Home | Skip to Content | Skip to Search | Skip to Navigation | Skip to Footer |
Worldwide [change] |Register |About Cisco
Guest

Hierarchical Navigation

Cisco IOS Software Releases 12.3 T

BGP Support for IP Prefix Import from Global Table into a VRF Table

Downloads

Table Of Contents

BGP Support for IP Prefix Import from Global Table into a VRF Table

Contents

Prerequisites for BGP Support for IP Prefix Import from Global Table into a VRF Table

Restrictions for BGP Support for IP Prefix Import from Global Table into a VRF Table

Information About BGP Support for IP Prefix Import from Global Table into a VRF Table

Importing IPv4 Prefixes into a VRF

Black Hole Routing

Classifying Global Traffic

How to Import IP Prefixes from Global Table into a VRF Table

Defining IPv4 IP Prefixes to Import

Creating the VRF and the Import Route Map

Import Actions

New Syslog Message

Restrictions

Filtering on the Ingress Interface

Unicast Reverse Path Forwarding

Verifying Global IP Prefix Import

Configuration Examples for BGP Support for IP Prefix Import from Global Table into a VRF Table

Configuring Global IP Prefix Import: Example

Additional References

Related Documents

Standards

MIBs

RFCs

Technical Assistance

Command Reference

debug ip bgp import

import ipv4

ip verify unicast vrf

Feature Information for BGP Support for IP Prefix Import from Global Table into a VRF Table


BGP Support for IP Prefix Import from Global Table into a VRF Table

First Published: August 9, 2004
Last Updated: August 21, 2007

The BGP Support for IP Prefix Import from Global Table into a VRF Table feature introduces the capability to import IPv4 unicast prefixes from the global routing table into a Virtual Private Network (VPN) routing/forwarding (VRF) instance table using an import route map.

Finding Feature Information in This Module

Your Cisco IOS software release may not support all of the features documented in this module. To reach links to specific feature documentation in this module and to see a list of the releases in which each feature is supported, use the "Feature Information for BGP Support for IP Prefix Import from Global Table into a VRF Table" section.

Finding Support Information for Platforms and Cisco IOS and Catalyst OS Software Images

Use Cisco Feature Navigator to find information about platform support and Cisco IOS and Catalyst OS software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not required.

Contents

Prerequisites for BGP Support for IP Prefix Import from Global Table into a VRF Table

Restrictions for BGP Support for IP Prefix Import from Global Table into a VRF Table

Information About BGP Support for IP Prefix Import from Global Table into a VRF Table

How to Import IP Prefixes from Global Table into a VRF Table

Configuration Examples for BGP Support for IP Prefix Import from Global Table into a VRF Table

Additional References

Command Reference

Feature Information for BGP Support for IP Prefix Import from Global Table into a VRF Table

Prerequisites for BGP Support for IP Prefix Import from Global Table into a VRF Table

Border Gateway Protocol (BGP) peering sessions are established.

CEF or dCEF (for distributed platforms) is enabled on all participating routers.

Restrictions for BGP Support for IP Prefix Import from Global Table into a VRF Table

Only IPv4 unicast and multicast prefixes can be imported into a VRF with this feature.

A maximum of five VRF instances per router can be created to import IPv4 prefixes from the global routing table.

IPv4 prefixes imported into a VRF using this feature cannot be imported into a VPNv4 VRF.

Information About BGP Support for IP Prefix Import from Global Table into a VRF Table

Importing IPv4 Prefixes into a VRF

Black Hole Routing

Classifying Global Traffic

Importing IPv4 Prefixes into a VRF

The BGP Support for IP Prefix Import from Global Table into a VRF Table feature introduces the capability to import IPv4 unicast prefixes from the global routing table into a Virtual Private Network (VPN) routing/forwarding instance (VRF) table using an import route map. This feature extends the functionality of VRF import-map configuration to allow IPv4 prefixes to be imported into a VRF based on a standard community. Both IPv4 unicast and multicast prefixes are supported. No Multiprotocol Label Switching (MPLS) or route target (import/export) configuration is required.

