docs/bgp/bgp-user-guide-route-target-family.rst

   1 .. _bgp-user-guide-route-target-family:
   2
   3 Route Target Constrain Family
   4 =============================
   5 The BGP Multicast Route Target (RT) Constrain Multiprotocol extension can be used to restrict advertisement of VPN NLRI to peers that have advertised
   6 their respective Route Targets, effectively building a route distribution graph.
   7
   8 .. contents:: Contents
   9    :depth: 2
  10    :local:
  11
  12 Configuration
  13 ^^^^^^^^^^^^^
  14 This section shows a way to enable ROUTE-TARGET-CONSTRAIN family in BGP speaker and peer configuration.
  15
  16 BGP Speaker
  17 '''''''''''
  18 To enable ROUTE-TARGET-CONSTRAIN support in BGP plugin, first configure BGP speaker instance:
  19
  20 **URL:** ``/restconf/config/openconfig-network-instance:network-instances/network-instance/global-bgp/openconfig-network-instance:protocols``
  21
  22 **Method:** ``POST``
  23
  24 .. tabs::
  25
  26    .. tab:: XML
  27
  28       **Content-Type:** ``application/xml``
  29
  30       **Request Body:**
  31
  32       .. code-block:: xml
  33
  34          <protocol xmlns="http://openconfig.net/yang/network-instance">
  35              <name>bgp-example</name>
  36              <identifier xmlns:x="http://openconfig.net/yang/policy-types">x:BGP</identifier>
  37              <bgp xmlns="urn:opendaylight:params:xml:ns:yang:bgp:openconfig-extensions">
  38                  <global>
  39                      <config>
  40                          <router-id>192.0.2.2</router-id>
  41                          <as>65000</as>
  42                      </config>
  43                      <afi-safis>
  44                          <afi-safi>
  45                              <afi-safi-name>ROUTE-TARGET-CONSTRAIN</afi-safi-name>
  46                          </afi-safi>
  47                      </afi-safis>
  48                  </global>
  49              </bgp>
  50          </protocol>
  51
  52    .. tab:: JSON
  53
  54       **Content-Type:** ``application/json``
  55
  56       **Request Body:**
  57
  58       .. code-block:: json
  59
  60          {
  61              "protocol": [
  62                  {
  63                      "identifier": "openconfig-policy-types:BGP",
  64                      "name": "bgp-example",
  65                      "bgp-openconfig-extensions:bgp": {
  66                          "global": {
  67                              "config": {
  68                                  "router-id": "192.0.2.2",
  69                                  "as": 65000
  70                              },
  71                              "afi-safis": {
  72                                  "afi-safi": [
  73                                      {
  74                                          "afi-safi-name": "ROUTE-TARGET-CONSTRAIN"
  75                                      }
  76                                  ]
  77                              }
  78                          }
  79                      }
  80                  }
  81              ]
  82          }
  83
  84 BGP Peer
  85 ''''''''
  86 Here is an example for BGP peer configuration with enabled ROUTE-TARGET-CONSTRAIN family.
  87
  88 **URL:** ``/restconf/config/openconfig-network-instance:network-instances/network-instance/global-bgp/openconfig-network-instance:protocols/protocol/openconfig-policy-types:BGP/bgp-example/bgp/neighbors``
  89
  90 **Method:** ``POST``
  91
  92 .. tabs::
  93
  94    .. tab:: XML
  95
  96       **Content-Type:** ``application/xml``
  97
  98       **Request Body:**
  99
 100       .. code-block:: xml
 101
 102          <neighbor xmlns="urn:opendaylight:params:xml:ns:yang:bgp:openconfig-extensions">
 103              <neighbor-address>192.0.2.1</neighbor-address>
 104              <afi-safis>
 105                  <afi-safi>
 106                      <afi-safi-name>ROUTE-TARGET-CONSTRAIN</afi-safi-name>
 107                  </afi-safi>
 108              </afi-safis>
 109          </neighbor>
 110
 111    .. tab:: JSON
 112
 113       **Content-Type:** ``application/json``
 114
 115       **Request Body:**
 116
 117       .. code-block:: json
 118
 119          {
 120              "neighbor": [
 121                  {
 122                      "neighbor-address": "192.0.2.1",
 123                      "afi-safis": {
 124                          "afi-safi": [
 125                              {
 126                                  "afi-safi-name": "ROUTE-TARGET-CONSTRAIN"
 127                              }
 128                          ]
 129                      }
 130                  }
 131              ]
 132          }
 133
 134 ROUTE-TARGET-CONSTRAIN Route API
 135 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 136 Following tree illustrates the BGP ROUTE-TARGET-CONSTRAIN route structure.
