The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
A range (specified in the set extcommunity rt command or the set extcommunity vpn-distinguisher command) can include a maximum of 450 extended communities.
The VPN distinguisher range is not relayed to an IBGP peer.
The BGP—RT and VPN Distinguisher Attribute Rewrite Wildcard feature introduces the ability to set a range of route target (RT) community attributes or VPN distinguisher community attributes when mapping them. A network administrator might want to map one or more RTs at an egress ASBR to different RTs at an ingress ASBR. The VPN Distinguisher Attribute feature allows an administrator to map RTs to a VPN distinguisher that is carried through an eBGP and then mapped to RTs at an ingress ASBR. The mapping is achieved by configuring a route map that sets an RT range or VPN distinguisher range of extended community attributes. Specifying a range rather than individual RTs saves time and simplifies the configuration. Furthermore, a VPN distinguisher range allows more than one VPN distinguisher attribute per route-map clause, thereby removing the restriction that applied prior to this feature.
A network administrator might want to rewrite (or map) one or more route targets (RTs) at an egress ASBR to different RTs at an ingress ASBR. One use case would be to keep the RTs at the egress ASBR private from the ingress ASBR.
The rewrite is achieved by using inbound route maps, matching prefixes to route-map clauses that match inbound RTs, and mapping those RTs to different RTs recognized by the neighbor AS. Such a rewrite configuration could be complex on inbound route maps, with potentially hundreds of RTs that would need to be specified individually (configuring set extcommunity rt value1 value2 value3 ...). If the RTs being attached to the prefixes are consecutive, the configuration can be simplified by specifying a range of RTs. Thus, the benefits of the RT mapping range are saving time and simplifying the configuration.
Likewise, the mapping of RTs to a VPN distinguisher attribute (and vice versa) can also be simplified by specifying a range of RTs or VPN distinguishers. The BGP—VPN Distinguisher Attribute feature allows a network administrator to keep source RTs private from an ASBR in a destination AS. An RT at an egress ASBR is mapped to a VPN distinguisher, the VPN distinguisher is carried through the eBGP, and then it is mapped to an RT at the ingress ASBR.
The RT and VPN Distinguisher Attribute Mapping Range feature introduces the ability to specify a range of either route targets (RTs) or VPN distinguishers when mapping them.
Another benefit applies to setting a VPN distinguisher. Prior to this feature, only one set extcommunity vpn-distinguisher value was allowed per route-map clause. With the introduction of the mapping range, a range of VPN distinguishers can be set on a route.
The following sections provide configurational information on how to map RTs to RTs using a range.
Perform this task on an egress ASBR to replace a route target (RT) with an RT range. Remember to replace the range of RTs with an RT on the ingress ASBR; that task is described in the “Replacing a Range of RTs with an RT” section.
To replace an RT with a range of RTs, perform this procedure:
| Command or Action | Purpose | |
|---|---|---|
|
Step 1 |
enable Example: |
Enables privileged EXEC mode. Enter your password if prompted. |
|
Step 2 |
configure terminal Example: |
Enters global configuration mode. |
|
Step 3 |
ip extcommunity-list expanded-list {permit | deny} Example: |
Configures an IP extended community list to configure Virtual Private Network (VPN) route filtering. |
|
Step 4 |
exit Example: |
Exits the configuration mode and enters the next higher configuration mode. |
|
Step 5 |
route-map map-tag {permit | deny} [sequence-number] Example: |
Configures a route map that permits or denies the routes that are allowed by the subsequent match command. This example permits the routes that are allowed by the subsequent match command. |
|
Step 6 |
match extcommunity extended-community-list-name Example: |
Matches on the specified community list. For this example, routes that match the extended community list 22 (which was configured in Step 3) are subject to the subsequent set commands. |
|
Step 7 |
set extcomm-list extcommunity-name delete Example: |
Deletes the RT from routes that are in the specified extended community list. For this example, RTs are deleted from routes that are in extended community list 22. |
|
Step 8 |
set extcommunity rt range start-value end-value Example: |
For the routes that are permitted by the route map, sets the specified RT range of extended community attributes, inclusive. For this example, routes that match extended community 22 have their RT extended community attribute values set to 500:1, 500:2, 500:3, 500:4, 500:5, 500:6, 500:7, 500:8, and 500:9. |
|
Step 9 |
exit Example: |
Exits route-map configuration mode and enters global configuration mode. |
|
Step 10 |
route-map map-tag {permit | deny} [sequence-number] Example: |
(Optional) Configures a route map entry that permits routes. This example configures a route map entry that permits other routes not subject to the RT-to-RT range mapping. If you do not perform this step, all other routes are subject to an implicit deny. |
|
Step 11 |
exit Example: |
Exits route-map configuration mode and enters global configuration mode. |
|
Step 12 |
router bgp as-number Example: |
Enters router configuration mode and creates a BGP routing process. |
|
Step 13 |
neighbor ip-address remote-as autonomous-system-number Example: |
Specifies that the neighbor belongs to the autonomous system. |
|
Step 14 |
address-family vpnv4 Example: |
Enters address family configuration mode to configure BGP peers to accept address family-specific configurations. |
|
Step 15 |
neighbor ip-address activate Example: |
Activates the specified neighbor. |
|
Step 16 |
neighbor ip-address route-map map-tag out Example: |
Applies the specified outgoing route map to the specified neighbor. |
|
Step 17 |
exit-address-family Example: |
Exits address family configuration mode and enters privileged EXEC mode. |
Perform this task on an ingress ASBR to replace an RT range of attributes with an RT attribute. This task assumes you already configured the egress ASBR to replace the RT with an RT range; that task is described in the “Replacing an RT with a Range of RTs” section.
