Route Target Constrain Family¶
The BGP Multicast Route Target (RT) Constrain Multiprotocol extension can be used to restrict advertisement of VPN NLRI to peers that have advertised their respective Route Targets, effectively building a route distribution graph.
Configuration¶
This section shows a way to enable ROUTE-TARGET-CONSTRAIN family in BGP speaker and peer configuration.
BGP Speaker¶
To enable ROUTE-TARGET-CONSTRAIN support in BGP plugin, first configure BGP speaker instance:
URL: /rests/data/openconfig-network-instance:network-instances/network-instance=global-bgp/openconfig-network-instance:protocols
Method: POST
Content-Type: application/xml
Request Body:
<protocol xmlns="http://openconfig.net/yang/network-instance">
<name>bgp-example</name>
<identifier xmlns:x="http://openconfig.net/yang/policy-types">x:BGP</identifier>
<bgp xmlns="urn:opendaylight:params:xml:ns:yang:bgp:openconfig-extensions">
<global>
<config>
<router-id>192.0.2.2</router-id>
<as>65000</as>
</config>
<afi-safis>
<afi-safi>
<afi-safi-name>ROUTE-TARGET-CONSTRAIN</afi-safi-name>
</afi-safi>
</afi-safis>
</global>
</bgp>
</protocol>
Content-Type: application/json
Request Body:
{
"protocol": [
{
"identifier": "openconfig-policy-types:BGP",
"name": "bgp-example",
"bgp-openconfig-extensions:bgp": {
"global": {
"config": {
"router-id": "192.0.2.2",
"as": 65000
},
"afi-safis": {
"afi-safi": [
{
"afi-safi-name": "ROUTE-TARGET-CONSTRAIN"
}
]
}
}
}
}
]
}
BGP Peer¶
Here is an example for BGP peer configuration with enabled ROUTE-TARGET-CONSTRAIN family.
URL: /rests/data/openconfig-network-instance:network-instances/network-instance=global-bgp/openconfig-network-instance:protocols/protocol=openconfig-policy-types:BGP/bgp-example/bgp/neighbors
Method: POST
Content-Type: application/xml
Request Body:
<neighbor xmlns="urn:opendaylight:params:xml:ns:yang:bgp:openconfig-extensions">
<neighbor-address>192.0.2.1</neighbor-address>
<afi-safis>
<afi-safi>
<afi-safi-name>ROUTE-TARGET-CONSTRAIN</afi-safi-name>
</afi-safi>
</afi-safis>
</neighbor>
Content-Type: application/json
Request Body:
{
"neighbor": [
{
"neighbor-address": "192.0.2.1",
"afi-safis": {
"afi-safi": [
{
"afi-safi-name": "ROUTE-TARGET-CONSTRAIN"
}
]
}
}
]
}
ROUTE-TARGET-CONSTRAIN Route API¶
Following tree illustrates the BGP ROUTE-TARGET-CONSTRAIN route structure.
:(route-target-constrain-routes-case)
+--rw route-target-constrain-routes
+--rw route-target-constrain-route* [route-key path-id]
+--rw origin-as inet:as-number
+--rw (route-target-constrain-choice)
+--:(route-target-constrain-default-case)
| +--rw route-target-constrain-default-route!