IP prefixes are defined as match criteria for the import map through standard Cisco IOS filtering mechanisms. For example, an IP access-list, an IP prefix-list, or an IP as-path filter is created to define an IP prefix or IP prefix range, and then the prefix or prefixes are processed through a match clause in a route map. Prefixes that pass through the route map are imported into the specified VRF per the import map configuration.

Black Hole Routing

This feature can be configured to support Black Hole Routing (BHR). BHR is method that allows the administrator to block undesirable traffic, such as traffic from illegal sources or traffic generated by a Denial of Service (DoS) attack, by dynamically routing the traffic to a dead interface or to a host designed to collect information for investigation, mitigating the impact of the attack on the network. Prefixes are looked up, and packets that come from unauthorized sources are blackholed by the ASIC at line rate.

Classifying Global Traffic

This feature can be used to classify global IP traffic based on physical location or class of service. Traffic is classified based on administration policy and then imported into different VRFs. On a college campus, for example, network traffic could be divided into an academic network and residence network traffic, a student network and faculty network, or a dedicated network for multicast traffic. After the traffic is divided along administration policy, routing decisions can be configured with the MPLS VPN—VRF Selection Using Policy Based Routing or the MPLS VPN—VRF Selection Based on Source IP Address features.

How to Import IP Prefixes from Global Table into a VRF Table

This section contains the following tasks:

Defining IPv4 IP Prefixes to Import

Creating the VRF and the Import Route Map

Filtering on the Ingress Interface

Verifying Global IP Prefix Import

Defining IPv4 IP Prefixes to Import

IPv4 unicast or multicast prefixes are defined as match criteria for the import route map using standard Cisco IOS filtering mechanisms. This task uses an IP access-list and an IP prefix-list.

SUMMARY STEPS

1. enable

2. configure terminal

3. access-list access-list-number {deny | permit} source [source-wildcard] [log]

4. ip prefix-list prefix-list-name [seq seq-value] {deny network/length | permit network/length} [ge ge-value] [le le-value]

DETAILED STEPS

 
Command or Action
Purpose

Step 1 

enable

Example:

Router> enable

Enables privileged EXEC mode.

Enter your password if prompted.

Step 2 

configure terminal

Example:

Router# configure terminal

Enters global configuration mode.

Step 3 

access-list access-list-number {deny | permit} source [source-wildcard] [log]

Example:

Router(config)# access-list 50 permit 10.1.1.0 0.0.0.255

Creates an access list and defines a range of IP prefixes to import into the VRF table.

The example creates a standard access list numbered 50. This filter will permit traffic from any host with an IP address in the 10.1.1.0/24 subnet.

Step 4 

ip prefix-list prefix-list-name [seq seq-value] {deny network/length | permit network/length} [ge ge-value] [le le-value]

Example:

Router(config)# ip prefix-list COLORADO permit 10.24.240.0/22

Creates a prefix list and defines a range of IP prefixes to import into the VRF table.

The example creates an IP prefix list named COLORADO. This filter will permit traffic from any host with an IP address in the 10.24.240.0/22 subnet.

Creating the VRF and the Import Route Map

The IP prefixes that are defined for import are then processed through a match clause in a route map. IP prefixes that pass through the route map are imported into the VRF. A maximum of 5 VRFs per router can be configured to import IPv4 prefixes from the global routing table. 1000 prefixes per VRF are imported by default. You can manually configure from 1 to 2,147,483,647 prefixes for each VRF. We recommend that you use caution if you manually configure the prefix import limit. Configuring the router to import too many prefixes can interrupt normal router operation.

No MPLS or route target (import/export) configuration is required.

Import Actions

Import actions are triggered when a new routing update is received or when routes are withdrawn. During the initial BGP update period, the import action is postponed to allow BGP to convergence more quickly. Once BGP converges, incremental BGP updates are evaluated immediately and qualified prefixes are imported as they are received.