 137
 138 .. code-block:: console
 139
 140    :(route-target-constrain-routes-case)
 141      +--rw route-target-constrain-routes
 142         +--rw route-target-constrain-route* [route-key path-id]
 143            +--rw origin-as                  inet:as-number
 144            +--rw (route-target-constrain-choice)
 145               +--:(route-target-constrain-default-case)
 146               |  +--rw route-target-constrain-default-route!
 147               +--:(route-target-constrain-route-case)
 148               |  +--rw route-target-extended-community
 149               |     +--rw global-administrator?   short-as-number
 150               |     +--rw local-administrator?    binary
 151               +--:(route-target-constrain-ipv4-route-case)
 152               |  +--rw route-target-ipv4
 153               |     +--rw global-administrator?   inet:ipv4-address
 154               |     +--rw local-administrator?    uint16
 155               +--:(route-target-constrain-as-4-extended-community-case)
 156                  +--rw as-4-route-target-extended-community
 157                     +--rw as-4-specific-common
 158                        +--rw as-number              inet:as-number
 159                        +--rw local-administrator    uint16
 160
 161 Usage
 162 ^^^^^
 163 The ROUTE TARGET CONSTRAIN table in an instance of the speaker's Loc-RIB can be verified via REST:
 164
 165 **URL:** ``/restconf/operational/bgp-rib:bgp-rib/rib/bgp-example/loc-rib/tables/bgp-types:ipv4-address-family/bgp-route-target-constrain:route-target-constrain-subsequent-address-family/bgp-route-target-constrain:route-target-constrain-routes``
 166
 167 **Method:** ``GET``
 168
 169 .. tabs::
 170
 171    .. tab:: XML
 172
 173       **Response Body:**
 174
 175       .. code-block:: xml
 176
 177          <route-target-constrain-routes xmlns="urn:opendaylight:params:xml:ns:yang:bgp:route:target:constrain">
 178              <route-target-constrain-route>
 179                  <route-key>flow1</route-key>
 180                  <path-id>0</path-id>
 181                  <origin-as>64511</origin-as>
 182                  <route-target-extended-community>
 183                      <global-administrator>64511</global-administrator>
 184                      <local-administrator>AAAAZQ==</local-administrator>
 185                  </route-target-extended-community>
 186                  <attributes>
 187                      <ipv4-next-hop>
 188                          <global>199.20.166.41</global>
 189                      </ipv4-next-hop>
 190                      <as-path/>
 191                      <origin>
 192                          <value>igp</value>
 193                      </origin>
 194                      <local-pref>
 195                          <pref>100</pref>
 196                      </local-pref>
 197                  </attributes>
 198              </route-target-constrain-route>
 199          </route-target-constrain-routes>
 200
 201    .. tab:: JSON
 202
 203       **Response Body:**
 204
 205       .. code-block:: json
 206
 207          {
 208              "route-target-constrain-routes": {
 209                  "route-target-constrain-route": [
 210                      {
 211                          "route-key":"flow1",
 212                          "path-id": 0,
 213                          "origin-as": 64511,
 214                          "route-target-extended-community": {
 215                              "global-administrator": 64511,
 216                              "local-administrator": "AAAAZQ=="
 217                          },
 218                          "attributes": {
 219                              "origin": {
 220                                  "value": "igp"
 221                              },
 222                              "local-pref": {
 223                                  "pref": 100
 224                              },
 225                              "ipv4-next-hop": {
 226                                  "global": "199.20.166.41"
 227                              }
 228                          }
 229                      }
 230                  ]
 231              }
 232          }
 233
 234 Routing Policies
 235 ^^^^^^^^^^^^^^^^
 236
 237 .. tabs::
 238
 239    .. tab:: XML
 240
 241       .. code-block:: xml
 242
 243          <policy-definition>
 244              <name>default-odl-export-policy</name>
 245              <statement>
 246              ...
