Guest

Cisco IOS Software Releases 12.2 SB

BGP Support for IP Prefix Import from Global Table into a VRF Table

  • Viewing Options

  • PDF (321.0 KB)
  • Feedback
BGP Support for IP Prefix Import from Global Table into a VRF Table

Table Of Contents

BGP Support for IP Prefix Import from Global Table into a VRF Table

Contents

Prerequisites for BGP Support for IP Prefix Import from Global Table into a VRF Table

Restrictions for BGP Support for IP Prefix Import from Global Table into a VRF Table

Information About BGP Support for IP Prefix Import from Global Table into a VRF Table

Importing IPv4 Prefixes into a VRF

Black Hole Routing

Classifying Global Traffic

How to Import IP Prefixes from Global Table into a VRF Table

Defining IPv4 IP Prefixes to Import

What to Do Next

Creating the VRF and the Import Route Map

MPLS and Route Target Configuration Is Not Required

Import Actions

New Syslog Message

Restrictions

What to Do Next

Filtering on the Ingress Interface

Unicast Reverse Path Forwarding

What to Do Next

Verifying Global IP Prefix Import

Configuration Examples for Importing IP Prefixes from the Global Table into a VRF Table

Configuring Global IP Prefix Import: Example

Verifying Global IP Prefix Import: Example

Additional References

Related Documents

Standards

MIBs

RFCs

Technical Assistance

Command Reference

debug ip bgp import

import ipv4

ip verify unicast vrf


BGP Support for IP Prefix Import from Global Table into a VRF Table


The BGP Support for IP Prefix Import from Global Table into a VRF Table feature introduces the capability to import IPv4 unicast prefixes from the global routing table into a Virtual Private Network (VPN) routing/forwarding instance (VRF) table using an import route map.

Feature History for the BGP Support for IP Prefix Import from Global Table into a VRF Table Feature

Release
Modification

12.0(29)S

This feature was introduced.

12.2(25)S

This feature was integrated into Cisco IOS Release 12.2(25)S.

12.3(14)T

This feature was integrated into Cisco IOS Release 12.3(14)T.

12.2(27)SBC

This feature was integrated into Cisco IOS Release 12.2(27)SBC.


Finding Support Information for Platforms and Cisco IOS Software Images

Use Cisco Feature Navigator to find information about platform support and Cisco IOS software image support. Access Cisco Feature Navigator at http://www.cisco.com/go/fn. You must have an account on Cisco.com. If you do not have an account or have forgotten your username or password, click Cancel at the login dialog box and follow the instructions that appear.

Contents

Prerequisites for BGP Support for IP Prefix Import from Global Table into a VRF Table

Restrictions for BGP Support for IP Prefix Import from Global Table into a VRF Table

Information About BGP Support for IP Prefix Import from Global Table into a VRF Table

How to Import IP Prefixes from Global Table into a VRF Table

Configuration Examples for Importing IP Prefixes from the Global Table into a VRF Table

Additional References

Command Reference

Prerequisites for BGP Support for IP Prefix Import from Global Table into a VRF Table

Border Gateway Protocol peering sessions are established.

CEF or dCEF (for distributed platforms) is enabled on all participating routers.

Restrictions for BGP Support for IP Prefix Import from Global Table into a VRF Table

Only IPv4 unicast and multicast prefixes can be imported to a VRF with this feature.

A maximum of 5 VRF instances per router can be created to import IPv4 prefixes from the global routing table.

IPv4 prefixes imported into a VRF, using this feature, cannot be imported into a VPNv4 VRF.

Information About BGP Support for IP Prefix Import from Global Table into a VRF Table

Importing IPv4 Prefixes into a VRF

Black Hole Routing

Classifying Global Traffic

Importing IPv4 Prefixes into a VRF

The BGP Support for IP Prefix Import from Global Table into a VRF Table feature introduces the capability to import IPv4 unicast prefixes from the global routing table into a Virtual Private Network (VPN) routing/forwarding instance (VRF) table using an import map. This feature extends the functionality of VRF import-map configuration to allow IPv4 prefixes to be imported into a VRF based on a standard community. Both IPv4 unicast and multicast prefixes are supported. No Multiprotocol Label Switching (MPLS) or route target (import/export) configuration is required.

