Allied Telesis C613-16164-00 REV E manual Route Limits, Configuring static route limits

Page 84

Route Limits

Route Limits

In multi-VRF network environment, it may be disastrous if one VRF injects too many routes and fills up the hardware forwarding table (FIB) on a device which can affect other VRFs (as well as the global VRF).

In software version 5.4.2 and later, it is possible to mitigate this risk, as route limits can now be configured on a per VRF basis.

Existing AW+ commands max-static-routes and max-fib-routes have been extended in 5.4.2 to allow configurable static and dynamic route limits on a per VRF instance basis.

Note: The command max-fib-routes only counts dynamic routes (not including static and connected routes).

Note: By default, there is no preset allocation of the number of route table entries available to each VRF instance. When static and/or dynamic VRF instances are configured (without setting limits via the commands max-static-routes and max-fib-routes), the number of route table entries available to each VRF instance are not automatically reserved.

Configuring static route limits

AW+ supports the ability to limit static routes via the max-static-routes command in the global VRF domain, with a default maximum limit of 1000 (routes). This same AW+ command is now also able to be applied on a per VRF basis.

Static route limits can be applied as part of VRF Configuration Mode via the command:

awplus(vrf-config)#max-static-routes <1-1000>

The following example shows how to configure a limit of 200 static routes, applied to VRF red:

awplus(config)# ip vrf red

awplus(config-vrf)#max-static-routes 200

Note: Static routes limits are applied before adding routes to the RIB. Rejected static routes will not be in the running config.

Page 84 Configure VRF-lite

Image 84

Contents How To Configure VRF-lite Introduction What is VRF-lite?Software feature licenses Command summaryWho should read this document? Which products and software version does it apply to?Contents Glossary VRFUnderstanding VRF-lite VRF-lite security domains Route table and interface management with VRF-liteInterface management with VRF Vlan5Route management with VRF Adding a VRF-aware static ARPInter-VRF communication Static and dynamic inter-VRF routing VRF-lite features in AW+ For exampleVRF aware services include Route limiting per VRF instanceVRF-aware utilities within AW+  Ping Telnet client  SSH client TCP dump Configuring VRF-lite Awplusconfig# access-list standardAwplusconfig-if#switchportaccess vlanx Family Awplusconfig-route-map#match ip Static inter-VRF routing Ip route 192.168.50.0/24 Ip route vrf green 192.168.1.0/24Dynamic inter-VRF communication explained Forwarding Information Base FIB and routing protocolsBGP Inter-VRF communication via BGP Using the route-target command Route-target import ASNVRFinstance For exampleRoute-target both ASNVRFinstance For example Can be replaced withAlso, if VRF shared configuration includes If VRF red initially includesIf VRF shared initially includes Via BGP IVR, VRF shared will end up with the routesIf VRF shared configuration includes Then via BGP IVR, VRF red will end up with the routesHow VRF-lite security is maintained Viewing source VRF and attribute information for a prefixSimple VRF-lite configuration examples Multiple VRFs without inter-VRF communication26 Configure VRF-lite Vlan 28 Configure VRF-lite Configure VRF-lite 30 Configure VRF-lite Configure VRF-lite 32 Configure VRF-lite Inter-VRF configuration examples with Internet access Configuration Configure VRF-lite Example B Configuration 38 Configure VRF-lite Configure VRF-lite Example C Configuration 42 Configure VRF-lite Configure VRF-lite Configuring a complex inter-VRF solution Network description Each VLANs is associated with a VRF instance VRF communication plan Configuration breakdown Configure VRF-lite Configure Vrfs Configure the hardware ACLs This example, three access groups are attached to port Within the same IP subnet that the switch port is a member192.168.43.0/24 via the shared VRF Configure Vlan Database Configure IP Addresses Configure VRF-lite Configure Dynamic Routing Configure VRF-lite 56 Configure VRF-lite Configure Static Routing Complete show run output from VRF device is below Configure VRF-lite 60 Configure VRF-lite Configure VRF-lite IP route table from VRF device is below VRF blue Hostname Internetrouter Hostname sharedrouter Hostname redospfpeer N1 Ospf NssaHostname greeniBGPpeer Hostname bluerippeer Hostname orangerouter Hostname orangeospfpeer Other features used in this configuration VCStack and VRF-liteStack provisioning GreyX610 VCStack configuration Virtual Chassis IDX900 configuration 74 Configure VRF-lite Sharing VRF routing and double tagging on the same port Communication planGreen PortConfigurations X610 aX610 B Configure VRF-lite Additional notes BGP configuration tips 80 Configure VRF-lite VRF device Red router vlan database Red router Configuring static route limits Route LimitsConfiguring Dynamic route limits Allowed number of fib routes excluding Connect and Static100 No max-fib-routes SyntaxVRF-lite usage guidelines Useful VRF-related diagnostics command list GeneralRouting general Routing protocols IP prefix network, e.g HW platform table commands TCPdump