Specifications
10-30
Cisco IGX 8400 Series Provisioning Guide, Release 9.3.3 and Later Releases
OL-1166-04
Chapter 10 Cisco IGX 8400 Series IP Service
IP Service—Functional Overview
Virtual Routing/Forwarding
Each VPN is associated with one or more VPN routing/forwarding instances (VRFs). A VRF table
defines a VPN at a customer site attached to a PE router. A VRF table consists of the following:
• IP routing table
• Derived Cisco Express Forwarding (CEF) table
• Set of interfaces that use the forwarding table
• Set of rules and routing protocol variables that determine content in the forwarding table
A 1-to-1 relationship does not necessarily exist between customer sites and VPNs. A specific site can be
a member of multiple VPNs. However, a site may be associated with only one VRF. A site VRF contains
all the routes available to the site from the VPNs of which it is a member.
Packet forwarding information is stored in the IP routing table and the CEF table for each VRF.
Together, these tables are analogous to the forwarding information base (FIB) used in Label Switching.
A logically separate set of routing and CEF tables is constructed for each VRF. These tables prevent
information from being forwarded outside a VPN, and prevent packets that are outside a VPN from being
forwarded to a router within the VPN.
VPN Route-Target Communities
The distribution of VPN routing information is controlled by using VPN route target communities,
implemented by BGP extended communities.
When a VPN route is injected into BGP, it is associated with a list of VPN route target extended
communities. Typically the list of VPN communities is set through an export list of extended
community-distinguishers associated with the VRF from which the route was learned.
Associated with each VRF is an import list of route-target communities. This list defines the values to
be verified by the VRF table, before a route is eligible to be imported into the VPN routing instance.
For example, if the import list for a particular VRF includes community-distinguishers of A, B, and C,
then any VPN route that carries any of those extended community-distinguishers—A, B, or C—will be
imported into the VRF.
BGP Distribution of VPN Routing Information
A service provider edge (PE) router can learn an IP prefix from a customer edge (CE) router by static
configuration, through a Border Gateway Protocol (BGP) session with the CE router, or through the
Routing Information Protocol (RIP) with the CE router.
After the router learns the prefix, it generates a VPN-IPv4 (vpnv4) prefix based on the IP prefix, by
linking an 8-byte route distinguisher to the IP prefix. This extended VPN-IPv4 address uniquely
identifies hosts within each VPN site, even if the site is using globally nonunique (unregistered private)
IP addresses.
The route distinguisher (RD) used to generate the VPN-IPv4 prefix is specified by a configuration
command on the PE.
BGP uses VPN-IPv4 addresses to distribute network reachability information for each VPN within the
service provider network. BGP distributes routing information between IP domains (known as
autonomous systems) using messages to build and maintain routing tables. BGP communication takes
place at two levels: within the domain (interior BGP or IBGP) and between domains (external BGP or
EBGP).