Information Technology Reference
In-Depth Information
VPN labels are installed into the FIB for the VRF. Example 10-14 shows the VPN label for
172.16.0.0 in CEF on PE1. Note that the first label (19) is an IGP label (L2) to reach PE2
(192.168.100.5), and the second label (25) is the VPN label Lv.
Example 10-14
VPN Label for 172.16.0.0 on PE1
PE1#show ip cef vrf VPNa 172.16.0.0 detail
172.16.0.0/16, version 6, epoch 0, cached adjacency 192.168.23.3
0 packets, 0 bytes
tag information set
local tag: VPN-route-head
fast tag rewrite with Et1/0, 192.168.23.3, tags imposed: {19 25}
via 192.168.100.5, 0 dependencies, recursive
next hop 192.168.23.3, Ethernet1/0 via 192.168.100.5/32
valid cached adjacency
tag rewrite with Et1/0, 192.168.23.3, tags imposed: {19 25}
To reach 172.16.0.0/16 in PE1, a recursive lookup of the BGP next hop (192.168.100.5)
resolves the IGP next hop (192.168.23.3). When PE1 receives a packet from CE1 that is
destined for 172.16.0.0/16, a label stack of 2 is imposed: the top label 19 to reach PE2 via
P, and the bottom label 25 to reach 172.16.0.0/16 via VPNa. Upon receiving such a packet,
P pops the top label (19) because of PHP. The packet is delivered to PE2 with the VPN label
(25). When PE2 receives the packet, it removes the label and delivers the IP packet to CE2.
Automatic Route Filtering
To reduce memory use, PEs implement automatic route filtering (ARF). A PE accepts only
VPN routes that are permitted from the VRFs configured locally. ARF is performed based
on RTs and is enabled by default on a PE.
If a PE is an RR for VPNv4, ARF is disabled by default.
NOTE
Figure 10-8 shows an example of automatic route filtering on PE devices. As a PE with
connections to two VRFs, VPNa and VPNb, R5 advertises to R1 and R2 VPNv4 prefixes
that are from both CEs. Because R1 is connected only to VPNa, it rejects all the routes from
VPNb. The same logic applies to R2, because it rejects routes for VPNa.