New Syslog Message

The following syslog message is introduced by this feature. It will be displayed when more prefixes are available for import than the user-defined limit: 

00:00:33: %BGP-3-AFIMPORT_EXCEED: IPv4 Multicast prefixes imported to multicast vrf exceed 
the limit 2

You can either increase the prefix limit or fine-tune the import route map filter to reduce the number of candidate routes.

Restrictions

Only IPv4 unicast and multicast prefixes can be imported into a VRF with this feature.

A maximum of five VRF instances per router can be created to import IPv4 prefixes from the global routing table.

IPv4 prefixes imported into a VRF using this feature cannot be imported into a VPNv4 VRF.

SUMMARY STEPS

1. enable

2. configure terminal

3. ip vrf vrf-name

4. rd route-distinguisher

5. import ipv4 {unicast | multicast} [prefix-limit] map route-map

6. exit

7. route-map map-tag [permit | deny] [sequence-number]

8. match ip address {acl-number [acl-number | acl-name] | acl-name [acl-name | acl-number] | prefix-list prefix-list-name [prefix-list-name]}

9. end

DETAILED STEPS

 
Command or Action
Purpose

Step 1 

enable

Example:

Router> enable

Enables privileged EXEC mode.

Enter your password if prompted.

Step 2 

configure terminal

Example:

Router# configure terminal

Enters global configuration mode.

Step 3 

ip vrf vrf-name

Example:

Router(config)# ip vrf GREEN

Creates a VRF routing table and specifies the VRF name (or tag).

The ip vrf vrf-name command creates a VRF routing table and a CEF table, and both are named using the vrf-name argument. Associated with these tables is the default route distinguisher value.

Step 4 

rd route-distinguisher

Example:

Router(config-vrf)# rd 100:10

Creates routing and forwarding tables for the VRF instance.

There are two formats for configuring the route distinguisher argument. It can be configured in the as-number:network number (ASN:nn) format, as shown in the example, or it can be configured in the IP address:network number format (IP-address:nn).

Step 5 

import ipv4 {unicast | multicast} [prefix-limit] map route-map

Example:

Router(config-vrf)# import ipv4 unicast 1000 map UNICAST

Creates an import map to import IPv4 prefixes from the global routing table to a VRF table.

Unicast or multicast prefixes are specified.

Up to a 1000 prefixes will be imported by default. The prefix-limit argument is used to specify a limit from 1 to 2,147,483,647 prefixes.

The route-map that defines the prefixes to import is specified after the map keyword is entered.

The example creates an import map that will import up to 1000 unicast prefixes that pass through the route map named UNICAST.

Step 6 

exit

Example:

Router(config-vrf)# exit

Exits VRF configuration mode and enters global configuration mode.

Step 7 

route-map map-tag [permit | deny] [sequence-number]

Example:

Router(config)# route-map UNICAST permit 10

Defines the conditions for redistributing routes from one routing protocol into another, or enables policy routing.

The route map name must match the route map specified in Step 5.

The example creates a route map named UNICAST.

Step 8 

match ip address {acl-number [acl-number | acl-name] | acl-name [acl-name | acl-number] | prefix-list prefix-list-name [prefix-list-name]}

Example:

Router(config-route-map)# match ip address 50

Distributes any routes that have a destination network number address that is permitted by a standard or extended access list, and performs policy routing on matched packets.

Both IP access lists and IP prefix lists are supported.

The example configures the route map to use standard access list 50 to define match criteria.

Step 9 

end

Example:

Router(config-route-map)# end

Exits route-map configuration mode and returns to privileged EXEC mode.

Filtering on the Ingress Interface

This feature can be configured globally or on a per-interface basis. We recommend that you apply it to ingress interfaces to maximize performance.

