Skip to main content

VRF Maximum Routes

 

Maximum routes under customer vrf, if the service provider had unlimited resources he would not have needed that!
however normally resources are limited and expensive, and Service provider would like to make money from his available resources. maximum routes configured under VRF provide a mean of controlling PE local resource and abuse avoidance from the CE side.

 

I have vrf called DC_EXTRANET, you can see that I have 16 routes, I have configured
10 maximum routes under that vrf however I did not want to be aggressive so I have set the

 

warning only option.
See that immediately I get a notice that I have more routes then the maximum, however no action
is taken other then alerting and sending a syslog.
!
PE_ashdod_otherisp.n(config-vrf)# maximum routes 10 warning-only 
% The current number of routes in the routing table is equal to, or exceeds the configured warning limit
PE_ashdod_otherisp.n(config-vrf)#
*Nov 26 20:39:41.175: %IPRT-3-ROUTELIMITWARNING: IP routing table limit warning - DC_EXTRANET
PE_ashdod_otherisp.n(config-vrf)#do sh ip rou vrf DC_EXTRANET
Routing Table: DC_EXTRANET
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       + - replicated route, % - next hop override
Gateway of last resort is not set
      50.0.0.0/8 is variably subnetted, 3 subnets, 3 masks
B        50.0.0.0/30 [200/0] via 20.255.10.10, 00:09:31
B        50.0.100.0/24 [200/0] via 20.255.10.10, 00:09:31
B        50.255.255.1/32 [200/0] via 20.255.10.10, 00:09:31
      60.0.0.0/8 is variably subnetted, 6 subnets, 3 masks
B        60.0.0.0/30 [200/0] via 7.7.7.7, 00:00:04
B        60.0.100.0/24 [200/0] via 7.7.7.7, 00:00:04
B        60.0.101.0/24 [200/0] via 7.7.7.7, 00:00:04
B        60.0.102.0/24 [200/0] via 7.7.7.7, 00:00:04
B        60.0.103.0/24 [200/0] via 7.7.7.7, 00:00:04
B        60.255.255.1/32 [200/0] via 7.7.7.7, 00:00:04
      70.0.0.0/8 is variably subnetted, 7 subnets, 3 masks
C        70.0.0.0/30 is directly connected, FastEthernet2/0
L        70.0.0.1/32 is directly connected, FastEthernet2/0
B        70.0.100.0/24 [20/0] via 70.0.0.2, 00:20:22
B        70.0.101.0/24 [20/0] via 70.0.0.2, 00:20:22
B        70.0.102.0/24 [20/0] via 70.0.0.2, 00:20:22
B        70.0.103.0/24 [20/0] via 70.0.0.2, 00:20:22
B        70.255.255.1/32 [20/0] via 70.0.0.2, 00:20:22
PE_ashdod_otherisp.n(config-vrf)#

 

 

now I would like to show you what will happen from RIB/FIB and BGP when I am activating the maximum prefix’s in aggressive mode:

 

