Rd (route-distinguisher) is used to identify different VPN instances on the PE device. Its main function is to achieve address multiplexing between VPN instances. It and the IP address constitute a 12byte vpnv4 address space, rd and the route are carried together in the bgp update message and published to the peer end. On the one hand, we need to verify whether the RD function is implemented, whether the PE device can achieve IP address reuse based on different Rd, and whether the same IP route carrying different rd should correspond to different VPN instance routes on the PE. At the same time, RD does not have the Routing Capability and should not affect the routing reception and optimization. For the same VPN with the same IP address of different Rd, the PE device should not process based on the RD preferred route or when two different routes. Because RD has two assignment modes, we also need to consider the transmission of RD routes with different structures in the test, especially for critical and unconventional values (for example, the as number is 65535, IP addresses are broadcast, multicast addresses, and so on.
RT (route-target) is an important attribute carried by vpnv4. It determines the transmission, receiving, and filtering of VPN routes. PE uses the RT attribute to distinguish routes between different VPNs, it has also become a key point in the mbgp test.
Use the RT attribute to filter VPN routes. The Rt and RD attributes have the same data format, but the attributes are divided into import and export. The export attribute follows the corresponding VPN route and sends it to the peer through mbgp, while the import attribute is used to compare and filter the route with the RT export attribute in the received vpnv4 route. The RT filter routing function can be tested from multiple statuses, such as matching and non-matching.
When the RT export attribute configured in the VPN instance on the PE device changes, the Rt attribute corresponding to the VPN route published by the PE should also change synchronously, PE should refresh the vpnv4 route corresponding to the VPN instance and update its RT attribute. Similarly, when the RT import attribute of the VPN instance changes, the changed PE device should take the initiative to send the BGP refresh packet to refresh the VPN route, and use the new RT attribute to filter the route.
Different from RD, We can configure multiple RT attributes for a VPN instance, and the RT attributes are released in the extended group attributes of the bgp update message. The format is similar to that of common group attributes. When a route carries multiple extended group attributes and RT attributes at the same time, whether the BGP protocol and routing policy correctly analyze and process these attributes will not affect each other.
1. VRF
One of the security measures of BGP/mpls vpn is routing isolation and information isolation. It is achieved through the VPN route forwarding (VPN routing & forwarding: VRF) Table and the LSP in MPLS. There are multiple VRF tables on the PE router. These VRF tables correspond to one or more sub-interfaces on the PE router, used to store the route information of the VPN to which these subinterfaces belong. Generally, the VRF table only contains the route information of one VPN, but when the sub-interface belongs to multiple VPNs, the corresponding VRF table contains the routing information of all VPNs to which the sub-interface belongs.
Each VRF table has two attributes: route distinguisher: RD and route target: RT.
2. Rd
The IP address planning in the VPN is self-developed by the customer. Therefore, the customer may choose the private address defined in rfc1918 as their site address or use the same address domain for different VPNs, that is, address overlap. One of the consequences of address overlapping is that BGP cannot distinguish overlapping routes from different VPNs, resulting in a site being inaccessible.
To solve this problem, BGP/mpls vpn not only uses multiple VRF tables on the PE router, but also introduces the concept of RD. RD is globally unique. By using an eight-byte RD as an extension of an IPv4 address prefix, an ununique IPv4 address is converted to a unique VPN-IPv4 address. The VPN-IPv4 address is invisible to client devices and is only used for distribution of routing information on backbone networks.
The RD and VRF tables have a one-to-one relationship. Generally, for sub-interfaces of the same VPN on different PE routers, allocate the same rd to the corresponding VRF table. In other words, is to assign a unique RD for each VPN. However, for overlapping VPNs, that is, when a site belongs to multiple VPNs, because a sub-interface on the PE router belongs to multiple VPNs, the VRF table corresponding to this sub-interface can only be allocated with one Rd, so that multiple VPNs share one Rd.
3. RT
RT is similar to the extended group attribute in BGP for routing information distribution. It is divided into import RT and export RT for the import and export policies of route information respectively. When exporting a VPN route from the VRF table, use export RT to mark the VPN route. When importing a VPN route to the VRF table, only the routes marked with RT that match any import rt in the vrf table will be imported to the VRF table. RT allows the PE router to only include the VPN route directly connected to it, instead of all the VPN routes of the whole network, thus saving the resources of the PE router and improving the network scalability.
RT is globally unique and can only be used by one VPN. Through reasonable configuration of import RT and export RT, the carrier can build VPN of different topology types, such as overlapping VPN and hub-and-spoke VPN.