Unicast Reverse Path Forwarding

Unicast Reverse Path Forwarding (Unicast RPF) can be optionally configured. Unicast RPF is used to verify that the source address is in the Forwarding Information Base (FIB). The ip verify unicast vrf command is configured in interface configuration mode and is enabled for each VRF. This command has permit and deny keywords that are used to determine if the traffic is forwarded or dropped after Unicast RPF verification.

SUMMARY STEPS

1. enable

2. configure terminal

3. interface type number [name-tag]

4. ip policy route-map map-tag

5. ip verify unicast vrf vrf-name {deny | permit}

6. end

DETAILED STEPS

 
Command or Action
Purpose

Step 1 

enable

Example:

Router> enable

Enables privileged EXEC mode.

Enter your password if prompted.

Step 2 

configure terminal

Example:

Router# configure terminal

Enters global configuration mode.

Step 3 

interface type number [name-tag]

Example:

Router(config)# interface Ethernet0/0

Configures an interface and enters interface configuration mode.

Step 4 

ip policy route-map map-tag

Example:

Router(config-if)# ip policy route-map UNICAST

Identifies a route map to use for policy routing on an interface.

The configuration example attaches the route map named UNICAST to the interface.

Step 5 

ip verify unicast vrf vrf-name {deny | permit}

Example:

Router(config-if)# ip verify unicast vrf GREEN permit

(Optional) Enables Unicast Reverse Path Forwarding verification for the specified VRF.

The example enables verification for the VRF named GREEN. Traffic that passes verification will be forwarded.

Step 6 

end

Example:

Router(config-if)# end

Exits interface configuration mode and returns to privileged EXEC mode.

Verifying Global IP Prefix Import

Perform the steps in this task to display information about the VRFs that are configured with this feature and to verify that global IP prefixes are imported into the specified VRF table.

SUMMARY STEPS

1. enable

2. show ip bgp vpnv4 {all | rd route-distinguisher | vrf vrf-name} [rib-failure] [ip-prefix/length [longer-prefixes] [output-modifiers]] [network-address [mask] [longer-prefixes] [output-modifiers]] [cidr-only] [community] [community-list] [dampened-paths] [filter-list] [flap-statistics] [inconsistent-as] [neighbors] [paths [line]] [peer-group] [quote-regexp] [regexp] [summary] [labels]

3. show ip vrf [brief | detail | interfaces | id] [vrf-name]

DETAILED STEPS

Step 1 enable

Enables privileged EXEC mode. Enter your password if prompted. 

Router# enable

Step 2 show ip bgp vpnv4 {all | rd route-distinguisher | vrf vrf-name} [rib-failure] [ip-prefix/length [longer-prefixes] [output-modifiers]] [network-address [mask] [longer-prefixes] [output-modifiers]] [cidr-only] [community] [community-list] [dampened-paths] [filter-list] [flap-statistics] [inconsistent-as] [neighbors] [paths [line]] [peer-group] [quote-regexp] [regexp] [summary] [labels]

Displays VPN address information from the BGP table. The output displays the import route map, the traffic type (unicast or multicast), the default or user-defined prefix import limit, the actual number of prefixes that are imported, and individual import prefix entries. 

Router# show ip bgp vpnv4 all


BGP table version is 15, local router ID is 10.1.1.1

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

              S Stale

Origin codes: i - IGP, e - EGP, ? - incomplete


   Network          Next Hop            Metric LocPrf Weight Path

Route Distinguisher: 100:1 (default for vrf academic)

Import Map: ACADEMIC, Address-Family: IPv4 Unicast, Pfx Count/Limit: 6/1000

*> 10.50.1.0/24     172.17.2.2                             0 2 3 ?

*> 10.50.2.0/24     172.17.2.2                             0 2 3 ?

*> 10.50.3.0/24     172.17.2.2                             0 2 3 ?

*> 10.60.1.0/24     172.17.2.2                             0 2 3 ?

*> 10.60.2.0/24     172.17.2.2                             0 2 3 ?

*> 10.60.3.0/24     172.17.2.2                             0 2 3 ?

