "config": {
                                 "router-id": "192.0.2.2",
                                 "as": 65000
                             },
                             "afi-safis": {
                                 "afi-safi": [
                                     {
                                         "afi-safi-name": "ROUTE-TARGET-CONSTRAIN"
                                     }
                                 ]
                             }
                         }
                     }
                 }
             ]
         }

BGP Peer
''''''''
Here is an example for BGP peer configuration with enabled ROUTE-TARGET-CONSTRAIN family.

**URL:** ``/rests/data/openconfig-network-instance:network-instances/network-instance=global-bgp/openconfig-network-instance:protocols/protocol=openconfig-policy-types:BGP,bgp-example/bgp-openconfig-extensions:bgp/neighbors``

**Method:** ``POST``

.. tabs::

   .. tab:: XML

      **Content-Type:** ``application/xml``

      **Request Body:**

      .. code-block:: xml

         <neighbor xmlns="urn:opendaylight:params:xml:ns:yang:bgp:openconfig-extensions">
             <neighbor-address>192.0.2.1</neighbor-address>
             <afi-safis>
                 <afi-safi>
                     <afi-safi-name>ROUTE-TARGET-CONSTRAIN</afi-safi-name>
                 </afi-safi>
             </afi-safis>
         </neighbor>

   .. tab:: JSON

      **Content-Type:** ``application/json``

      **Request Body:**

      .. code-block:: json

         {
             "neighbor": [
                 {
                     "neighbor-address": "192.0.2.1",
                     "afi-safis": {
                         "afi-safi": [
                             {
                                 "afi-safi-name": "ROUTE-TARGET-CONSTRAIN"
                             }
                         ]
                     }
                 }
             ]
         }

ROUTE-TARGET-CONSTRAIN Route API
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Following tree illustrates the BGP ROUTE-TARGET-CONSTRAIN route structure.

.. code-block:: console

   :(route-target-constrain-routes-case)
     +--rw route-target-constrain-routes
        +--rw route-target-constrain-route* [route-key path-id]
           +--rw origin-as                  inet:as-number
           +--rw (route-target-constrain-choice)
              +--:(route-target-constrain-default-case)
              |  +--rw route-target-constrain-default-route!
              +--:(route-target-constrain-route-case)
              |  +--rw route-target-extended-community
              |     +--rw global-administrator?   short-as-number
              |     +--rw local-administrator?    binary
              +--:(route-target-constrain-ipv4-route-case)
              |  +--rw route-target-ipv4
              |     +--rw global-administrator?   inet:ipv4-address
              |     +--rw local-administrator?    uint16
              +--:(route-target-constrain-as-4-extended-community-case)
                 +--rw as-4-route-target-extended-community
                    +--rw as-4-specific-common
                       +--rw as-number              inet:as-number
                       +--rw local-administrator    uint16

Usage
^^^^^
The ROUTE TARGET CONSTRAIN table in an instance of the speaker's Loc-RIB can be verified via REST:

**URL:** ``/rests/data/bgp-rib:bgp-rib/rib=bgp-example/loc-rib/tables=bgp-types:ipv4-address-family,bgp-route-target-constrain:route-target-constrain-subsequent-address-family/bgp-route-target-constrain:route-target-constrain-routes?content=nonconfig``

**Method:** ``GET``

.. tabs::

   .. tab:: XML

      **Response Body:**

      .. code-block:: xml

         <route-target-constrain-routes xmlns="urn:opendaylight:params:xml:ns:yang:bgp:route:target:constrain">
             <route-target-constrain-route>
                 <route-key>flow1</route-key>
                 <path-id>0</path-id>
                 <origin-as>64511</origin-as>
                 <route-target-extended-community>
                     <global-administrator>64511</global-administrator>
                     <local-administrator>AAAAZQ==</local-administrator>
                 </route-target-extended-community>
                 <attributes>
                     <ipv4-next-hop>
                         <global>199.20.166.41</global>
                     </ipv4-next-hop>
                     <as-path/>
                     <origin>
                         <value>igp</value>
                     </origin>
                     <local-pref>
                         <pref>100</pref>
                     </local-pref>
                 </attributes>
             </route-target-constrain-route>
         </route-target-constrain-routes>

   .. tab:: JSON

      **Response Body:**

      .. code-block:: json

         {
             "route-target-constrain-routes": {
                 "route-target-constrain-route": [
                     {
                         "route-key":"flow1",
                         "path-id": 0,
                         "origin-as": 64511,
                         "route-target-extended-community": {
                             "global-administrator": 64511,
                             "local-administrator": "AAAAZQ=="
                         },
                         "attributes": {
                             "origin": {
                                 "value": "igp"
                             },
                             "local-pref": {
                                 "pref": 100
                             },
                             "ipv4-next-hop": {
                                 "global": "199.20.166.41"
                             }
                         }
                     }
                 ]
             }
         }