+--:(route-target-constrain-route-case)
| +--rw route-target-extended-community
| +--rw global-administrator? short-as-number
| +--rw local-administrator? binary
+--:(route-target-constrain-ipv4-route-case)
| +--rw route-target-ipv4
| +--rw global-administrator? inet:ipv4-address
| +--rw local-administrator? uint16
+--:(route-target-constrain-as-4-extended-community-case)
+--rw as-4-route-target-extended-community
+--rw as-4-specific-common
+--rw as-number inet:as-number
+--rw local-administrator uint16
Usage¶
The ROUTE TARGET CONSTRAIN table in an instance of the speaker’s Loc-RIB can be verified via REST:
URL: /rests/data/bgp-rib:bgp-rib/rib/bgp-example/loc-rib/tables=bgp-types:ipv4-address-family,bgp-route-target-constrain:route-target-constrain-subsequent-address-family/bgp-route-target-constrain:route-target-constrain-routes?content=nonconfig
Method: GET
Response Body:
<route-target-constrain-routes xmlns="urn:opendaylight:params:xml:ns:yang:bgp:route:target:constrain">
<route-target-constrain-route>
<route-key>flow1</route-key>
<path-id>0</path-id>
<origin-as>64511</origin-as>
<route-target-extended-community>
<global-administrator>64511</global-administrator>
<local-administrator>AAAAZQ==</local-administrator>
</route-target-extended-community>
<attributes>
<ipv4-next-hop>
<global>199.20.166.41</global>
</ipv4-next-hop>
<as-path/>
<origin>
<value>igp</value>
</origin>
<local-pref>
<pref>100</pref>
</local-pref>
</attributes>
</route-target-constrain-route>
</route-target-constrain-routes>
Response Body:
{
"route-target-constrain-routes": {
"route-target-constrain-route": [
{
"route-key":"flow1",
"path-id": 0,
"origin-as": 64511,
"route-target-extended-community": {
"global-administrator": 64511,
"local-administrator": "AAAAZQ=="
},
"attributes": {
"origin": {
"value": "igp"
},
"local-pref": {
"pref": 100
},
"ipv4-next-hop": {
"global": "199.20.166.41"
}
}
}
]
}
}
Routing Policies¶
<policy-definition>
<name>default-odl-export-policy</name>
<statement>
...
<statement>
<name>from-external-to-external-RTC</name>
<conditions>
<bgp-conditions xmlns="http://openconfig.net/yang/bgp-policy">
<afi-safi-in xmlns:x="urn:opendaylight:params:xml:ns:yang:bgp:openconfig-extensions">x:ROUTE-TARGET-CONSTRAIN</afi-safi-in>
<match-role-set xmlns="urn:opendaylight:params:xml:ns:yang:odl:bgp:default:policy">
<from-role>
<role-set>/rpol:routing-policy/rpol:defined-sets/bgppol:bgp-defined-sets/role-sets/role-set[role-set-name="only-ebgp"]</role-set>
</from-role>
<to-role>
<role-set>/rpol:routing-policy/rpol:defined-sets/bgppol:bgp-defined-sets/role-sets/role-set[role-set-name="only-ebgp"]</role-set>
</to-role>
</match-role-set>
</bgp-conditions>
</conditions>
<actions>
<bgp-actions xmlns="http://openconfig.net/yang/bgp-policy">
<client-attribute-prepend xmlns="urn:opendaylight:params:xml:ns:yang:bgp:route:target:constrain"/>
</bgp-actions>
</actions>
</statement>
...
</statement>
<statement>
<name>from-internal-or-rr-client-to-route-reflector</name>
<conditions>
<bgp-conditions xmlns="http://openconfig.net/yang/bgp-policy">
<afi-safi-not-in xmlns:x="urn:opendaylight:params:xml:ns:yang:bgp:openconfig-extensions"
xmlns="urn:opendaylight:params:xml:ns:yang:odl:bgp:default:policy">x:ROUTE-TARGET-CONSTRAIN
</afi-safi-not-in>
<match-role-set xmlns="urn:opendaylight:params:xml:ns:yang:odl:bgp:default:policy">
<from-role>
<role-set>/rpol:routing-policy/rpol:defined-sets/bgppol:bgp-defined-sets/role-sets/role-set[role-set-name="ibgp-rr-client"]</role-set>
</from-role>
<to-role>
<role-set>/rpol:routing-policy/rpol:defined-sets/bgppol:bgp-defined-sets/role-sets/role-set[role-set-name="only-rr-client"]</role-set>
</to-role>
</match-role-set>
</bgp-conditions>
