.. _bgp-user-guide-route-target-family:
Route Target Constrain Family
=============================
The BGP Multicast Route Target (RT) Constrain Multiprotocol extension can be used to restrict advertisement of VPN NLRI to peers that have advertised
their respective Route Targets, effectively building a route distribution graph.
.. contents:: Contents
:depth: 2
:local:
Configuration
^^^^^^^^^^^^^
This section shows a way to enable ROUTE-TARGET-CONSTRAIN family in BGP speaker and peer configuration.
BGP Speaker
'''''''''''
To enable ROUTE-TARGET-CONSTRAIN support in BGP plugin, first configure BGP speaker instance:
**URL:** ``/rests/data/openconfig-network-instance:network-instances/network-instance=global-bgp/openconfig-network-instance:protocols``
**Method:** ``POST``
.. tabs::
.. tab:: XML
**Content-Type:** ``application/xml``
**Request Body:**
.. code-block:: xml
bgp-example
x:BGP
192.0.2.2
65000
ROUTE-TARGET-CONSTRAIN
.. tab:: JSON
**Content-Type:** ``application/json``
**Request Body:**
.. code-block:: json
{
"protocol": [
{
"identifier": "openconfig-policy-types:BGP",
"name": "bgp-example",
"bgp-openconfig-extensions:bgp": {
"global": {
"config": {
"router-id": "192.0.2.2",
"as": 65000
},
"afi-safis": {
"afi-safi": [
{
"afi-safi-name": "ROUTE-TARGET-CONSTRAIN"
}
]
}
}
}
}
]
}
BGP Peer
''''''''
Here is an example for BGP peer configuration with enabled ROUTE-TARGET-CONSTRAIN family.
**URL:** ``/rests/data/openconfig-network-instance:network-instances/network-instance=global-bgp/openconfig-network-instance:protocols/protocol=openconfig-policy-types:BGP/bgp-example/bgp/neighbors``
**Method:** ``POST``
.. tabs::
.. tab:: XML
**Content-Type:** ``application/xml``
**Request Body:**
.. code-block:: xml
192.0.2.1
ROUTE-TARGET-CONSTRAIN
.. tab:: JSON
**Content-Type:** ``application/json``
**Request Body:**
.. code-block:: json
{
"neighbor": [
{
"neighbor-address": "192.0.2.1",
"afi-safis": {
"afi-safi": [
{
"afi-safi-name": "ROUTE-TARGET-CONSTRAIN"
}
]
}
}
]
}
ROUTE-TARGET-CONSTRAIN Route API
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Following tree illustrates the BGP ROUTE-TARGET-CONSTRAIN route structure.
.. code-block:: console
:(route-target-constrain-routes-case)
+--rw route-target-constrain-routes
+--rw route-target-constrain-route* [route-key path-id]
+--rw origin-as inet:as-number
+--rw (route-target-constrain-choice)
+--:(route-target-constrain-default-case)
| +--rw route-target-constrain-default-route!
+--:(route-target-constrain-route-case)
| +--rw route-target-extended-community
| +--rw global-administrator? short-as-number
| +--rw local-administrator? binary
+--:(route-target-constrain-ipv4-route-case)
| +--rw route-target-ipv4
| +--rw global-administrator? inet:ipv4-address
| +--rw local-administrator? uint16
+--:(route-target-constrain-as-4-extended-community-case)
+--rw as-4-route-target-extended-community
+--rw as-4-specific-common
+--rw as-number inet:as-number
+--rw local-administrator uint16
Usage
^^^^^
The ROUTE TARGET CONSTRAIN table in an instance of the speaker's Loc-RIB can be verified via REST:
**URL:** ``/rests/data/bgp-rib:bgp-rib/rib/bgp-example/loc-rib/tables=bgp-types:ipv4-address-family,bgp-route-target-constrain:route-target-constrain-subsequent-address-family/bgp-route-target-constrain:route-target-constrain-routes?content=nonconfig``
**Method:** ``GET``
.. tabs::
.. tab:: XML
**Response Body:**
.. code-block:: xml
flow1
0
64511
64511
AAAAZQ==
199.20.166.41
igp
100
.. tab:: JSON
**Response Body:**
.. code-block:: json
{
"route-target-constrain-routes": {
"route-target-constrain-route": [
{
"route-key":"flow1",
"path-id": 0,
"origin-as": 64511,
"route-target-extended-community": {
"global-administrator": 64511,
"local-administrator": "AAAAZQ=="
},
"attributes": {
"origin": {
"value": "igp"
},
"local-pref": {
"pref": 100
},
"ipv4-next-hop": {
"global": "199.20.166.41"
}
}
}
]
}
}
Routing Policies
^^^^^^^^^^^^^^^^
.. tabs::
.. tab:: XML
.. code-block:: xml
default-odl-export-policy
...