 247              <statement>
 248                  <name>from-external-to-external-RTC</name>
 249                  <conditions>
 250                      <bgp-conditions xmlns="http://openconfig.net/yang/bgp-policy">
 251                          <afi-safi-in xmlns:x="urn:opendaylight:params:xml:ns:yang:bgp:openconfig-extensions">x:ROUTE-TARGET-CONSTRAIN</afi-safi-in>
 252                          <match-role-set xmlns="urn:opendaylight:params:xml:ns:yang:odl:bgp:default:policy">
 253                              <from-role>
 254                                  <role-set>/rpol:routing-policy/rpol:defined-sets/bgppol:bgp-defined-sets/role-sets/role-set[role-set-name="only-ebgp"]</role-set>
 255                              </from-role>
 256                              <to-role>
 257                                  <role-set>/rpol:routing-policy/rpol:defined-sets/bgppol:bgp-defined-sets/role-sets/role-set[role-set-name="only-ebgp"]</role-set>
 258                              </to-role>
 259                          </match-role-set>
 260                      </bgp-conditions>
 261                  </conditions>
 262                  <actions>
 263                      <bgp-actions xmlns="http://openconfig.net/yang/bgp-policy">
 264                          <client-attribute-prepend xmlns="urn:opendaylight:params:xml:ns:yang:bgp:route:target:constrain"/>
 265                      </bgp-actions>
 266                  </actions>
 267              </statement>
 268              ...
 269              </statement>
 270              <statement>
 271                  <name>from-internal-or-rr-client-to-route-reflector</name>
 272                  <conditions>
 273                      <bgp-conditions xmlns="http://openconfig.net/yang/bgp-policy">
 274                          <afi-safi-not-in xmlns:x="urn:opendaylight:params:xml:ns:yang:bgp:openconfig-extensions"
 275                                     xmlns="urn:opendaylight:params:xml:ns:yang:odl:bgp:default:policy">x:ROUTE-TARGET-CONSTRAIN
 276                          </afi-safi-not-in>
 277                          <match-role-set xmlns="urn:opendaylight:params:xml:ns:yang:odl:bgp:default:policy">
 278                              <from-role>
 279                                  <role-set>/rpol:routing-policy/rpol:defined-sets/bgppol:bgp-defined-sets/role-sets/role-set[role-set-name="ibgp-rr-client"]</role-set>
 280                              </from-role>
 281                              <to-role>
 282                                  <role-set>/rpol:routing-policy/rpol:defined-sets/bgppol:bgp-defined-sets/role-sets/role-set[role-set-name="only-rr-client"]</role-set>
 283                              </to-role>
 284                          </match-role-set>
 285                      </bgp-conditions>
 286                  </conditions>
 287                  <actions>
 288                      <bgp-actions xmlns="http://openconfig.net/yang/bgp-policy">
 289                          <set-cluster-id-prepend xmlns="urn:opendaylight:params:xml:ns:yang:odl:bgp:default:policy"/>
 290                          <set-originator-id-prepend xmlns="urn:opendaylight:params:xml:ns:yang:odl:bgp:default:policy"/>
 291                      </bgp-actions>
 292                  </actions>
 293              </statement>
 294              <statement>
 295                  <name>from-internal-or-rr-client-to-route-RTC</name>
 296                  <conditions>
 297                      <bgp-conditions xmlns="http://openconfig.net/yang/bgp-policy">
 298                          <afi-safi-in xmlns:x="urn:opendaylight:params:xml:ns:yang:bgp:openconfig-extensions">x:ROUTE-TARGET-CONSTRAIN</afi-safi-in>
 299                          <match-role-set xmlns="urn:opendaylight:params:xml:ns:yang:odl:bgp:default:policy">
 300                              <from-role>
 301                                  <role-set>/rpol:routing-policy/rpol:defined-sets/bgppol:bgp-defined-sets/role-sets/role-set[role-set-name="ibgp-rr-client"]</role-set>
 302                              </from-role>
 303                              <to-role>
 304                                  <role-set>/rpol:routing-policy/rpol:defined-sets/bgppol:bgp-defined-sets/role-sets/role-set[role-set-name="only-rr-client"]</role-set>
 305                              </to-role>
 306                          </match-role-set>
 307                      </bgp-conditions>
 308                  </conditions>
 309                  <actions>
 310                      <bgp-actions xmlns="http://openconfig.net/yang/bgp-policy">
 311                          <set-originator-id-prepend xmlns="urn:opendaylight:params:xml:ns:yang:odl:bgp:default:policy"/>
 312                          <set-next-hop>SELF</set-next-hop>
 313                      </bgp-actions>
 314                  </actions>
 315              </statement>
 316              <statement>
 317                  <name>vpn-membership-RTC</name>
 318                  <conditions>
 319                      <bgp-conditions xmlns="http://openconfig.net/yang/bgp-policy">
 320                          <afi-safi-in xmlns:x="http://openconfig.net/yang/bgp-types">x:L3VPN-IPV4-UNICAST</afi-safi-in>
 321                          <afi-safi-in xmlns:x="http://openconfig.net/yang/bgp-types">x:L3VPN-IPV6-UNICAST</afi-safi-in>
 322                          <vpn-non-member xmlns="urn:opendaylight:params:xml:ns:yang:odl:bgp:default:policy"/>
 323                      </bgp-conditions>
 324                  </conditions>
 325                  <actions>
 326                      <reject-route/>
 327                  </actions>
 328              </statement>
 329              ...
