Re: [c-nsp] Extended Route Target Community Bug - Solved!

Sat, 23 Sep 2023 08:19:01 -0700

So I eventually figured this out... for the router to apply the extended community on inbound routes, one has to configure the export RT in the VRF itself.
Originally, I had used only import and export maps, without defining the RT explicitly in the VRF. 


Turns out that even if you use import and export maps for fine-grained 
community management, you still need to define the RT in the VRF. That 
sort of acts like a "first step" in telling the router what communities 
to allow, and then the import/export maps are the "second step" in 
further being granular about what communities are allowed into and out 
of the VRF.



This documentation is nowhere in the wild that I could find, but hope it 
helps someone else that runs into the issue.



This is different from how Junos does it, where import/export maps can 
be used without having to explicitly define the RT in the VRF.


Mark.

On 9/21/23 14:27, Mark Tinka wrote:

Hi all.


I have a simple inbound route-map on a VPNv4 PE-CE BGP session that 
does the below:


route-map TEST deny 10
 match rpki invalid
!
route-map TEST permit 20
 match ip address prefix-list test-in
 set metric 0
 set local-preference 120
 set extcommunity rt 65200:5
!
route-map TEST deny 65535


The outcome of that policy works correctly for setting MED to 0 and 
LOCAL_PREF to 120.



However, I can't get it to set the extended RT community value to 
65200:5. Nothing happens.


If I update that sequence with the below...

route-map TEST permit 20
 match ip address prefix-list test-in
 set metric 0
 set local-preference 120
 set community 65200:5
 set extcommunity rt 65200:5


... the regular community value is applied to the route. Of course, 
this does not work for me since I need the extended RT community 
applied to the route for it work further down the core.


Am I doing something wrong, or is this a bug?

System is an ASR1002-X running IOS XE 17.03.04a.

For completeness, doing this on Junos works flawlessly.

All help appreciated. Thanks.

Mark.

_______________________________________________
cisco-nsp mailing list  cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/






















					Reply via email to