</conditions>
<actions>
<bgp-actions xmlns="http://openconfig.net/yang/bgp-policy">
<set-cluster-id-prepend xmlns="urn:opendaylight:params:xml:ns:yang:odl:bgp:default:policy"/>
<set-originator-id-prepend xmlns="urn:opendaylight:params:xml:ns:yang:odl:bgp:default:policy"/>
</bgp-actions>
</actions>
</statement>
<statement>
<name>from-internal-or-rr-client-to-route-RTC</name>
<conditions>
<bgp-conditions xmlns="http://openconfig.net/yang/bgp-policy">
<afi-safi-in xmlns:x="urn:opendaylight:params:xml:ns:yang:bgp:openconfig-extensions">x:ROUTE-TARGET-CONSTRAIN</afi-safi-in>
<match-role-set xmlns="urn:opendaylight:params:xml:ns:yang:odl:bgp:default:policy">
<from-role>
<role-set>/rpol:routing-policy/rpol:defined-sets/bgppol:bgp-defined-sets/role-sets/role-set[role-set-name="ibgp-rr-client"]</role-set>
</from-role>
<to-role>
<role-set>/rpol:routing-policy/rpol:defined-sets/bgppol:bgp-defined-sets/role-sets/role-set[role-set-name="only-rr-client"]</role-set>
</to-role>
</match-role-set>
</bgp-conditions>
</conditions>
<actions>
<bgp-actions xmlns="http://openconfig.net/yang/bgp-policy">
<set-originator-id-prepend xmlns="urn:opendaylight:params:xml:ns:yang:odl:bgp:default:policy"/>
<set-next-hop>SELF</set-next-hop>
</bgp-actions>
</actions>
</statement>
<statement>
<name>vpn-membership-RTC</name>
<conditions>
<bgp-conditions xmlns="http://openconfig.net/yang/bgp-policy">
<afi-safi-in xmlns:x="http://openconfig.net/yang/bgp-types">x:L3VPN-IPV4-UNICAST</afi-safi-in>
<afi-safi-in xmlns:x="http://openconfig.net/yang/bgp-types">x:L3VPN-IPV6-UNICAST</afi-safi-in>
<vpn-non-member xmlns="urn:opendaylight:params:xml:ns:yang:odl:bgp:default:policy"/>
</bgp-conditions>
</conditions>
<actions>
<reject-route/>
</actions>
</statement>
...
...
</policy-definition>
{
"policy-definition": [
{
"name": "default-odl-export-policy",
"statement": [
"...",
{
"name": "from-external-to-external-RTC",
"conditions": {
"bgp-conditions": {
"afi-safi-in": "x:ROUTE-TARGET-CONSTRAIN",
"match-role-set": {
"from-role": {
"role-set": "/rpol:routing-policy/rpol:defined-sets/bgppol:bgp-defined-sets/role-sets/role-set[role-set-name=\"only-ebgp\"]"
},
"to-role": {
"role-set": "/rpol:routing-policy/rpol:defined-sets/bgppol:bgp-defined-sets/role-sets/role-set[role-set-name=\"only-ebgp\"]"
}
}
}
},
"actions": {
"bgp-actions": {
"client-attribute-prepend": null
}
}
},
"...",
{
"name": "from-internal-or-rr-client-to-route-reflector",
"conditions": {
"bgp-conditions": {
"afi-safi-not-in": "x:ROUTE-TARGET-CONSTRAIN",
"match-role-set": {
"from-role": {
"role-set": "/rpol:routing-policy/rpol:defined-sets/bgppol:bgp-defined-sets/role-sets/role-set[role-set-name=\"ibgp-rr-client\"]"
},
"to-role": {
"role-set": "/rpol:routing-policy/rpol:defined-sets/bgppol:bgp-defined-sets/role-sets/role-set[role-set-name=\"only-rr-client\"]"
}
}
}
},
"actions": {
"bgp-actions": {
"set-cluster-id-prepend": null,
"set-originator-id-prepend": null
}
}
},
{
"name": "from-internal-or-rr-client-to-route-RTC",
"conditions": {
"bgp-conditions": {
"afi-safi-in": "x:ROUTE-TARGET-CONSTRAIN",
"match-role-set": {
"from-role": {
"role-set": "/rpol:routing-policy/rpol:defined-sets/bgppol:bgp-defined-sets/role-sets/role-set[role-set-name=\"ibgp-rr-client\"]"
},
"to-role": {
"role-set": "/rpol:routing-policy/rpol:defined-sets/bgppol:bgp-defined-sets/role-sets/role-set[role-set-name=\"only-rr-client\"]"
}
}
}
},
"actions": {
"bgp-actions": {
"set-originator-id-prepend": null,
"set-next-hop": "SELF"
}
}
},
{
"name": "vpn-membership-RTC",
"conditions": {
"bgp-conditions": {
"afi-safi-in": [
"x:L3VPN-IPV4-UNICAST",
"x:L3VPN-IPV6-UNICAST"
],
"vpn-non-member": null
}
},
"actions": {
"reject-route": []
}
}
]
},
"...",
"..."
]
}