Re: mpls vpn RD posted 11/06/2008
On Wed, Nov 5, 2008 at 16:10, Pavel Bykov <slidersv@xxxxxxxxx> wrote:
> As Ivan pointed out, RD is a system significant parameter, meaning it has to
> be unique on the system only. It is also a mandatory parameter, without
> which VRF will not function. RT is the domain wide parameter which you need
> to keep unique. And by domain-wide i mean reeealy wide.
> Basically RT is the extended community that decides on the VRF.
Well, neither are truly correct, I'm afraid.
RD: It is relevant on the local system in a sense that VRF won't work
without it. However, it's also a globally significant, as in the
network running L3VPN's you "can't" have two VPN's sharing the same RD
and have overlapping addresses. As long as VPN's don't have
overlapping address space, this doesn't apply, but one should have it
When it comes to RT, it is true that it is used as a sort of a "hint"
to determine VRF, but in a light of what can be done with RT's, it's a
gross simplification. You can make certain prefix part of multiple
VRF's based on RT's, you can restrict prefix from becoming part of
certain VRF, etc. One thing that is not true about RT is that it needs
to be unique. Depending on what is that you need to do with certain
VPN, you will have RT unique per VRF, per box, or per "domain".
One thing that needs to be clear is:
RD: This is a parameter that makes IP address unique and prevents
address overlap between VPN's.
RT: This is an extended community that helps determine VPN membership
of a prefix it's attached to.
Neither need to be unique globally, but RD needs to be unique on each
box - you can't have multiple VRF's sharing it. You can have multiple
VRF's on a single box importing and exporting the same RT's.
CCIE #18427 (SP)
My network blog: http://cisco.markom.info/