Route Distinguisher: 200:1 (default for vrf residence)

Import Map: RESIDENCE, Address-Family: IPv4 Unicast, Pfx Count/Limit: 3/1000

*> 10.30.1.0/24     172.17.2.2                  0          0 2 i

*> 10.30.2.0/24     172.17.2.2                  0          0 2 i

*> 10.30.3.0/24     172.17.2.2                  0          0 2 i

Route Distinguisher: 300:1 (default for vrf BLACKHOLE)

Import Map: BLACKHOLE, Address-Family: IPv4 Unicast, Pfx Count/Limit: 3/1000

*> 10.40.1.0/24     172.17.2.2                  0          0 2 i

*> 10.40.2.0/24     172.17.2.2                  0          0 2 i

*> 10.40.3.0/24     172.17.2.2                  0          0 2 i

Route Distinguisher: 400:1 (default for vrf multicast)

Import Map: MCAST, Address-Family: IPv4 Multicast, Pfx Count/Limit: 2/2

*> 10.70.1.0/24     172.17.2.2                  0          0 2 i

*> 10.70.2.0/24     172.17.2.2                  0          0 2 i

Step 3 show ip vrf [brief | detail | interfaces | id] [vrf-name]

Displays defined VRFs and their associated interfaces. The output displays the import route map, the traffic type (unicast or multicast), and the default or user-defined prefix import limit. The following example output shows that the import route map named UNICAST is importing IPv4 unicast prefixes and that the prefix import limit is 1000. 

Router# show ip vrf detail


VRF academic; default RD 100:10; default VPNID <not set>

VRF Table ID = 1

  No interfaces

  Connected addresses are not in global routing table

  Export VPN route-target communities

    RT:100:10 

  Import VPN route-target communities

    RT:100:10 

  Import route-map for ipv4 unicast: UNICAST (prefix limit: 1000)


  No export route-map

Configuration Examples for BGP Support for IP Prefix Import from Global Table into a VRF Table

This section contains the following configuration example:

Configuring Global IP Prefix Import: Example

Configuring Global IP Prefix Import: Example

The following example, beginning in global configuration mode, imports all unicast prefixes from the 10.24.240.0/22 subnet into the VRF named GREEN. An IP prefix list is used to define the imported IPv4 prefixes. The route map is attached to Ethernet interface 0. Unicast RPF verification for VRF GREEN is enabled. 

ip prefix-list COLORADO permit 10.24.240.0/22 

!

ip vrf GREEN

 rd 100:10

 import ipv4 unicast 1000 map UNICAST

 exit

route-map UNICAST permit 10

 match ip address prefix-list COLORADO

 exit

interface Ethernet 0

 ip policy route-map UNICAST 

 ip verify unicast vrf GREEN permit 

end

Additional References

The following sections provide references related to the BGP Support for IP Prefix Import from Global Table into a VRF Table feature.

Related Documents

Related Topic
Document Title

BGP commands: complete command syntax, defaults, command mode, command history, usage guidelines, and examples

Cisco IOS IP Routing Protocols Command Reference, Release 12.2SB

Cisco IOS IP Routing Protocols Command Reference, Release 12.2SR

Cisco IOS IP Routing Protocols Command Reference, Release 12.2SX

Cisco IOS IP Command Reference, Volume 2 of 4: Routing Protocols, Release 12.3T

BGP configuration tasks

Cisco IOS IP Configuration Guide, Release 12.3

MPLS VPN configuration tasks

MPLS Virtual Private Networks, Release 12.0(5)T

VRF selection using policy based routing

MPLS VPN—VRF Selection Using Policy Based Routing

VRF selection based on source IP address

MPLS VPN— VRF Selection Based on Source IP Address


Standards

Standard
Title

No new or modified standards are supported by this feature, and support for existing standards has not been modified by this feature.


MIBs

MIB
MIBs Link

No new or modified MIBs are supported by this feature, and support for existing MIBs has not been modified by this feature.