IP prefixes are defined as match criteria for the import map through standard Cisco IOS filtering mechanisms. For example, an IP access-list, an IP prefix-list, or an IP as-path filter is created to define an IP prefix or IP prefix range, and then the prefix or prefixes are processed through a match clause in a route map. Prefixes that pass through the route map are imported into the specified VRF per the import map configuration.

Black Hole Routing

This feature can be configured to support Black Hole Routing (BHR). BHR is method that allows the administrator to block undesirable traffic, such as traffic from illegal sources or traffic generated by a Denial of Service (DoS) attack, by dynamically routing the traffic to a dead interface or to a host designed to collect information for investigation, mitigating the impact of the attack on the network. Prefixes are looked up, and packets that come from unauthorized sources are blackholed by the ASIC at line rate.

Classifying Global Traffic

This feature can be used to classify global IP traffic based on physical location or class of service. Traffic is classified based on administration policy and then imported into different VRFs. On a college campus, for example, network traffic could be divided into an academic network and residence network traffic, a student network and faculty network, or a dedicated network for multicast traffic. After the traffic is divided along administration policy, routing decisions can be configured with the MPLS VPN—VRF Selection using Policy Based Routing or the MPLS VPN—VRF Selection Based on Source IP address features.

How to Import IP Prefixes from Global Table into a VRF Table

This section contains the following tasks:

Defining IPv4 IP Prefixes to Import

Creating the VRF and the Import Route Map

Filtering on the Ingress Interface

Verifying Global IP Prefix Import

Defining IPv4 IP Prefixes to Import

IPv4 unicast or multicast prefixes are defined as match criteria for the import route map using standard Cisco IOS filtering mechanisms. This task uses an IP access-list and an IP prefix-list.

SUMMARY STEPS

1. enable  

2. configure terminal  

3. access-list access-list-number {deny | permit} source [source-wildcard] [log]  

4. ip prefix-list prefix-list-name [seq seq-value] {deny network/length | permit network/length} [ge ge-value] [le le-value]  

DETAILED STEPS

 
Command or Action
Purpose

Step 1 

enable

Example:

Router> enable

Enables privileged EXEC mode.

Enter your password if prompted.

Step 2 

configure terminal

Example:

Router# configure terminal

Enters global configuration mode.

Step 3 

access-list access-list-number {deny | permit} source [source-wildcard] [log]

Example:

Router(config)# access-list 50 permit 10.1.1.0 0.0.0.255 permit

Creates an access list and defines a range of IP prefixes to import into the VRF table.

The example creates a standard access list numbered 50. This filter will permit traffic from any host with an IP address in the 10.1.1.0/24 subnet.

Step 4 

ip prefix-list prefix-list-name [seq seq-value] {deny network/length | permit network/length} [ge ge-value] [le le-value]

Example:

Router(config)# ip prefix-list COLORADO permit 10.24.240.0/22

Creates a prefix-list and defines a range of IP prefixes to import into the VRF table.

The example creates an IP prefix list named COLORADO. This filter will permit traffic from any host with an IP address in the 10.24.240.0/24 subnet.

What to Do Next

Proceed to the next task to create the VRF and configure the import route map.

Creating the VRF and the Import Route Map

The IP prefixes that are defined for import are then processed through a match clause in a route map. IP Prefixes that pass through the route map are imported into the VRF. A maximum of 5 VRFs per router can be configured to import IPv4 prefixes from the global routing table. 1000 prefixes per VRF are imported by default. You can manually configure from 1 to 2147483647 prefixes for each VRF. We recommend that you use caution if you manually configure the prefix import limit. Configuring the router to import too many prefixes can interrupt normal router operation.

MPLS and Route Target Configuration Is Not Required

No MPLS or route target (import/export) configuration is required.

Import Actions

Import actions are triggered when a new routing update is received or when routes are withdrawn. During the initial BGP update period, the import action is postponed to allow BGP to convergence more quickly. Once BGP converges, incremental BGP updates are evaluated immediately and qualified prefixes are imported as they are received.

New Syslog Message

The following syslog message is introduced by this feature. It will be displayed when more prefixes are available for import than the user-defined limit:

00:00:33: %BGP-3-AFIMPORT_EXCEED: IPv4 Multicast prefixes imported to multicast vrf exceed 
the limit 2

You can either increase the prefix limit or fine tune the import route map filter to reduce the number of candidate routes.

