Support Support Downloads Knowledge Base Juniper Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[MX] Reducing route scale on PE routers by using route target filtering

0

0

Article ID: KB36790 KB Last Updated: 17 Aug 2021Version: 1.0
Summary:

A provider edge (PE) router, unless it is explicitly configured, stores all VPN routes for a VPN address family in the service provider’s network. Normally, a router may not need all the routes and in keeping all the VPN routes, resource utilization is increased to store the number of routes in the device.

Such resource utilization can be avoided by using BGP route target filtering, which allows you to distribute selected VPN routes to routes that need them. By filtering to allow only necessary routes to get to the appropriate PE routers, BGP route target filtering helps to limit the amount of overhead associated with running a VPN. 

This article demonstrates the advantage of configuring route target filtering with the help of an example.

Note: BGP route target filtering is most effective at reducing VPN-related administrative traffic in networks where there are many route reflectors or AS border routers that do not participate in the VPNs directly.

Symptoms:

In large networks where route target filtering is not configured, the routing scale will be very high for a device. This can cause high RPD utilization, usage of swap memory, and possible kernel / RPD crashes. 

The following example shows a PE router that does not have route target filtering configured. As a result, the router installs all the routes in the network, which reduces the efficiency of the router.

root@re0.xyz> show system processes extensive no-forwarding
 
last pid: 70579;  load averages:  2.55,  1.50,  1.04  up 727+09:52:42    14:09:55
171 processes: 5 running, 164 sleeping, 1 zombie, 1 waiting
 
Mem: 473M Active, 2394M Inact, 521M Wired, 43M Cache, 89M Buf, 61M Free
Swap: 4096M Total, 12M Used, 4084M Free

  PID USERNAME    THR PRI NICE   SIZE    RES STATE   C   TIME    WCPU COMMAND
 5474 root          4  20    0   950M   437M kqread  0 6203.9 100.00% rpd


root@re0.xyz> show route summary
 
Autonomous system number: 36731
Router ID: 199.48.103.244
INTERNET.inet.0: 822659 destinations, 3862404 routes (822659 active, 0 holddown, 822028 hidden)
              Direct:      3 routes,      3 active
               Local:      2 routes,      2 active
                 BGP: 3862398 routes, 822654 active
           Aggregate:      1 routes,      0 active
bgp.l3vpn.0: 1522032 destinations, 3044064 routes (1522032 active, 0 holddown, 0 hidden)
                 BGP: 3044064 routes, 1522032 active
 
INTERNET.inet6.0: 104009 destinations, 208012 routes (104009 active, 0 holddown, 0 hidden)
                 BGP: 208011 routes, 104008 active
               INET6:      1 routes,      1 active
 
bgp.l3vpn-inet6.0: 104010 destinations, 208013 routes (104010 active, 0 holddown, 0 hidden)
                 BGP: 208013 routes, 104010 active
 

root@re0.xyz> show task memory           
Memory                 Size (kB)  Percentage  When
  Currently In Use:      1919939         89%  now
  Maximum Ever Used:     1923858         89%  21/02/18 11:11:20
  Available:             2147484        100%  now
Solution:

BGP route target filtering is enabled through the exchange of the route target address family, and stored in the bgp.rtarget.0 routing table. Based on the route target address family, the route target NLRI is negotiated with its peers.

A basic configuration syntax for route target filtering is given below:

family route-target {
           advertise-default;
           external-paths number;
           prefix-limit number;
}

If advertise-default is configured, then Juniper Route Reflectors will advertise only the default route target 0:0:0/0 and will suppress other all RTs. If advertise-default is not configured, then Juniper Route Reflector's will advertise all RTs and will not advertise the default RT 0:0:0/0.

The external-paths statement (which has a default value of 1) causes the router to advertise the VPN routes that reference a given route target.

The prefix-limit statement limits the number of prefixes that can be received from a peer router.

protocols {
bgp {
group test {
type internal;
local-address 10.255.14.182;
peer-as 1000;
neighbor 10.255.14.174 {
family inet-vpn {
unicast;
}

family route-target;
}
     }
   }
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search