To locate and download MIBs for selected platforms, Cisco IOS releases, and feature sets, use Cisco MIB Locator found at the following URL:

http://www.cisco.com/go/mibs


RFCs

RFC
Title

No new or modified RFCs are supported by this feature, and support for existing RFCs has not been modified by this feature.


Technical Assistance

Description
Link

The Cisco Support website provides extensive online resources, including documentation and tools for troubleshooting and resolving technical issues with Cisco products and technologies.

To receive security and technical information about your products, you can subscribe to various services, such as the Product Alert Tool (accessed from Field Notices), the Cisco Technical Services Newsletter, and Really Simple Syndication (RSS) Feeds.

Access to most tools on the Cisco Support website requires a Cisco.com user ID and password.

http://www.cisco.com/techsupport


Command Reference

This section documents only commands that are new or modified.

debug ip bgp import

import ipv4

ip verify unicast vrf

debug ip bgp import

To display debugging information related to importing IPv4 prefixes from the global routing table into a VRF table, use the debug ip bgp import command in privileged EXEC mode. To disable the display of IPv4 prefix import debugging information, use the no form of this command.

debug ip bgp import {events | updates [access-list | expanded-access-list]}

no debug ip bgp import {events | updates [access-list | expanded-access-list]}

Syntax Description

events

Displays messages related to IPv4 prefix import events.

updates

Displays messages related to IPv4 prefix import updates.

access-list

(Optional) Number of access list used to filter debugging messages. The range that can be specified is from 1 to 199.

expanded-access-list

(Optional) Number of expanded access list used to filter debugging messages. The range that can be specified is from 1300 to 2699.


Command Modes

Privileged EXEC

Command History

Release
Modification

12.0(29)S

This command was introduced.

12.2(25)S

This command was integrated into Cisco IOS Release 12.2(25)S.

12.3(14)T

This command was integrated into Cisco IOS Release 12.3(14)T.

12.2(27)SBC

This command was integrated into Cisco IOS Release 12.2(27)SBC.

12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA.

12.2(33)SXH

This command was integrated into Cisco IOS Release 12.2(33)SXH.


Usage Guidelines

Use this command to display debugging information related to the BGP Support for IP Prefix Import from Global Table into a VRF Table feature. This feature provides the capability to import IPv4 unicast prefixes from the global routing table into a Virtual Private Network (VPN) routing/forwarding (VRF) instance table using an import route map.

Examples

The following example configures IPv4 prefix import debugging messages for both import events and import updates to be displayed on the console of the router: 

Router# debug ip bgp import events 


BGP import events debugging is on


Router# debug ip bgp import updates


BGP import updates debugging is on for access list 3


00:00:50: %BGP-5-ADJCHANGE: neighbor 10.2.2.2 Up 

00:01:06: BGP: reevaluate IPv4 Unicast routes in VRF academic

00:01:06: BGP: 0 routes available (limit: 1000)

00:01:06: BGP: import IPv4 Unicast routes to VRF academic

00:01:06: BGP(2)-VRF(academic): import pfx 100:1:10.30.1.0/24 via 10.2.2.2

00:01:06: BGP: accepted 8 routes (limit: 1000)

00:01:06: BGP: reevaluate IPv4 Multicast routes in VRF multicast

00:01:06: BGP: 0 routes available (limit: 2)

00:01:06: BGP: import IPv4 Multicast routes to VRF multicast

00:01:06: %BGP-4-AFIMPORT: IPv4 Multicast prefixes imported to multicast vrf reached the 

limit 2

00:01:06: BGP: accepted 2 routes (limit: 2)

00:01:06: BGP: reevaluate IPv4 Unicast routes in VRF BLUE 

00:01:06: BGP: 0 routes available (limit: 1000)

00:01:06: BGP: import IPv4 Unicast routes to VRF BLUE 

00:01:06: BGP: accepted 3 routes (limit: 1000)

Table 1 describes the significant fields shown in the display.