Restrictions

Only IPv4 unicast and multicast prefixes can be imported to a VRF with this feature.

A maximum of 5 VRF instances per router can be created to import IPv4 prefixes from the global routing table.

IPv4 prefixes imported into a VRF using this feature cannot be imported into a VPNv4 VRF.

SUMMARY STEPS

1. enable

2. configure terminal

3. ip vrf vrf-name

4. rd route-distinguisher

5. import ipv4 unicast | multicast [prefix-limit] map route-map

6. exit

7. route-map map-tag [permit | deny] [sequence-number]

8. match ip address {acl-number [acl-number ...| acl-name ...]| acl-name [acl-name ...| acl-number ...] | prefix-list prefix-list-name [prefix-list-name ...]}  

9. exit

DETAILED STEPS

 
Command or Action
Purpose

Step 1 

enable

Example:

Router> enable

Enables privileged EXEC mode.

Enter your password if prompted.

Step 2 

configure terminal

Example:

Router# configure terminal

Enters global configuration mode.

Step 3 

ip vrf vrf-name

Example:

Router(config)# ip vrf GREEN

Creates a VRF routing table and specifies the VRF name (or tag).

The ip vrf vrf-name command creates a VRF routing table and a CEF table, and both are named using the vrf-name argument. Associated with these tables is the default route distinguisher value.

Step 4 

rd route-distinguisher

Example:

Router(config-vrf)# rd 100:10

Creates routing and forwarding tables for the VRF instance.

There are two formats for configuring the route distinguisher argument. It can be configured in the as-number:network number (ASN:nn) format, as shown in the example, or it can be configured in the IP address:network number format (IP-address:nn).

Step 5 

import ipv4 unicast | multicast [prefix-limit] map route-map

Example:

Router(config-vrf)# import ipv4 unicast 1000 map UNICAST

Creates an import map to import IPv4 prefixes from the global routing table to a VRF table.

Unicast or multicast prefixes are specified.

Up to a 1000 prefixes will be imported by default. The prefix-limit argument is used to specify a limit from 1 to 2147483647 prefixes.

The route-map that defines the prefixes to import is specified after the map keyword is entered.

The example creates an import map that will import up to 1000 unicast prefixes that pass through the route map named UNICAST.

Step 6 

exit

Example:

Router(config-vrf)# exit

Exits VRF configuration mode and enters global configuration mode.

Step 7 

route-map map-tag [permit | deny] [sequence-number]

Example:

Router(config)# route-map UNICAST permit 10

Defines the conditions for redistributing routes from one routing protocol into another, or enables policy routing.

The route-map name must match the route map specified in Step 5.

The example creates a route-map named UNICAST.

Step 8 

match ip address {acl-number [acl-number ... | acl-name ...] | acl-name [acl-name ... | acl-number ...] | prefix-list prefix-list-name [prefix-list-name ...]}

Example:

Router(config-route-map)# match ip address 50

Distributes any routes that have a destination network number address that is permitted by a standard or extended access list, and performs policy routing on matched packets.

Both IP access lists and IP prefix lists are supported.

The example configures the route map to use standard access list 50 to define match criteria.

Step 9 

exit

Example:

Router(config-route-map)# exit

Exits route-map configuration mode, and enters global configuration mode.

What to Do Next

Proceed to the next section to configure filtering on ingress interface.

Filtering on the Ingress Interface

This feature can be configured globally or on a per interface basis. We recommend that you apply it to ingress interfaces to maximize performance.

Unicast Reverse Path Forwarding

Unicast Reverse Path Forwarding (Unicast RPF) can be optionally configured. Unicast RPF is used to verify that the source address is in the Forwarding Information Base (FIB). The ip verify unicast vrf command is configured in interface configuration mode and is enabled for each VRF. This command has permit and deny keywords that are used to determine if the traffic is forwarded or dropped.

SUMMARY STEPS

1. enable

2. configure terminal

3. interface type number [name-tag]

4. ip policy route-map type number map-tag

5. ip verify unicast vrf vrf-name {deny | permit }

6. end

DETAILED STEPS

 
Command or Action
Purpose

Step 1 

enable

Example:

Router> enable

Enables privileged EXEC mode.