 330              ...
 331          </policy-definition>
 332
 333    .. tab:: JSON
 334
 335       .. code-block:: json
 336
 337          {
 338              "policy-definition": [
 339                  {
 340                      "name": "default-odl-export-policy",
 341                      "statement": [
 342                          "...",
 343                          {
 344                              "name": "from-external-to-external-RTC",
 345                              "conditions": {
 346                                  "bgp-conditions": {
 347                                      "afi-safi-in": "x:ROUTE-TARGET-CONSTRAIN",
 348                                      "match-role-set": {
 349                                          "from-role": {
 350                                              "role-set": "/rpol:routing-policy/rpol:defined-sets/bgppol:bgp-defined-sets/role-sets/role-set[role-set-name=\"only-ebgp\"]"
 351                                          },
 352                                          "to-role": {
 353                                              "role-set": "/rpol:routing-policy/rpol:defined-sets/bgppol:bgp-defined-sets/role-sets/role-set[role-set-name=\"only-ebgp\"]"
 354                                          }
 355                                      }
 356                                  }
 357                              },
 358                              "actions": {
 359                                  "bgp-actions": {
 360                                      "client-attribute-prepend": null
 361                                  }
 362                              }
 363                          },
 364                          "...",
 365                          {
 366                              "name": "from-internal-or-rr-client-to-route-reflector",
 367                              "conditions": {
 368                                  "bgp-conditions": {
 369                                      "afi-safi-not-in": "x:ROUTE-TARGET-CONSTRAIN",
 370                                      "match-role-set": {
 371                                          "from-role": {
 372                                              "role-set": "/rpol:routing-policy/rpol:defined-sets/bgppol:bgp-defined-sets/role-sets/role-set[role-set-name=\"ibgp-rr-client\"]"
 373                                          },
 374                                          "to-role": {
 375                                              "role-set": "/rpol:routing-policy/rpol:defined-sets/bgppol:bgp-defined-sets/role-sets/role-set[role-set-name=\"only-rr-client\"]"
 376                                          }
 377                                      }
 378                                  }
 379                              },
 380                              "actions": {
 381                                  "bgp-actions": {
 382                                      "set-cluster-id-prepend": null,
 383                                      "set-originator-id-prepend": null
 384                                  }
 385                              }
 386                          },
 387                          {
 388                              "name": "from-internal-or-rr-client-to-route-RTC",
 389                              "conditions": {
 390                                  "bgp-conditions": {
 391                                      "afi-safi-in": "x:ROUTE-TARGET-CONSTRAIN",
 392                                      "match-role-set": {
 393                                          "from-role": {
 394                                              "role-set": "/rpol:routing-policy/rpol:defined-sets/bgppol:bgp-defined-sets/role-sets/role-set[role-set-name=\"ibgp-rr-client\"]"
 395                                          },
 396                                          "to-role": {
 397                                              "role-set": "/rpol:routing-policy/rpol:defined-sets/bgppol:bgp-defined-sets/role-sets/role-set[role-set-name=\"only-rr-client\"]"
 398                                          }
 399                                      }
 400                                  }
 401                              },
 402                              "actions": {
 403                                  "bgp-actions": {
 404                                      "set-originator-id-prepend": null,
 405                                      "set-next-hop": "SELF"
 406                                  }
 407                              }
 408                          },
 409                          {
 410                              "name": "vpn-membership-RTC",
 411                              "conditions": {
 412                                  "bgp-conditions": {
 413                                      "afi-safi-in": [
 414                                          "x:L3VPN-IPV4-UNICAST",
 415                                          "x:L3VPN-IPV6-UNICAST"
 416                                      ],
 417                                      "vpn-non-member": null
 418                                  }
 419                              },
 420                              "actions": {
 421                                  "reject-route": []
 422                              }
 423                          }
 424                      ]
 425                  },
 426                  "...",
 427                  "..."
 428              ]
 429          }
 430
 431 References
 432 ^^^^^^^^^^
 433 * `Constrained Route Distribution for Border Gateway Protocol/MultiProtocol Label Switching (BGP/MPLS) Internet Protocol (IP) Virtual Private Networks (VPNs) <https://tools.ietf.org/html/rfc4684>`_