Routing Policies
^^^^^^^^^^^^^^^^

.. tabs::

   .. tab:: XML

      .. code-block:: xml

         <policy-definition>
             <name>default-odl-export-policy</name>
             <statement>
             ...
             <statement>
                 <name>from-external-to-external-RTC</name>
                 <conditions>
                     <bgp-conditions xmlns="http://openconfig.net/yang/bgp-policy">
                         <afi-safi-in xmlns:x="urn:opendaylight:params:xml:ns:yang:bgp:openconfig-extensions">x:ROUTE-TARGET-CONSTRAIN</afi-safi-in>
                         <match-role-set xmlns="urn:opendaylight:params:xml:ns:yang:odl:bgp:default:policy">
                             <from-role>
                                 <role-set>/rpol:routing-policy/rpol:defined-sets/bgppol:bgp-defined-sets/role-sets/role-set[role-set-name="only-ebgp"]</role-set>
                             </from-role>
                             <to-role>
                                 <role-set>/rpol:routing-policy/rpol:defined-sets/bgppol:bgp-defined-sets/role-sets/role-set[role-set-name="only-ebgp"]</role-set>
                             </to-role>
                         </match-role-set>
                     </bgp-conditions>
                 </conditions>
                 <actions>
                     <bgp-actions xmlns="http://openconfig.net/yang/bgp-policy">
                         <client-attribute-prepend xmlns="urn:opendaylight:params:xml:ns:yang:bgp:route:target:constrain"/>
                     </bgp-actions>
                 </actions>
             </statement>
             ...
             </statement>
             <statement>
                 <name>from-internal-or-rr-client-to-route-reflector</name>
                 <conditions>
                     <bgp-conditions xmlns="http://openconfig.net/yang/bgp-policy">
                         <afi-safi-not-in xmlns:x="urn:opendaylight:params:xml:ns:yang:bgp:openconfig-extensions"
                                    xmlns="urn:opendaylight:params:xml:ns:yang:odl:bgp:default:policy">x:ROUTE-TARGET-CONSTRAIN
                         </afi-safi-not-in>
                         <match-role-set xmlns="urn:opendaylight:params:xml:ns:yang:odl:bgp:default:policy">
                             <from-role>
                                 <role-set>/rpol:routing-policy/rpol:defined-sets/bgppol:bgp-defined-sets/role-sets/role-set[role-set-name="ibgp-rr-client"]</role-set>
                             </from-role>
                             <to-role>
                                 <role-set>/rpol:routing-policy/rpol:defined-sets/bgppol:bgp-defined-sets/role-sets/role-set[role-set-name="only-rr-client"]</role-set>
                             </to-role>
                         </match-role-set>
                     </bgp-conditions>
                 </conditions>
                 <actions>
                     <bgp-actions xmlns="http://openconfig.net/yang/bgp-policy">
                         <set-cluster-id-prepend xmlns="urn:opendaylight:params:xml:ns:yang:odl:bgp:default:policy"/>
                         <set-originator-id-prepend xmlns="urn:opendaylight:params:xml:ns:yang:odl:bgp:default:policy"/>
                     </bgp-actions>
                 </actions>
             </statement>
             <statement>
                 <name>from-internal-or-rr-client-to-route-RTC</name>
                 <conditions>
                     <bgp-conditions xmlns="http://openconfig.net/yang/bgp-policy">
                         <afi-safi-in xmlns:x="urn:opendaylight:params:xml:ns:yang:bgp:openconfig-extensions">x:ROUTE-TARGET-CONSTRAIN</afi-safi-in>
                         <match-role-set xmlns="urn:opendaylight:params:xml:ns:yang:odl:bgp:default:policy">
                             <from-role>
                                 <role-set>/rpol:routing-policy/rpol:defined-sets/bgppol:bgp-defined-sets/role-sets/role-set[role-set-name="ibgp-rr-client"]</role-set>
                             </from-role>
                             <to-role>
                                 <role-set>/rpol:routing-policy/rpol:defined-sets/bgppol:bgp-defined-sets/role-sets/role-set[role-set-name="only-rr-client"]</role-set>
                             </to-role>
                         </match-role-set>
                     </bgp-conditions>
                 </conditions>
                 <actions>
                     <bgp-actions xmlns="http://openconfig.net/yang/bgp-policy">
                         <set-originator-id-prepend xmlns="urn:opendaylight:params:xml:ns:yang:odl:bgp:default:policy"/>
                         <set-next-hop>SELF</set-next-hop>
                     </bgp-actions>
                 </actions>
             </statement>
             <statement>
                 <name>vpn-membership-RTC</name>
                 <conditions>
                     <bgp-conditions xmlns="http://openconfig.net/yang/bgp-policy">
                         <afi-safi-in xmlns:x="http://openconfig.net/yang/bgp-types">x:L3VPN-IPV4-UNICAST</afi-safi-in>
                         <afi-safi-in xmlns:x="http://openconfig.net/yang/bgp-types">x:L3VPN-IPV6-UNICAST</afi-safi-in>
                         <vpn-non-member xmlns="urn:opendaylight:params:xml:ns:yang:odl:bgp:default:policy"/>
                     </bgp-conditions>
                 </conditions>
                 <actions>
                     <reject-route/>
                 </actions>
             </statement>
             ...
             ...
         </policy-definition>