Enter your password if prompted.

Step 2 

configure terminal

Example:

Router# configure terminal

Enters global configuration mode.

Step 3 

interface type number [name-tag]

Example:

Router(config)# interface Ethernet 0

Configures an interface and enters interface configuration mode.

Step 4 

ip policy route-map type number [map-tag]

Example:

Router(config-if)# ip policy route-map UNICAST

Identifies a route map to use for policy routing on an interface.

The configuration example attaches the route map named UNICAST to the interface.

Step 5 

ip verify unicast vrf vrf-name {deny | permit}

Example:

Router(config-if)# ip verify unicast vrf GREEN permit

(Optional) Enables Unicast Reverse Path Forwarding verification for the specified VRF.

The example enables verification for the VRF named GREEN. Traffic that passes verification will be forwarded.

Step 6 

end

Example:

Router(config-if)# end

Exits interface configuration mode and enters privileged EXEC mode.

What to Do Next

Proceed to the next section to see a list of commands that can be used for verification.

Verifying Global IP Prefix Import

The show commands described in this section can be used to display information about the VRFs that are configured with this feature and to verify that global IP prefixes are imported into the specified VRF table.

SUMMARY STEPS

1. enable

2. show ip bgp [network] [network-mask] [longer-prefixes] [prefix-list prefix-list-name | route-map route-map-name] [shorter prefixes mask-length]

3. show ip bgp vpnv4 {all | rd route-distinguisher | vrf vrf-name} [rib-failure] [ip-prefix/length [longer-prefixes] [network-address [mask] [longer-prefixes] [cidr-only] [community] [community-list] [dampened-paths] [filter-list] [flap-statistics] [inconsistent-as] [neighbors] [paths [line]] [peer-group] [quote-regexp] [regexp] [summary] [labels]

4. show ip vrf [brief | detail | interfaces | id] [vrf-name]

DETAILED STEPS

 
Command or Action
Purpose

Step 1 

enable

Example:

Router> enable

Enables privileged EXEC mode.

Enter your password if prompted.

Step 2 

show ip bgp [network] [network-mask] [longer-prefixes] [prefix-list prefix-list-name | route-map route-map-name] [shorter prefixes mask-length]

Example:

Router# show ip bgp

Displays entries in the BGP routing table.

Step 3 

show ip bgp vpnv4 {all | rd route-distinguisher | vrf vrf-name} [rib-failure] [ip-prefix/length [longer-prefixes] [network-address [mask] [longer-prefixes] [cidr-only] [community] [community-list] [dampened-paths] [filter-list] [flap-statistics] [inconsistent-as] [neighbors] [paths [line]] [peer-group] [quote-regexp] [regexp] [summary] [labels]

Example:

Router# show ip bgp vpn vrf

Displays VPN address information from the BGP table.

The output displays the import route map, the traffic type (unicast or multicast), the default or user-defined prefix import limit, the actual number of prefixes that are imported, and individual import prefix entries.

Step 4 

show ip vrf [brief | detail | interfaces | id] [vrf-name]

Example:

Router# show ip vrf detail

Displays defined VRFs and their associated interfaces.

The output displays the import route map, the traffic type (unicast or multicast), and the default or user-defined prefix import limit.

Configuration Examples for Importing IP Prefixes from the Global Table into a VRF Table

The following examples show how to configure this feature:

Configuring Global IP Prefix Import: Example

Verifying Global IP Prefix Import: Example

Configuring Global IP Prefix Import: Example

The following example imports unicast prefixes into the VRF named GREEN using an IP prefix list and a route map:

This sample starts in global configuration mode:

!
ip prefix-list COLORADO seq 5 permit 10.131.64.0/19
ip prefix-list COLORADO seq 10 permit 172.31.2.0/30
ip prefix-list COLORADO seq 15 permit 172.31.1.1/32
!
ip vrf green
 rd 200:1
 import ipv4 unicast map UNICAST
 route-target export 200:10
 route-target import 200:10
!
 exit
!
route-map UNICAST permit 10
 match ip address prefix-list COLORADO
!
 exit

Verifying Global IP Prefix Import: Example

The show ip vrf command or the show ip bgp vpnv4 command can be used to verify that prefixes are imported from the global routing table to the VRF table.