from-external-to-external-RTC
x:ROUTE-TARGET-CONSTRAIN
/rpol:routing-policy/rpol:defined-sets/bgppol:bgp-defined-sets/role-sets/role-set[role-set-name="only-ebgp"]
/rpol:routing-policy/rpol:defined-sets/bgppol:bgp-defined-sets/role-sets/role-set[role-set-name="only-ebgp"]
...
from-internal-or-rr-client-to-route-reflector
x:ROUTE-TARGET-CONSTRAIN
/rpol:routing-policy/rpol:defined-sets/bgppol:bgp-defined-sets/role-sets/role-set[role-set-name="ibgp-rr-client"]
/rpol:routing-policy/rpol:defined-sets/bgppol:bgp-defined-sets/role-sets/role-set[role-set-name="only-rr-client"]
from-internal-or-rr-client-to-route-RTC
x:ROUTE-TARGET-CONSTRAIN
/rpol:routing-policy/rpol:defined-sets/bgppol:bgp-defined-sets/role-sets/role-set[role-set-name="ibgp-rr-client"]
/rpol:routing-policy/rpol:defined-sets/bgppol:bgp-defined-sets/role-sets/role-set[role-set-name="only-rr-client"]
SELF
vpn-membership-RTC
x:L3VPN-IPV4-UNICAST
x:L3VPN-IPV6-UNICAST
...
...
.. tab:: JSON
.. code-block:: json
{
"policy-definition": [
{
"name": "default-odl-export-policy",
"statement": [
"...",
{
"name": "from-external-to-external-RTC",
"conditions": {
"bgp-conditions": {
"afi-safi-in": "x:ROUTE-TARGET-CONSTRAIN",
"match-role-set": {
"from-role": {
"role-set": "/rpol:routing-policy/rpol:defined-sets/bgppol:bgp-defined-sets/role-sets/role-set[role-set-name=\"only-ebgp\"]"
},
"to-role": {
"role-set": "/rpol:routing-policy/rpol:defined-sets/bgppol:bgp-defined-sets/role-sets/role-set[role-set-name=\"only-ebgp\"]"
}
}
}
},
"actions": {
"bgp-actions": {
"client-attribute-prepend": null
}
}
},
"...",
{
"name": "from-internal-or-rr-client-to-route-reflector",
"conditions": {
"bgp-conditions": {
"afi-safi-not-in": "x:ROUTE-TARGET-CONSTRAIN",
"match-role-set": {
"from-role": {
"role-set": "/rpol:routing-policy/rpol:defined-sets/bgppol:bgp-defined-sets/role-sets/role-set[role-set-name=\"ibgp-rr-client\"]"
},
"to-role": {
"role-set": "/rpol:routing-policy/rpol:defined-sets/bgppol:bgp-defined-sets/role-sets/role-set[role-set-name=\"only-rr-client\"]"
}
}
}
},
"actions": {
"bgp-actions": {
"set-cluster-id-prepend": null,
"set-originator-id-prepend": null
}
}
},
{
"name": "from-internal-or-rr-client-to-route-RTC",
"conditions": {
"bgp-conditions": {
"afi-safi-in": "x:ROUTE-TARGET-CONSTRAIN",
"match-role-set": {
"from-role": {
"role-set": "/rpol:routing-policy/rpol:defined-sets/bgppol:bgp-defined-sets/role-sets/role-set[role-set-name=\"ibgp-rr-client\"]"
},
"to-role": {
"role-set": "/rpol:routing-policy/rpol:defined-sets/bgppol:bgp-defined-sets/role-sets/role-set[role-set-name=\"only-rr-client\"]"
}
}
}
},
"actions": {
"bgp-actions": {
"set-originator-id-prepend": null,
"set-next-hop": "SELF"
}
}
},
{
"name": "vpn-membership-RTC",
"conditions": {
"bgp-conditions": {
"afi-safi-in": [
"x:L3VPN-IPV4-UNICAST",
"x:L3VPN-IPV6-UNICAST"
],
"vpn-non-member": null
}
},
"actions": {
"reject-route": []
}
}
]
},
"...",
"..."
]
}
References
^^^^^^^^^^
* `Constrained Route Distribution for Border Gateway Protocol/MultiProtocol Label Switching (BGP/MPLS) Internet Protocol (IP) Virtual Private Networks (VPNs) `_