   .. tab:: JSON

      .. code-block:: json

         {
             "policy-definition": [
                 {
                     "name": "default-odl-export-policy",
                     "statement": [
                         "...",
                         {
                             "name": "from-external-to-external-RTC",
                             "conditions": {
                                 "bgp-conditions": {
                                     "afi-safi-in": "x:ROUTE-TARGET-CONSTRAIN",
                                     "match-role-set": {
                                         "from-role": {
                                             "role-set": "/rpol:routing-policy/rpol:defined-sets/bgppol:bgp-defined-sets/role-sets/role-set[role-set-name=\"only-ebgp\"]"
                                         },
                                         "to-role": {
                                             "role-set": "/rpol:routing-policy/rpol:defined-sets/bgppol:bgp-defined-sets/role-sets/role-set[role-set-name=\"only-ebgp\"]"
                                         }
                                     }
                                 }
                             },
                             "actions": {
                                 "bgp-actions": {
                                     "client-attribute-prepend": null
                                 }
                             }
                         },
                         "...",
                         {
                             "name": "from-internal-or-rr-client-to-route-reflector",
                             "conditions": {
                                 "bgp-conditions": {
                                     "afi-safi-not-in": "x:ROUTE-TARGET-CONSTRAIN",
                                     "match-role-set": {
                                         "from-role": {
                                             "role-set": "/rpol:routing-policy/rpol:defined-sets/bgppol:bgp-defined-sets/role-sets/role-set[role-set-name=\"ibgp-rr-client\"]"
                                         },
                                         "to-role": {
                                             "role-set": "/rpol:routing-policy/rpol:defined-sets/bgppol:bgp-defined-sets/role-sets/role-set[role-set-name=\"only-rr-client\"]"
                                         }
                                     }
                                 }
                             },
                             "actions": {
                                 "bgp-actions": {
                                     "set-cluster-id-prepend": null,
                                     "set-originator-id-prepend": null
                                 }
                             }
                         },
                         {
                             "name": "from-internal-or-rr-client-to-route-RTC",
                             "conditions": {
                                 "bgp-conditions": {
                                     "afi-safi-in": "x:ROUTE-TARGET-CONSTRAIN",
                                     "match-role-set": {
                                         "from-role": {
                                             "role-set": "/rpol:routing-policy/rpol:defined-sets/bgppol:bgp-defined-sets/role-sets/role-set[role-set-name=\"ibgp-rr-client\"]"
                                         },
                                         "to-role": {
                                             "role-set": "/rpol:routing-policy/rpol:defined-sets/bgppol:bgp-defined-sets/role-sets/role-set[role-set-name=\"only-rr-client\"]"
                                         }
                                     }
                                 }
                             },
                             "actions": {
                                 "bgp-actions": {
                                     "set-originator-id-prepend": null,
                                     "set-next-hop": "SELF"
                                 }
                             }
                         },
                         {
                             "name": "vpn-membership-RTC",
                             "conditions": {
                                 "bgp-conditions": {
                                     "afi-safi-in": [
                                         "x:L3VPN-IPV4-UNICAST",
                                         "x:L3VPN-IPV6-UNICAST"
                                     ],
                                     "vpn-non-member": null
                                 }
                             },
                             "actions": {
                                 "reject-route": []
                             }
                         }
                     ]
                 },
                 "...",
                 "..."
             ]
         }

References
^^^^^^^^^^
* `Constrained Route Distribution for Border Gateway Protocol/MultiProtocol Label Switching (BGP/MPLS) Internet Protocol (IP) Virtual Private Networks (VPNs) <https://tools.ietf.org/html/rfc4684>`_