The following example from the show ip vrf command shows the import route map named UNICAST is importing IPv4 unicast prefixes and the prefix import limit is 1000:

Router# show ip vrf detail
VRF green; default RD 200:1; default VPNID <not set>
  Interfaces:
    Se2/0                   
VRF Table ID = 1
  Export VPN route-target communities
    RT:200:10               
  Import VPN route-target communities
    RT:200:10               
  Import route-map for ipv4 unicast: UNICAST (prefix limit: 1000)
  No export route-map
  VRF label distribution protocol: not configured
  VRF label allocation mode: per-prefix

VRF red; default RD 200:2; default VPNID <not set>
  Interfaces:
    Se3/0                   
VRF Table ID = 2
  Export VPN route-target communities
    RT:200:20               
  Import VPN route-target communities
    RT:200:20               
  No import route-map
  No export route-map
  VRF label distribution protocol: not configured
  VRF label allocation mode: per-prefix

The following example from the show ip bgp vpnv4 command shows the import route map names, the prefix import limit and the actual number of imported prefixes, and the individual import entries:

Router# show ip bgp vpnv4 all 
BGP table version is 18, local router ID is 10.131.127.252
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
Route Distinguisher: 200:1 (default for vrf green)
Import Map: UNICAST, Address-Family: IPv4 Unicast, Pfx Count/Limit: 1/1000
*>i10.131.64.0/19   10.131.95.252            0    100      0 i
*> 172.16.1.1/32    172.16.2.1               0         32768 i
*> 172.16.2.0/30    0.0.0.0                  0         32768 i
*>i172.31.1.1/32    10.131.95.252            0    100      0 i
*>i172.31.2.0/30    10.131.95.252            0    100      0 i
Route Distinguisher: 200:2 (default for vrf red)
*> 172.16.1.1/32    172.16.2.1               0         32768 i
*> 172.16.2.0/30    0.0.0.0                  0         32768 i
*>i172.31.1.1/32    10.131.95.252            0    100      0 i
*>i172.31.2.0/30    10.131.95.252            0    100      0 i

Additional References

The following sections provide references related to the BGP Support for IP Prefix Import from Global Table into a VRF Table feature.

Related Documents

Related Topic
Document Title

BGP commands

Cisco IOS IP Command Reference, Volume 2 of 4: Routing Protocols, Release 12.3T

BGP configuration tasks

Cisco IOS IP Configuration Guide, Release 12.3

BGP commands

Cisco IOS IP Command Reference, Volume 2 of 4: Routing Protocols, Release 12.3T

MPLS VPN configuration tasks

MPLS Virtual Private Networks, Cisco IOS Release 12.0(5)T

VRF Selection using Policy Based Routing

MPLS VPN—VRF Selection Using Policy Based Routing

VRF Selection Based on Source IP Address

MPLS VPN— VRF Selection Based on Source IP Address


Standards

Standards
Title

No new or modified standards are supported by this feature, and support for existing standards has not been modified by this feature.


MIBs

MIBs
MIBs Link

No new or modified MIBs are supported by this feature, and support for existing MIBs has not been modified by this feature.

To locate and download MIBs for selected platforms, Cisco IOS releases, and feature sets, use Cisco MIB Locator found at the following URL:

http://www.cisco.com/go/mibs


RFCs

RFCs
Title

No new or modified RFCs are supported by this feature, and support for existing standards has not been modified by this feature.


Technical Assistance

Description
Link

Technical Assistance Center (TAC) home page, containing 30,000 pages of searchable technical content, including links to products, technologies, solutions, technical tips, tools, and lots more. Registered Cisco.com users can log in from this page to access even more content.

TAC Home Page:

http://www.cisco.com/public/support/tac/home.shtml

BGP Support Page:

http://www.cisco.com/cgi-bin/Support/browse/psp_view.pl?p=Internetworking:BGP


Command Reference

This section documents new and modified commands only.

debug ip bgp import

import ipv4

ip verify unicast vrf

debug ip bgp import

To display debugging information related to importing IPv4 prefixes from the global routing table into a VRF table, use the debug ip bgp import command in privileged EXEC mode. To disable the display of IPv4 prefix import debugging information, use the no form of this command.

debug ip bgp import {events | updates [access-list | expanded-access-list]}

no debug ip bgp import {events | updates [access-list | expanded-access-list]}

Syntax Description

events

Displays messages related to IPv4 prefix import events.

updates

Displays messages related to IPv4 prefix import updates.

access-list

(Optional) Number of access list used to filter debugging messages. The range that can be specified is from 1 to 199.

expanded-access-list

(Optional) Number of expanded access list used to filter debugging messages. The range that can be specified is from 1300 to 2699.


