Configuring Policy for the PE Router's VRF TableOn each PE router, you must define policies that define how routes are imported into and exported from the router's VRF table. In these policies, you must define the route target, and you can optionally define the route origin. In the import and export policies for the PE router's VRF table, you must define the route target, which defines which VPN the route is part of. To do this, include the target option in the community statement: [edit policy-options] community name members target: community-id ; In the import and export policies for the PE router's VRF table, you can optionally define the route origin ( otherwise known as the site of origin), which identifies the set of routes learned from a particular CE site. To do this, include the origin option in the community statement: [edit policy-options] community name members origin: community-id ; name is the name of the community. community-id is the identifier of the community. You specify it in one of the following formats:
Each VPN must have a policy that defines how routes are imported into the PE router's VRF table. The import policy is applied to routes received from other PE routers in the VPN. The policy must evaluate all routes received over the IBGP session with the other PE router. If the routes match the conditions, the route is installed in the PE router's routing-instance-name .inet.0 VRF table. The import policy must contain a second term that rejects all other routes. Unless the import policy contains only a then reject statement, it must include a reference to a community. Otherwise, when you try to commit the configuration, the commit fails. You can configure multiple import policies. To configure an import policy for the PE router's VRF table, follow these steps:
Each VPN must have a policy that defines how routes are exported from the PE router's VRF table. The export policy is applied to routes sent to other PE routers in the VPN. The export policy must evaluate all routes received over the routing protocol session with the CE router. (This session can use either the BGP, OSPF, or RIP routing protocol or static routes.) If the routes match the conditions, the specified community target (which is the route target) is added to them, and they are exported to the remote PE routers. The export policy must contain a second term that rejects all other routes. Export policies defined within the VPN routing instance are the only export policies that apply to the VRF table. Any export policy that you define on the IBGP session between the PE routers has no effect on the VRF table. You can configure multiple export policies. To configure an export policy for the PE router's VRF table, follow these steps:
|