The main thing to understand is that an Address Family is a separate scope which we generate and exchange routes. Separate means no direct relationship between each other.
When we use these in MPLS VPNs,
IPv4 Address Families are used to peer Provider Edge & Customer Edge (PE-CE).
VPNv4 Address Families are used to peer Provider Edge routers (PE-PE).
This creates a requirement in which we need to tell BGP which address families should be exchanged with a particular neighbor. So if we need to exchange prefixes of a particular address family with a neighbor, we should configure / activate that neighbor under the particular address family..
Note that when you configure a neighbor under the BGP process without specifying an address family, the BGP process puts it in an invisible default IPv4 address family so that it will exchange IPv4 routes with that neighbor. You can stop this by configuring no bgp default ipv4-unicast command in the BGP configuration or deactivating the specific neighbor in that address family.
IP Address are like the following..
192.168.XY.X/24 where X and Y are router numbers. As an example, the R1- E0/0 is 192.168.12.1/24
and R2 - E0/0 is 192.168.12.2/24..
Also note that there are Loopback 0 interfaces created on each router like R1's loopback 0 is 1.1.1.1/32 etc..
IPv4 Family
Let's start configuring R1 with basic BGP configuration.
R1(config)#router bgp 100
R1(config-router)#neighbor 192.168.12.2 remote-as 200
R1(config-router)#network 1.1.1.1 mask 255.255.255.255
On R2;
R2(config)#router bgp 200
R2(config-router)#neighbor 192.168.12.1 remote-as 100
R2(config-router)#network 2.2.2.2 255.255.255.255
This is enough for general IPv4 address family. Now after a short while the neighbors will come up.
All the following commands will result the same output..
show bgp summary
show bgp ipv4 unicast summary
show ip bgp summary
show ip bgp ipv4 unicast summary
IPv4 VRF Family
Now let's configure the VRF side. This needs a new address family to be configured in R2 because the interface belongs to a VRF. This is an IPv4 address family but this is a separate IPv4 address family from the default which we configured above..
On R3;
R3(config)#router bgp 300
R3(config-router)#neighbor 192.168.23.2 remote-as 200
R3(config-router)#network 3.3.3.3 mask 255.255.255.255
On R2;
R2(config)#router bgp 200
R2(config-router)#address-family ipv4 vrf BLUE
R2(config-router-af)#neighbor 192.168.23.3 remote-as 300
Neighbors will come up soon..
Following commands will result the same output which lists the IPv4 VRF neighbors.
show bgp vpnv4 unicast vrf BLUE summary
show ip bgp vpnv4 vrf BLUE summary
If you would notice, the configuration commands are IPv4 related and show commands are VPNv4 related when you configure address families in VRFs. The reason for this is that to be a VPNv4 route, the Prefix should come with a Route Distinguisher and the routes in a VRF have this qualification which turns these routes in to VPNv4 routes but when it learns from a neighbor they are (configured) just IPv4 routes of course which does not belong to the default IPv4 address family.
Now the configuration is like the following..
As you can see, the neighbor is automatically activated for that address family.
How about the route exchange?
Let's see...
Though the neighbor is activated and even though it is also an IPv4 address family, we have to configure advertisements separately.
network 2.2.2.2 mask 255.255.255.255 will not work because the Loopback interface belongs to the default IPv4 address family..
VPNv4 Family
Now let's see how the VPNv4 address family works..
Let's configure R4 as a VPNv4 neighbor. I am configuring R4 as an iBGP neighbor for R2..
Main deference here is that we should configure the neighbor on default IPv4 address family 1st and then we should activate the neighbor manually in the VPNv4 address family.
Starting from R4;
R4(config)#router bgp 200
R4(config-router)#neighbor 2.2.2.2 remote-as 200
R4(config-router)#neighbor 2.2.2.2 update-source l0
R4(config-router)#address-family vpnv4 unicast
R4(config-router-af)#neighbor 2.2.2.2 activate
On R2;
R2(config)#router bgp 200
R2(config-router)#neighbor 4.4.4.4 remote-as 200
R2(config-router)#neighbor 4.4.4.4 update-source l0
R2(config-router)#address-family vpnv4 unicast
R2(config-router-af)#neighbor 4.4.4.4 activate
As you can see; we have to manually activate the neighbor within the VPNv4 address family.
Note:-
Neighbors should source from a loop back interface & the subnet mask should be /32 for VPNv4 address families and it is a special requirement. This makes sure that the next hop ip address of the VPNv4 routes belongs to an ip address which is always available and represents a router other than a network segment.
If we look at the BGP configuration of R2 now;
As you can see, a special command has been automatically configured under the VPNv4 address family which is send-community extended.
This should not be removed as it belongs to the mechanism of VPNv4 behind the scenes.
Now if we take a look at the prefixes learned by R4 because of this configuration;
Above all the prefixes are learned from IPv4 address family neighbor relationship, not from the VPNv4 address family.
In order to stop this IPv4 address family advertisements, we should go to the invisible default IPv4 address family and deactivate the relationship.
R2(config)#router bgp 200
R2(config-router)#address-family ipv4 unicast
R2(config-router-af)#no neighbor 4.4.4.4 activate
R4(config)#router bgp 200
R4(config-router)#address-family ipv4 unicast
R4(config-router-af)#no neighbor 2.2.2.2 activate
Now if we look at the configuration, we can see the invisible address family has become visible..
You will see the routes learned on R4 when you go further with MPLS VPN configuration where you set route targets. For such an example, please go here.
Note:-
Only the routes learned from IPv4 VRF address families will be able to import and export through VPNv4 address families (or MPLS VPNs). But the neighbor relationship should be formed from the default IPv4 address family.