Prior to modifying the maximum value, on the CE you can see that I am getting BGP updates:
CE_ashdod_DC_SERVICES#  show ip bgp     
BGP table version is 160, local router ID is 70.255.255.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
   Network          Next Hop            Metric LocPrf Weight Path
*> 50.0.0.0/30      70.0.0.1                               0 9002 33462 ?
*> 50.0.100.0/24    70.0.0.1                               0 9002 33462 ?
*> 50.255.255.1/32  70.0.0.1                               0 9002 33462 ?
*> 60.0.0.0/30      70.0.0.1                               0 9002 9001 33462 ?
*> 60.0.100.0/24    70.0.0.1                               0 9002 9001 33462 ?
*> 60.0.101.0/24    70.0.0.1                               0 9002 9001 33462 ?
*> 60.0.102.0/24    70.0.0.1                               0 9002 9001 33462 ?
*> 60.0.103.0/24    70.0.0.1                               0 9002 9001 33462 ?
*> 60.255.255.1/32  70.0.0.1                               0 9002 9001 33462 ?
Now maximum routes is set to 10 and Threshold before sending warning to 100% notice
immediately RIB and FIB will be updated accordingly however BGP is not effected meaning that
this is locally significant and will not cause a lot of noise due to a local problem / over utilizing allowed
resources.
PE_ashdod_otherisp.n(config-vrf)# maximum routes 10 100 
% The current number of routes in the routing table is equal to, or exceeds the configured warning limit
% The routing table is being reloaded to enforce (or allow) the new route limit.
PE_ashdod_otherisp.n(config-vrf)#
*Nov 26 20:57:08.359: %IPRT-3-ROUTELIMITWARNING: IP routing table limit warning - DC_EXTRANET
*Nov 26 20:57:08.363: %IPRT-3-ROUTELIMITEXCEEDED: IP routing table limit exceeded - DC_EXTRANET
PE_ashdod_otherisp.n(config-vrf)#
PE_ashdod_otherisp.n(config-vrf)#
PE_ashdod_otherisp.n(config-vrf)#do sh ip rou vrf DC_EXTRANET       
Routing Table: DC_EXTRANET
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       + - replicated route, % - next hop override
Gateway of last resort is not set
      50.0.0.0/8 is variably subnetted, 3 subnets, 3 masks
B        50.0.0.0/30 [200/0] via 20.255.10.10, 00:00:15
B        50.0.100.0/24 [200/0] via 20.255.10.10, 00:00:15
B        50.255.255.1/32 [200/0] via 20.255.10.10, 00:00:15
      60.0.0.0/8 is variably subnetted, 5 subnets, 2 masks
B        60.0.0.0/30 [200/0] via 7.7.7.7, 00:00:15
B        60.0.100.0/24 [200/0] via 7.7.7.7, 00:00:15
B        60.0.101.0/24 [200/0] via 7.7.7.7, 00:00:15
B        60.0.102.0/24 [200/0] via 7.7.7.7, 00:00:15
B        60.0.103.0/24 [200/0] via 7.7.7.7, 00:00:15
      70.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C        70.0.0.0/30 is directly connected, FastEthernet2/0
L        70.0.0.1/32 is directly connected, FastEthernet2/0
PE_ashdod_otherisp.n(config-vrf)#
CE_ashdod_DC_SERVICES#  show ip bgp 
BGP table version is 184, local router ID is 70.255.255.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
   Network          Next Hop            Metric LocPrf Weight Path
*> 50.0.0.0/30      70.0.0.1                               0 9002 33462 ?
*> 50.0.100.0/24    70.0.0.1                               0 9002 33462 ?
*> 50.255.255.1/32  70.0.0.1                               0 9002 33462 ?
*> 60.0.0.0/30      70.0.0.1                               0 9002 9001 33462 ?
*> 60.0.100.0/24    70.0.0.1                               0 9002 9001 33462 ?
*> 60.0.101.0/24    70.0.0.1                               0 9002 9001 33462 ?
*> 60.0.102.0/24    70.0.0.1                               0 9002 9001 33462 ?
*> 60.0.103.0/24    70.0.0.1                               0 9002 9001 33462 ?
*> 60.255.255.1/32  70.0.0.1                               0 9002 9001 33462 ?

Additional scenario:

maximum prefix’s are at 14

 

Routing Table: DC_EXTRANET
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       + - replicated route, % - next hop override
Gateway of last resort is not set
      50.0.0.0/8 is variably subnetted, 3 subnets, 3 masks
B        50.0.0.0/30 [200/0] via 20.255.10.10, 00:01:23
B        50.0.100.0/24 [200/0] via 20.255.10.10, 00:01:23
B        50.255.255.1/32 [200/0] via 20.255.10.10, 00:01:23
      60.0.0.0/8 is variably subnetted, 6 subnets, 3 masks
B        60.0.0.0/30 [200/0] via 7.7.7.7, 00:00:20
B        60.0.100.0/24 [200/0] via 7.7.7.7, 00:00:20
B        60.0.101.0/24 [200/0] via 7.7.7.7, 00:00:20
B        60.0.102.0/24 [200/0] via 7.7.7.7, 00:00:20
B        60.0.103.0/24 [200/0] via 7.7.7.7, 00:00:20
B        60.255.255.1/32 [200/0] via 7.7.7.7, 00:00:20
      70.0.0.0/8 is variably subnetted, 5 subnets, 3 masks
C        70.0.0.0/30 is directly connected, FastEthernet2/0
L        70.0.0.1/32 is directly connected, FastEthernet2/0
B        70.0.100.0/24 [20/0] via 70.0.0.2, 00:01:23
B        70.0.101.0/24 [20/0] via 70.0.0.2, 00:01:23
B        70.0.102.0/24 [20/0] via 70.0.0.2, 00:01:23

 

