Analysis of VPN Routes Control in Shared BGP Session

BGP Maximum Prefix feature is often used at the network boundary to control the number of prefixes to be injected into the network. But for some scenarios when the VPN routes from several VRFs are advertised via one shared BGP session, there is lack of appropriate methods to control the flooding of VPN routes within one VRF to overwhelm the process of VPN routes in other VRFs. That is to say, the excessive VPN routes advertisement should be controlled individually for each VRF in such shared BGP session. The following sections analyzes the scenarios that are necessary to such mechanism.

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in .

The following terms are defined in this draft: RD: Route Distinguisher, defined in RR: Router Reflector, provides a simple solution to the problem of IBGP full mesh connection in large-scale IBGP implementation. VRF: Virtual Routing Forwarding, a virtual routing table based on VPN instance.

For inter-AS VPN deployment option B/AB scenario, as described in Figure 1, there is one BGP session between ASBR1 and ASBR2, which is used to advertise the VPN routes from VPN1 and VPN2 VRF. Normally the operator will deploy the BGP maximum prefixes feature under different address families between the ASBR1 and ASBR2, but the threshold must be set very high to cope with the situation when all the VRFs in each family reach their VPN routes limit simultaneously. In case VPN routes in only one of VRF, for example VPN1 in PE3, advertises excess VPN routes(with RD set to RD1 and RT import/export set to RT1. Configurations on other PEs are similar) into the network, but VPN routes advertisement in other VRFs are in normal, the prefix bar set between the ASBRs will not take effect. Such excessive VPN routes will be advertised into the AS1, to PE1 and PE2 respectively. PE1 in this example, provides the services for VPN2 at the same time. If it receives the excessive VPN routes for VPN1 from ASBR1, although such VPN routes have exceeded the limit within the VRF VPN1, it can't break the BGP session with ASBR1 directly. All it can do is to receive and process the excessive BGP updates continuously, parse the excessive VPN routes for VPN1 and drop it, extract the VPN routes for VPN2 and install it. Doing so can certainly influence the performance of PE1 to serve the other VPN services on it, considering that there are hundreds of VRFs deployed on it. PE1 should have the capability to control the advertisement of specified excessive VPN routes from its BGP peer. The ASBR should also have such capability.

For inter-AS VPN deployment option C scenario, as that described in Figure 2, there is one BGP session between RR1 and RR2, which is used to advertise the VPN routes from all the VRFs that located on the edge routers(PE1 and PE2). The BGP maximum prefix bar can't also prevent the excessive advertisement of VPN routes in one VRF, and such abnormal behavior in one VRF can certainly influence the performances of PEs to serve other normal VRFs. PE and RR should all have some capabilities to control the specified excessive VPN routes to be advertised from its upstream BGP peer.

For intra-AS VPN deployment, as depicted in Figure 3, if the RR is present, the above excess VPN routes advertisement churn can also occurs. For example, if PE3 receives excessive VPN routes for VPN1 VRF(there may be several reasons for this to occur, for example, multiple CEs connect to PE3 advertising routes simultaneously causing a wave of routes, redistribution from VRF to VRF, or from GRT to VRF on PE3 etc.), it will advertise such excessive VPN routes to RR and then to PE1. The BGP session between RR and PE3, and the BGP session between RR and PE1 can't prevent this to occur. When PE1 in this figure receives such excessive VPN routes, it can only process them, among the other normal BGP updates. This can certainly influence process of VPN routes for other normal services, the consequences on the receiving PE1 may be the one or more of the followings: a) PE1 can't process a given number of routes in time period X leading to dropping of routes b) Delayed processing that may result in an incomplete number of inputs to the BGP Best Path decision. c) L3VPN customers experiencing an incorrect VPN specification for some time period Y. d) The convergence of control plane processing impacts the traffic forwarding PE and RR should all have some capabilities to control the specified excessive VPN routes to be advertised from its upstream BGP peer.

The scenarios described above are mainly in device level, that is to say, if the receiving PE has some mechanism to control the excess VPN routes advertisement from its BGP neighbor, the failure churn effect can be controlled then. But there are also situations that the granular control should be took place within the receiving PE itself. Figure 4 below describes such scenario. There are four VRFs on PE, and three of them import the same VPN routes that carry route target RT3. Such deployment can occur in the inter-VRF communication scenario. If the threshold of VPN route-limit for these VRFs is set different, for example, are max-vpn-routes-vrf1, max-vpn-routes-vrf2, max-vpn-routes-vrf3, max-vpn-routes-vrf4 respectively, and these values have the following order, as max-vpn-routes-vrf1<max-vpn-routes-vrf2< max-vpn-routes-vrf3<max-vpn-routes-vrf4. If the VPN routes that associates with RT3 is overwhelming, the VRF1 will reach its maximum VPN threshold first. At such stage, the PE device can't send the control message to its BGP neighbor on behalf of all the VRFs on it, because other VRFs have still the desire to receive such VPN routes and have the capacities to store them. In such situation, the PE device should have some mechanisms to control the distribution of global VPN routes to its individual VRF table. Only when all of VRFs on it don't want some VPN routes, then the PE device can send the VPN routes filter control message to its BGP neighbor (RR in this example).

Based on the above scenarios description, the potential solutions should meet the following requirements: a) The control message for the specified VPN routes should be triggered automatically upon the excessive VPN routes reach its limit. b) The control message should be sent only out the device when all the VRFs on it can't or don't want to process it, or the process of such excessive routes has exceed its own capability. b) For RR and ASBR devices, such control message should be only flooded to its upstream BGP neighbor when all its downstream BGP peers can't or don't want to process it, or the process of such excessive routes has exceed its own capability. c) The trigger and removal of such control message should avoid the possible flapping of excessive VPN routes advertisement. d) The excessive VPN routes should be identified in fine-granular manner. e) Control of the excessive VPN routes should not affect the existing VPN services on the affected PE.

TBD.

This document requires no IANA considerations.

Thanks Robert Raszuk, Jim Uttaro, Jakob Heitz for their valuable comments and discussions of scenarios described in this draft.