Command Modes

Privileged EXEC

Command History

Release
Modification

12.0(29)S

This command was introduced.

12.2(25)S

This command was integrated into Cisco IOS Release 12.2(25)S.

12.3(14)T

This command was integrated into Cisco IOS Release 12.3(14)T.

12.2(27)SBC

This command was integrated into Cisco IOS Release 12.2(27)SBC.


Usage Guidelines

Use this command to display debugging information related to the BGP Support for IP Prefix Import from Global Table into a VRF Table feature. This feature provides the capability to import IPv4 unicast prefixes from the global routing table into a Virtual Private Network (VPN) routing/forwarding (VRF) instance table using an import route map.

Examples

The following example configures IPv4 prefix import debugging messages for both import events and import updates to be displayed on the console of the router:

Router# debug ip bgp import events 

BGP import events debugging is on

Router# debug ip bgp import updates

BGP import updates debugging is on for access list 3

00:00:50: %BGP-5-ADJCHANGE: neighbor 10.2.2.2 Up 
00:01:06: BGP: reevaluate IPv4 Unicast routes in VRF academic
00:01:06: BGP: 0 routes available (limit: 1000)
00:01:06: BGP: import IPv4 Unicast routes to VRF academic
00:01:06: BGP(2)-VRF(academic): import pfx 100:1:10.30.1.0/24 via 10.2.2.2
00:01:06: BGP: accepted 8 routes (limit: 1000)
00:01:06: BGP: reevaluate IPv4 Multicast routes in VRF multicast
00:01:06: BGP: 0 routes available (limit: 2)
00:01:06: BGP: import IPv4 Multicast routes to VRF multicast
00:01:06: %BGP-4-AFIMPORT: IPv4 Multicast prefixes imported to multicast vrf reached the 
limit 2
00:01:06: BGP: accepted 2 routes (limit: 2)
00:01:06: BGP: reevaluate IPv4 Unicast routes in VRF BLUE 
00:01:06: BGP: 0 routes available (limit: 1000)
00:01:06: BGP: import IPv4 Unicast routes to VRF BLUE 
00:01:06: BGP: accepted 3 routes (limit: 1000)

Table 1 describes the significant fields shown in the display.

Table 1 debug ip bgp import Field Descriptions 

Field
Description

BGP: accepted 2 routes (limit: 2)

Number of routes imported into the VRF, and the default or user-defined prefix import limit.

BGP: reevaluate IPv4 Unicast routes in VRF BLUE

Prefix was imported during BGP convergence and is being reevaluated for the next scan cycle.

BGP: 0 routes available (limit: 1000)

Number of routes available from import source, and the default or user-defined prefix import limit.

BGP: import IPv4 Unicast routes to VRF BLUE

Import map and prefix type (unicast or multicast) that is being imported into the specified VRF.


Related Commands

Command
Description

clear ip bgp

Resets a BGP connection.


import ipv4

To configure an import map to import IPv4 prefixes from the global routing table to a VRF table, use the import ipv4 command in VRF configuration submode. To remove the import map, use the no form of this command.

import ipv4 unicast | multicast [prefix-limit] route-map

no import ipv4 unicast | multicast [prefix-limit] route-map

Syntax Description

unicast

Specifies IPv4 unicast prefixes to import.

multicast

Specifies IPv4 multicast prefixes to import.

prefix-limit

(Optional) Specifies the number of prefixes to import. The range for this argument is a number from 1 to 2147483647.

route-map

Specifies the route map to be used as an import route map for the VRF.


Defaults

No default behavior or values

Command Modes

VRF configuration submode

Command History

Release
Modification

12.0(29)S

This command was introduced.

12.2(25)S

This command was integrated into Cisco IOS Release 12.2(25)S.

12.3(14)T

This command was integrated into Cisco IOS Release 12.3(14)T.