Following show commands for VPNv4 family give the equal result which will list the VPNv4 routes regarding to the VRF;
show bgp vpnv4 unicast vrf BLUE
show ip bgp vpnv4 vrf BLUE
Also please note that show bgp vpnv4 unicast vrf <VRF NAME> summary will only show the IPv4 VRF family neighbors. To view the VPNV4 family neighbors, the following command should be used.
show bgp vpnv4 unicast all summary
Note:-
If you enter the command bgp upgrade-cli under the BGP process, you will find out that the BGP configuration has been fully converted to the address family style of configuration. The behavior of BGP do not change with this new style of configuration, only the configuration format is changed.
IPv4 Family
Let's start configuring R1 with basic BGP configuration.
R1(config)#router bgp 100
R1(config-router)#neighbor 192.168.12.2 remote-as 200
R1(config-router)#network 1.1.1.1 mask 255.255.255.255
On R2;
R2(config)#router bgp 200
R2(config-router)#neighbor 192.168.12.1 remote-as 100
R2(config-router)#network 2.2.2.2 255.255.255.255
This is enough for general IPv4 address family. Now after a short while the neighbors will come up.
show bgp summary
show bgp ipv4 unicast summary
show ip bgp summary
show ip bgp ipv4 unicast summary
IPv4 VRF Family
Now let's configure the VRF side. This needs a new address family to be configured in R2 because the interface belongs to a VRF. This is an IPv4 address family but this is a separate IPv4 address family from the default which we configured above..
On R3;
R3(config)#router bgp 300
R3(config-router)#neighbor 192.168.23.2 remote-as 200
R3(config-router)#network 3.3.3.3 mask 255.255.255.255
On R2;
R2(config)#router bgp 200
R2(config-router)#address-family ipv4 vrf BLUE
R2(config-router-af)#neighbor 192.168.23.3 remote-as 300
Neighbors will come up soon..
Following commands will result the same output which lists the IPv4 VRF neighbors.
show bgp vpnv4 unicast vrf BLUE summary
show ip bgp vpnv4 vrf BLUE summary
If you would notice, the configuration commands are IPv4 related and show commands are VPNv4 related when you configure address families in VRFs. The reason for this is that to be a VPNv4 route, the Prefix should come with a Route Distinguisher and the routes in a VRF have this qualification which turns these routes in to VPNv4 routes but when it learns from a neighbor they are (configured) just IPv4 routes of course which does not belong to the default IPv4 address family.
Now the configuration is like the following..
How about the route exchange?
Let's see...
network 2.2.2.2 mask 255.255.255.255 will not work because the Loopback interface belongs to the default IPv4 address family..
VPNv4 Family
Now let's see how the VPNv4 address family works..
Let's configure R4 as a VPNv4 neighbor. I am configuring R4 as an iBGP neighbor for R2..
Main deference here is that we should configure the neighbor on default IPv4 address family 1st and then we should activate the neighbor manually in the VPNv4 address family.
Starting from R4;
R4(config)#router bgp 200
R4(config-router)#neighbor 2.2.2.2 remote-as 200
R4(config-router)#neighbor 2.2.2.2 update-source l0
R4(config-router)#address-family vpnv4 unicast
R4(config-router-af)#neighbor 2.2.2.2 activate
On R2;
R2(config)#router bgp 200
R2(config-router)#neighbor 4.4.4.4 remote-as 200
R2(config-router)#neighbor 4.4.4.4 update-source l0
R2(config-router)#address-family vpnv4 unicast
R2(config-router-af)#neighbor 4.4.4.4 activate
As you can see; we have to manually activate the neighbor within the VPNv4 address family.
Note:-
Neighbors should source from a loop back interface & the subnet mask should be /32 for VPNv4 address families and it is a special requirement. This makes sure that the next hop ip address of the VPNv4 routes belongs to an ip address which is always available and represents a router other than a network segment.
If we look at the BGP configuration of R2 now;
This should not be removed as it belongs to the mechanism of VPNv4 behind the scenes.
Now if we take a look at the prefixes learned by R4 because of this configuration;
In order to stop this IPv4 address family advertisements, we should go to the invisible default IPv4 address family and deactivate the relationship.
R2(config)#router bgp 200
R2(config-router)#address-family ipv4 unicast
R2(config-router-af)#no neighbor 4.4.4.4 activate
R4(config)#router bgp 200
R4(config-router)#address-family ipv4 unicast
R4(config-router-af)#no neighbor 2.2.2.2 activate
Now if we look at the configuration, we can see the invisible address family has become visible..
You will see the routes learned on R4 when you go further with MPLS VPN configuration where you set route targets. For such an example, please go here.
Note:-
Only the routes learned from IPv4 VRF address families will be able to import and export through VPNv4 address families (or MPLS VPNs). But the neighbor relationship should be formed from the default IPv4 address family.
Following show commands for VPNv4 family give the equal result which will list the VPNv4 routes regarding to the VRF;
show bgp vpnv4 unicast vrf BLUE
show ip bgp vpnv4 vrf BLUE
Also please note that show bgp vpnv4 unicast vrf <VRF NAME> summary will only show the IPv4 VRF family neighbors. To view the VPNV4 family neighbors, the following command should be used.
show bgp vpnv4 unicast all summary
Note:-
If you enter the command bgp upgrade-cli under the BGP process, you will find out that the BGP configuration has been fully converted to the address family style of configuration. The behavior of BGP do not change with this new style of configuration, only the configuration format is changed.
Very concise and beautifully explained through configuration and outcomes of the commands w.r.t (either) IPv4 or VPNv4. Thumbs up
ReplyDelete