RD – Route Distinguisher

The RD is an 8-byte field used to distinguish VPN routes for MPLS networks.  It is appended to the IP address, to form a unique “VPN-IPv4” address.  In an MPLS VPN network, a PE needs to be configured to associate each RD with routes which lead to  particular CE.  The PE may be configured to  associate all routes leading to the same CE with the same RD, or it  may be configured to associate different routes with different RDs,  even if they lead to the same CE.

The Route Distinguisher (RD) has only one purpose: to make IPv4 prefixes globally unique.  It is not used for routing by the P routers (within the MPLS cloud), but it is used by the edge routers to identify which VPN a packet belongs to.

VPN-IPv4 Addresses  (8-byte RD  +  4-byte IP)

Route Distinguisher (RD) has only one purpose: make IPv4 prefixes globally unique.  It is not used for routing !!!  MPLS VPNs are based on the distribution of routing information of  IPv4 prefixes. Now customers may all use private IP addresses (RFC 1918).  To be able on a PE to distinguish between f.e. 10.0.0.0/8 from one customer to 10.0.0.0/8 of another customer one adds the Route Distinguisher. In Multiprotocol BGP the PEs are routing VPNv4 prefixes, i.e. VPNv4=RD+IPv4.   There is no other special meaning to the RD than to make addresses.

To make each subscriber route unique within the backbone, a new type of address is required. Known as a VPN-IPv4 Address Family (as defined within RFC 2547), it includes the original 32-bit IPv4 address header plus a 64-bit Route Distinguisher (RD). RDs can be configured on a per VRF basis; however, it is common practice to assign a single RD per VPN. A possible model for an RD is the SP’s Autonomous System (AS) number plus a number assigned by the SP, in this way ensuring across SP networks the global uniqueness of the VPN route.

From RFC2547- the RD consists of 3 fields:

·        2-byte type field - determines the lengths of the other two fields, as well as the semantics of the administrator field.

·        administrator field – typically the 4-byte AS number of the SP

·        assigned number field – assigned by the SP

The BGP Multiprotocol Extensions [3] allow BGP to carry routes from  multiple "address families".  We introduce the notion of the "VPN-  IPv4 address family".  A VPN-IPv4 address is a 12-byte quantity,  beginning with an 8-byte "Route Distinguisher (RD)" and ending with a  4-byte IPv4 address.  If two VPNs use the same IPv4 address prefix,  the PEs translate these into unique VPN-IPv4 address prefixes.  This  ensures that if the same address is used in two different VPNs, it is  possible to install two completely different routes to that address,  one for each VPN.

The RD does not by itself impose any semantics; it contains no  information about the origin of the route or about the set of VPNs to  which the route is to be distributed.  The purpose of the RD is  solely to allow one to create distinct routes to a common IPv4  address prefix.  Other means are used to determine where to  redistribute the route.

The RD can also be used to create multiple different routes to the  very same system.  Consider the example where the route  to a particular server has to be different for intranet traffic than  for extranet traffic.  This can be achieved by creating two different  VPN-IPv4 routes that have the same IPv4 part, but different RDs.  This allows BGP to install multiple different routes to the same  system, and allows policy to be used to decide  which packets use which route.

 The RDs are structured so that every service provider can administer  its own "numbering space" (i.e., can make its own assignments of  RDs), without conflicting with the RD assignments made by any other  service provider.  An RD consists of a two-byte type field, an  administrator field, and an assigned number field.  The value of the  type field determines the lengths of the other two fields, as well as  the semantics of the administrator field.  The administrator field  identifies an assigned number authority, and the assigned number  field contains a number which has been assigned, by the identified  authority, for a particular purpose.  For example, one could have an  RD whose administrator field contains an Autonomous System number (ASN), and whose (4-byte) number field contains a number assigned by  the SP to whom IANA has assigned that ASN.  RDs are given this  structure in order to ensure that an SP which provides VPN backbone  service can always create a unique RD when it needs to do so.  However, the structuring provides no semantics. When BGP compares two  such address prefixes, it ignores the structure entirely.

If the RD Administrator subfield and the Assigned Number subfield of a  VPN-IPv4 address are both set to all zeroes, the VPN-IPv4 address is  considered to have exactly the same meaning as the corresponding  globally unique IPv4 address. In particular, this VPN-IPv4 address  and the corresponding globally unique IPv4 address will be considered  comparable by BGP. In all other cases, a VPN-IPv4 address and its  corresponding globally unique IPv4 address will be considered  noncomparable by BGP.  A given per-site forwarding table will only have one VPN-IPv4 route  for any given IPv4 address prefix.  When a packet's destination  address is matched against a VPN-IPv4 route, only the IPv4 part is  actually matched.