Extensions to RT-Constrain in Hierarchical Route Reflection Scenarios

The Route Target (RT) Constrain mechanism specified in is used to build a route distribution graph in order to restrict the propagation of Virtual Private Network (VPN) routes. In network scenarios where hierarchical route reflection (RR) is used, the existing advertisment rules of RT membership information as defined in section 3.2 of cannot guarantee a correct route distribution graph. This document describes the problem scenario and proposes a solution to address the RT-Constrain issue in hierarchical RR scenarios.

As shown in Figure 1, hierarchical RRs are deployed in the network, RR-2 and RR-3 are route-reflectors of their connecting PEs, and are also the clients of RR-1. If each PE advertises RT membership information of RT-1 to the upstream RR, after the best path selection, both RR-2 and RR-3 would create the CLUSTER_LIST attribute, prepend their local CLUSTER_ID and then advertise the best path to RR-1 and their clients respectively. On receipt of the RT-Constrain routes from RR-2 and RR-3, RR-1 will select one of the received routes as the best route, here assume the route received from RR-2 is selected by RR-1 as the best route. Then RR-1 needs to advertise the best RT-Constrain route to both RR-2 and RR-3 to create the route distribution graph of VPN-1. RR-1 would prepend its CLUSTER_ID to the CLUSTER_LIST of the path, and according to the rules in Section 3.2 of , it sets the ORIGINATOR_ID to its own router-id, and the NEXT_HOP to the local address for the session. Then RR-1 would advertise this route to both RR-2 and RR-3. On receipt of the RT-Constrain route from RR-1, RR-2 checks the CLUSTER_LIST and find its own CLUSTER_ID in the list, so this route will be ignored by RR-2. As a result, RR-2 will not form the outbound filter of RT-1 towards RR-1, hence it will not advertise the VPN routes of VPN-1 to RR-1.

This document specifies 2 potential solutions for the RTC issue in hierarchical RR scenario. In a later revision, one solution will to be selected based on the decision of the IDR working group.

This section provides one possible solution which is based on the add-path mechanism defined in . It makes use of the add-path mechanism for RTC route advertisement between the hierarchical RRs. The solution is summerized as follows: The route-reflector clients which themselves are also route-reflectors SHOULD be identified, then BGP add-paths SHOULD be enabled for RT membership NLRI on the BGP sessions between the higher layer RR and the lower layer RRs to ensure that sufficient RT-Constrain routes can be advertised by the higher layer RR to the lower layer RRs to pass BGP loop detection. In this case normal BGP path advertisement rules as defined in SHOULD be applied. The number of RT-Constrain routes to be advertised with add-path mechanism is a local decision of operators. To ensure that sufficient RT-Constrain routes are advertised to build the distribution graph, the recommended add-path number is the maximum number of the BGP client sessions in the same cluster plus 1. When advertising an RT membership NLRI to a route-reflector client which is not a lower layer RR, the advertisement rule as defined in section 3.2 of SHOULD be applied. With the above advertisement rule, RR-1 in figure 1 SHOULD advertise to RR-2 the RT-Constrain routes received from both RR-2 and RR-3, then the RTC route from RR-3 will pass the BGP loop detection on RR-2, thus the route distribution graph can be set up correctly.

This section specifies another possible solution which proposes some modification to the intra-AS advertisement rule of RTC route. Since the advertisement of RT-Constrain route is to set up a route distribution graph and not to guide the data packet forwarding, actually all the available RT-Constrain routes should be considered in setting up the route distribution graph, not just the best one. Thus the following advertisment rule for RT membership information is proposed to replace the rule i and ii in section 3.2 of : When advertising an RT membership NLRI to a route-reflector peer (either client or non-client), if the best path as selected by the path selection procedure described in Section 9.1 of is the path received from this peer, and there are alternative paths received from other peers, then the most disjoint alternative route SHOULD be advertised to this peer. The most disjoint alternative path is the path whose CLUSTER_LIST and ORIGINATOR_ID attributes are diverse from the attributes of the best path. With the above advertisement rule, RR-1 in figure 1 would advertise to RR-2 the RT-Constrain route received from RR-3, which is the most disjoint alternative route compared with the best route received from RR-2. In this way, RR-2 will not discard the RT-constrain route received from RR-1, and the route distribution graph can be set up correctly.

This document makes no request of IANA.

This document does not change the security properties of BGP based VPNs and .

The authors would like to thank Yaqun Xiao for the discussion of RT-Constrain issue in hierarchical RR scenario. Many people have made valuable comments and suggestions, including Susan Hares, Jeffrey Haas, Stephane Litkowski, Vitkovský Adam, Xiaohu Xu, Uttaro James, Shyam Sethuram, Saikat Ray and Bruno Decraene.