Table 1 debug ip bgp import Field Descriptions 

Field
Description

BGP: accepted 2 routes (limit: 2)

Number of routes imported into the VRF, and the default or user-defined prefix import limit.

BGP: reevaluate IPv4 Unicast routes in VRF BLUE

Prefix was imported during BGP convergence and is being reevaluated for the next scan cycle.

BGP: 0 routes available (limit: 1000)

Number of routes available from import source, and the default or user-defined prefix import limit.

BGP: import IPv4 Unicast routes to VRF BLUE

Import map and prefix type (unicast or multicast) that is being imported into the specified VRF.


Related Commands

Command
Description

clear ip bgp

Resets a BGP connection.


import ipv4

To configure an import map to import IPv4 prefixes from the global routing table to a VRF table, use the import ipv4 command in VRF configuration mode. To remove the import map, use the no form of this command.

import ipv4 {unicast | multicast} [prefix-limit] map route-map

no import ipv4 {unicast | multicast} [prefix-limit] map route-map

Syntax Description

unicast

Specifies IPv4 unicast prefixes to import.

multicast

Specifies IPv4 multicast prefixes to import.

prefix-limit

(Optional) Number of prefixes to import. The range is from 1 to 2147483647. Default is 1000.

map route-map

Specifies the route map to be used as an import route map for the VRF.


Command Default

No import map is configured.

Command Modes

VRF configuration

Command History

Release
Modification

12.0(29)S

This command was introduced.

12.2(25)S

This command was integrated into Cisco IOS Release 12.2(25)S.

12.3(14)T

This command was integrated into Cisco IOS Release 12.3(14)T.

12.2(27)SBC

This command was integrated into Cisco IOS Release 12.2(27)SBC.

12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA.

12.2(33)SXH

This command was integrated into Cisco IOS Release 12.2(33)SXH.


Usage Guidelines

IP prefixes that are defined for import are processed through a match clause in a route map. The prefixes that pass through the route map are imported into the Virtual Private Network (VPN) routing/forwarding (VRF) instance. A maximum of five VRFs per router can be configured to import IPv4 prefixes from the global routing table. 1000 prefixes per VRF are imported by default. You can manually configure from 1 to 2,147,483,647 prefixes for each VRF. We recommend that you use caution if you manually configure the prefix import limit. Configuring the router to import too many prefixes can interrupt normal router operation. Only IPv4 unicast and multicast prefixes can be imported to a VRF with this feature. IPv4 prefixes imported into a VRF using this feature cannot be imported into a VPNv4 VRF.

No MPLS or Route Target Configuration Is Required

No MPLS or route target (import/export) configuration is required.

Import Behavior

Import actions are triggered when a new routing update is received or when routes are withdrawn. During the initial BGP update period, the import action is postponed to allow BGP to converge more quickly. Once BGP converges, incremental BGP updates are evaluated immediately and qualified prefixes are imported as they are received.

Examples

The following example, beginning in global configuration mode, imports all unicast prefixes from the 10.24.240.0/22 subnet into the VRF named GREEN. An IP prefix list is used to define the imported IPv4 prefixes. The route map is attached to the Ethernet interface 0, and unicast RPF verification for VRF GREEN is enabled. 

ip prefix-list COLORADO permit 10.24.240.0/22 

!

ip vrf GREEN

 rd 100:10

 import ipv4 unicast 1000 map UNICAST

 exit

route-map UNICAST permit 10

 match ip address prefix-list ACCOUNTING

 exit

interface Ethernet 0

 ip policy route-map UNICAST 

 ip verify unicast vrf GREEN permit 

 end

Related Commands

Command
Description

ip verify unicast vrf

Enables Unicast Reverse Path Forwarding verification for the specified VRF.

ip vrf

Configures a VRF routing table.

rd

Creates routing and forwarding tables for a VRF.

show ip bgp

Displays entries in the BGP routing table.