I send withdraw  for 70.0.101.0/24 from the CE router, now I have one more spot (14 –1) available, however the router does not re-evaluate the table and insert the next available, think of what if it did! (the CE could have abuse the router causing him to always re-evaluate what need to be inserted/removed to/from RIB/FIB!!), re-evaluation happen when you modify maximum routes value or when you re-send (withdraw and update) the un-used  routes  :

 

PE_ashdod_otherisp.n(config)#do sh ip rou vrf DC_EXTRANET
Routing Table: DC_EXTRANET
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       + - replicated route, % - next hop override
Gateway of last resort is not set
      50.0.0.0/8 is variably subnetted, 3 subnets, 3 masks
B        50.0.0.0/30 [200/0] via 20.255.10.10, 00:01:30
B        50.0.100.0/24 [200/0] via 20.255.10.10, 00:01:30
B        50.255.255.1/32 [200/0] via 20.255.10.10, 00:01:30
      60.0.0.0/8 is variably subnetted, 6 subnets, 3 masks
B        60.0.0.0/30 [200/0] via 7.7.7.7, 00:00:27
B        60.0.100.0/24 [200/0] via 7.7.7.7, 00:00:27
B        60.0.101.0/24 [200/0] via 7.7.7.7, 00:00:27
B        60.0.102.0/24 [200/0] via 7.7.7.7, 00:00:27
B        60.0.103.0/24 [200/0] via 7.7.7.7, 00:00:27
B        60.255.255.1/32 [200/0] via 7.7.7.7, 00:00:27
      70.0.0.0/8 is variably subnetted, 4 subnets, 3 masks
C        70.0.0.0/30 is directly connected, FastEthernet2/0
L        70.0.0.1/32 is directly connected, FastEthernet2/0
B        70.0.100.0/24 [20/0] via 70.0.0.2, 00:01:30
B        70.0.102.0/24 [20/0] via 70.0.0.2, 00:01:30
PE_ashdod_otherisp.n(config)#

 

However if you do not care about abuse from CE side you can use the below command, that will re-evaluate once crossing certain threshold, but I think that if you do not care about the abuse (do not limit the amount of prefix’s):

PE_ashdod_otherisp.n(config-vrf)# maximum routes 14 100 reinstall ?  
  <1-100>  Threshold value (%) at which to reinstall routes back to VRF
Post a Comment

Popular posts from this blog

Step By Step MPLS – Basic MPLS Setup

Initial configuration , very basic with no MPLS, connectivity only to directly connected interfaces.R1R2R3R4!
!
!
interface Loopback0
ip address 1.1.1.1 255.255.255.255
!
interface FastEthernet0/0
ip address 10.0.31.1 255.255.255.0
duplex auto
speed auto
!
!
!
interface Loopback0
ip address 2.2.2.2 255.255.255.255
!
interface FastEthernet0/0
ip address 10.0.42.2 255.255.255.0
duplex auto
speed auto
!
!
!
interface Loopback0
ip address 3.3.3.3 255.255.255.255
no clns route-cache
!
interface FastEthernet0/0
ip address 10.0.31.3 255.255.255.0
duplex auto
speed auto
  no clns route-cache
!
interface Serial1/0
ip address 10.0.43.3 255.255.255.0
  serial restart-delay 0
no clns route-cache
!
!
!
interface Loopback0
ip address 4.4.4.4 255.255.255.255
no clns route-cache
!
interface FastEthernet0/0
ip address 10.0.42.4 255.255.255.0
duplex auto
speed auto
!
interface Serial1/0
ip address 10.0.43.4 255.255.255.0
  serial restart-delay 0
no clns route-cache
!
adding to the following configuration MPLS labels we will start wi…

ISIS Database Reading

ISIS is simple to operate normally while everything is working, most common deployments are flat network based on L2, however when there is a problem and we need to start troubleshooting then people start to get lost.So I would like to provide some tools on how to read ISIS database.notice to the “*” sign, that mean LSP was generated on the router you did the show command, you can see that host name from the show command match also host name on the LSPID,LSPID identified by hostname.xx-yy,  xx is normally 00 unless that LSP is pseudo node LSP generated by DIS , yy is representing the number of fragments for that LSP 00 – FF (max 255 fragments, plenty), most cases all the important information will be in 00 unless there are many fragments.LSP Holdtime is the amount of time an LSP will stay in database without any refresh.ATT/P/OL - 0/0/0, ATT bit or attached bit is used on L1/L2 connected to L1 node, if set to 1 L1 node will generate default route to the best L1/L2 node (best metric)AT…