12.2(27)SBC

This command was integrated into Cisco IOS Release 12.2(27)SBC.


Usage Guidelines

IP prefixes that are defined for import are processed through a match clause in a route map. The prefixes that pass through the route map are imported into the VRF. A maximum of 5 VRFs per router can be configured to import IPv4 prefixes from the global routing table. 1000 prefixes per VRF are imported by default. You can manually configure from 1 to 2147483647 prefixes for each VRF. We recommend that you use caution if you manually configure the prefix import limit. Configuring the router to import too many prefixes can interrupt normal router operation. Only IPv4 unicast and multicast prefixes can be imported to a VRF with this feature. IPv4 prefixes imported into a VRF using this feature cannot be imported into a VPNv4 VRF.

No MPLS or Route Target Configuration Is Required

No MPLS or route target (import/export) configuration is required.

Import Behavior

Import actions are triggered when a new routing update is received or when routes are withdrawn. During the initial BGP update period, the import action is postponed to allow BGP to convergence more quickly. Once BGP converges, incremental BGP updates are evaluated immediately and qualified prefixes are imported as they are received.

Examples

The following example, beginning in global configuration mode, imports all unicast prefixes from the 10.24.240.0/22 subnet into the VRF named GREEN. An IP prefix list is used to define the imported IPv4 prefixes. The route map is attached to the Ethernet 0 interface. Unicast RPF verification for VRF GREEN is enabled.

ip prefix-list COLORADO permit 10.24.240.0/22 
!
ip vrf GREEN
 rd 100:10
 import ipv4 unicast 1000 map UNICAST
 exit
route-map UNICAST permit 10
 match ip address prefix-list ACCOUNTING
 exit
interface Ethernet 0
 ip policy route-map UNICAST 
 ip verify unicast vrf GREEN permit 
end

Related Commands

Command
Description

ip verify unicast vrf

Enables Unicast Reverse Path Forwarding verification for the specified VRF.

ip vrf

Configures a VRF routing table.

rd

Creates routing and forwarding tables for a VRF.

show ip bgp

Displays entries in the BGP routing table.

show ip bgp vpnv4

Displays VPN address information from the BGP table.

show ip vrf

Displays the set of defined VRFs and associated interfaces.


ip verify unicast vrf

To enable Unicast Reverse Path Forwarding (Unicast RPF) verification for the specified VRF, use the ip verify unicast vrf command in Interface configuration mode. To disable the Unicast RPF check for a VRF, use the no form of this command.

ip verify unicast vrf vrf-name deny | permit

no ip verify unicast vrf vrf-name deny | permit

Syntax Description

vrf-name

Specifies the VRF name.

deny

Specifies IPv4 multicast prefixes to import.

permit

(Optional) Specifies the number of prefixes to import. The range for this argument is a number from 1 to 2147483647.


Defaults

No default behavior or values

Command Modes

Interface configuration mode

Command History

Release
Modification

12.0(29)S

This command was introduced.

12.2(25)S

This command was integrated into Cisco IOS Release 12.2(25)S.

12.3(14)T

This command was integrated into Cisco IOS Release 12.3(14)T.

12.2(27)SBC

This command was integrated into Cisco IOS Release 12.2(27)SBC.


Usage Guidelines

Unicast Reverse Path Forwarding (Unicast RPF) is configured to verify that the source address is in the Forwarding Information Base (FIB). The ip verify unicast vrf command is configured in interface configuration mode and is enabled for each VRF. This command has permit and deny keywords that are used to determine if traffic is forward or dropped.

Examples

The following example configures Unicast RPF verification for VRF GREEN and RED. VRF GREEN TRAFFIC is forwarded. VRF RED traffic is dropped.

Router(config)# interface Ethernet 0
Router(config-if)# ip verify unicast vrf GREEN permit
Router(config-if)# ip verify unicast vrf RED deny 
Router(config-if)# end 

Related Commands

Command
Description

import ipv4

Configures an import map to import IPv4 prefixes from the global routing table to a VRF table.

ip vrf

Configures a VRF routing table.

rd

Creates routing and forwarding tables for a VRF.

show ip bgp

Displays entries in the BGP routing table.

show ip bgp vpnv4

Displays VPN address information from the BGP table.

show ip vrf

Displays the set of defined VRFs and associated interfaces.