show ip bgp vpnv4

Displays VPN address information from the BGP table.

show ip vrf

Displays the set of defined VRFs and associated interfaces.


ip verify unicast vrf

To enable Unicast Reverse Path Forwarding (Unicast RPF) verification for a specified VRF, use the ip verify unicast vrf command in interface configuration mode. To disable the Unicast RPF check for a VRF, use the no form of this command.

ip verify unicast vrf vrf-name {deny | permit}

no ip verify unicast vrf vrf-name {deny | permit}

Syntax Description

vrf-name

Virtual Private Network (VPN) routing/forwarding (VRF) instance name.

deny

Specifies that traffic associated with the specified VRF is dropped after it passes the Unicast RPF verification.

permit

Specifies that traffic associated with the specified VRF is forwarded after it passes the Unicast RPF verification.


Command Default

Unicast RPF verification is disabled.

Command Modes

Interface configuration

Command History

Release
Modification

12.0(29)S

This command was introduced.

12.2(25)S

This command was integrated into Cisco IOS Release 12.2(25)S.

12.3(14)T

This command was integrated into Cisco IOS Release 12.3(14)T.

12.2(28)SB

This command was integrated into Cisco IOS Release 12.2(27)SBC.

12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA.

12.2(33)SXH

This command was integrated into Cisco IOS Release 12.2(33)SXH.


Usage Guidelines

Unicast RPF is configured to verify that the source address is in the Forwarding Information Base (FIB). The ip verify unicast vrf command is configured in interface configuration mode and is enabled for each VRF. This command has permit and deny keywords that are used to determine if traffic is forwarded or dropped after Unicast RPF verification.

Examples

The following example configures Unicast RPF verification for VRF GREEN and RED. VRF GREEN traffic is forwarded. VRF RED traffic is dropped. 

Router(config)# interface Ethernet 0

Router(config-if)# ip verify unicast vrf GREEN permit

Router(config-if)# ip verify unicast vrf RED deny

Router(config-if)# end

Related Commands

Command
Description

import ipv4

Configures an import map to import IPv4 prefixes from the global routing table to a VRF table.

ip vrf

Configures a VRF routing table.

rd

Creates routing and forwarding tables for a VRF.

show ip bgp

Displays entries in the BGP routing table.

show ip bgp vpnv4

Displays VPN address information from the BGP table.

show ip vrf

Displays the set of defined VRFs and associated interfaces.


Feature Information for BGP Support for IP Prefix Import from Global Table into a VRF Table

Table 2 lists the release history for this feature.

Not all commands may be available in your Cisco IOS software release. For release information about a specific command, see the command reference documentation.

Use Cisco Feature Navigator to find information about platform support and software image support. Cisco Feature Navigator enables you to determine which Cisco IOS and Catalyst OS software images support a specific software release, feature set, or platform. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not required.

Note Table 2 lists only the Cisco IOS software release that introduced support for a given feature in a given Cisco IOS software release train. Unless noted otherwise, subsequent releases of that Cisco IOS software release train also support that feature.

Table 2 Feature Information for BGP Support for IP Prefix Import from Global Table into a VRF Table 

Feature Name
Releases
Feature Information

BGP Support for IP Prefix Import from Global Table into a VRF Table

12.0(29)S
12.2(25)S
12.2(27)SBC
12.2(33)SRA
12.2(33)SXH
12.3(14)T

The BGP Support for IP Prefix Import from Global Table into a VRF Table feature introduces the capability to import IPv4 unicast prefixes from the global routing table into a Virtual Private Network (VPN) routing/forwarding (VRF) instance table using an import route map.

The following commands were introduced or modified by this feature: debug ip bgp import, import ipv4, ip verify unicast vrf.



Any Internet Protocol (IP) addresses used in this document are not intended to be actual addresses. Any examples, command display output, and figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses in illustrative content is unintentional and coincidental.

© 2004-2007 Cisco Systems, Inc. All rights reserved.