To replace a range of RTs with an RT, perform this procedure:
| Command or Action | Purpose | |
|---|---|---|
|
Step 1 |
enable Example: |
Enables privileged EXEC mode. Enter your password if prompted. |
|
Step 2 |
configure terminal Example: |
Enters global configuration mode. |
|
Step 3 |
ip extcommunity-list expanded-list {permit | deny} rt reg-exp Example: |
Configures an IP extended community list to configure Virtual Private Network (VPN) route filtering, such that routes with the specified RT range are in the extended community list. This example permits routes having RTs in the range 500:1 to 500:9 into the extended community list 128. |
|
Step 4 |
exit Example: |
Exits the configuration mode and enters the next higher configuration mode. |
|
Step 5 |
route-map map-tag {permit | deny} [sequence-number] Example: |
Configures a route map that permits or denies the routes that are allowed by the subsequent match command. This example permits the routes that are allowed by the subsequent match command. |
|
Step 6 |
match extcommunity extended-community-list-name Example: |
Matches on the specified community list. In this example, routes that match the extended community list 128 (which was configured in Step 3) are subject to the subsequent set commands. |
|
Step 7 |
set extcomm-list extcommunity-name delete Example: |
Deletes the RTs in the range from routes that are in the specified extended community list. In this example, RTs in the range are deleted from routes that are in extended community list 128. |
|
Step 8 |
set extcommunity rt value additive Example: |
Sets the routes that are permitted by the route map with the specified RT. In this example, routes that match extended community 128 have their RT set to 400:1. The additive keyword causes the RT to be added to the RT list without replacing any RTs. |
|
Step 9 |
exit Example: |
Exits route-map configuration mode and enters global configuration mode. |
|
Step 10 |
route-map map-tag {permit | deny} [sequence-number] Example: |
(Optional) Configures a route map entry that permits routes. This example configures a route map entry that permits other routes not subject to the RT-range-to-RT mapping. If you do not perform this step, all other routes are subject to an implicit deny. |
|
Step 11 |
exit Example: |
Exits route-map configuration mode and enters global configuration mode. |
|
Step 12 |
router bgp as-number Example: |
Enters router configuration mode and creates a BGP routing process. |
|
Step 13 |
neighbor ip-address remote-as autonomous-system-number Example: |
Specifies that the neighbor belongs to the autonomous system. |
|
Step 14 |
address-family vpnv4 Example: |
Enters address family configuration mode to configure BGP peers to accept address-family-specific configurations. |
|
Step 15 |
neighbor ip-address activate Example: |
Activates the specified neighbor. |
|
Step 16 |
neighbor ip-address route-map map-tag in Example: |
Applies the specified incoming route map to the specified neighbor. |
|
Step 17 |
exit-address-family Example: |
Exits address family configuration mode and enters privileged EXEC mode. |
In the following example, on the egress ASBR, routes having RT 201:100 are in the extended community list 22. A route-map that is named rt-mapping matches on extended community list 22 and deletes the RT from routes in the community list. Routes that match the community list have their VPN distinguishers set to VPN distinguishers in the range from 600:1 to 600:8. The route map is applied to the neighbor 192.168.103.1.
Egress ASBR
ip extcommunity-list 22 permit rt 201:100
!
route-map rt-mapping permit 10
match extcommunity 22
set extcomm-list 22 delete
set extcommunity vpn-distinguisher range 600:1 600:8
!
route-map rt-mapping permit 20
!
router bgp 3000
neighbor 192.168.103.1 remote-as 3000
address-family vpnv4
neighbor 192.168.103.1 activate
neighbor 192.168.103.1 route-map rt-mapping out
exit-address-family
!
On the ingress ASBR, VPN distinguishers in the range 600:1 to 600:8 belong to extended community list 101. A route map that is named rtmap2 maps those VPN distinguishers to RT range 700:1 700:10. The route map is applied to the neighbor 192.168.0.50. The additive option adds the new range to the existing value without replacing it.
Ingress ASBR
ip extcommunity-list 101 permit VD:600:[1-8]
!
route-map rtmap2 permit 10
match extcommunity 101
set extcomm-list 101 delete
set extcommunity rt 700:1 700:10 additive
!
route-map rtmap2 permit 20
!
router bgp 4000
neighbor 192.168.0.50 remote-as 4000
address-family vpnv4
neighbor 192.168.0.50 activate
neighbor 192.168.0.50 route-map rtmap2 in
exit-address-family
!|
Related Topic |
Document Title |
|---|---|
|
BGP commands |
Cisco IOS IP Routing: BGP Command Reference |
|
BGP—VPN Distinguisher Attribute |
“BGP—VPN Distinguisher Attribute” module in the IP Routing: BGP Configuration Guide, Cisco IOS XE Release 3S |
This table provides release and related information for the features explained in this module.
These features are available in all the releases subsequent to the one they were introduced in, unless noted otherwise.
|
Release |
Feature |
Feature Information |
|---|---|---|
| Cisco IOS XE Gibraltar 16.10.1 |
BGP-RT and VPN Distinguisher Attribute Rewrite Wildcard |
The BGP—RT and VPN Distinguisher Attribute Rewrite Wildcard feature introduces the ability to set a range of route target (RT) community attributes or VPN distinguisher community attributes when mapping them. |
|
Cisco IOS XE Cupertino 17.7.1 |
BGP-RT and VPN Distinguisher Attribute Rewrite Wildcard |
This feature was implemented on the supervisor modules C9400X-SUP-2 and C9400X-SUP-2XL. |
Use the Cisco Feature Navigator to find information about platform and software image support. To access Cisco Feature Navigator, go to https://cfnng.cisco.com/.
Feedback