Dave,
Yes, you do need two logical connections between the hub PE and the hub
CE. However, they can be logical interfaces (VLANs, DLCIs, PVCs) on the
same physical link. They don't have to be two physical links.
To prove that the hub-and-spoke topology is working, do you have
reachability between two spoke CE sites that are both _not_ the hub CE?
The hub PE has two routing instances:
(1) one instance that learns routes from the hub CE and exports them to
the spoke CEs
(2) another instance that learns routes from the spoke CEs and exports
them to the hub CE
One PE-CE connection is associated with one instance, and the other
PE-CE connection is associated with the other instance.
Your config only shows one routing instance on a single PE router. I
think we need more info to understand the topology here.
For more info, see:
https://www.juniper.net/techpubs/software/junos51/swconfig51-vpns/html/vpn-examples11.html#1014659
HTH,
Scott
Dave Qi wrote:
>
> according to the doc, in order to configure a hub-and-spoke VPN topology,
> there must be 2 interfcaes connectinhg the hub PE rtr to the hub CE rtr,
> and eatch interfcae must have its own VRF table on the hub PE rtr. Is it
> really necessary to have 2 interfaces? Ihave configured a hub-and-spoke
> topology w/ just one interface and it works fine. Did I miss anything
> obvious here??
>
> here is my config on Hub PE rtr: (192.168.1.9/32 and 10.7.0.2/32 are from
> spoke PE rtr(10.0.0.7) and 172.17.2.8/32 are from spoke PE rtr (10.0.0.6)
> root@LAB-A3# show routing-instances
> VPN-A-A1-to-A9 {
> instance-type vrf;
> interface ge-0/0/0.0;
> route-distinguisher 10.0.0.3:19;
> vrf-import VPN-A-Import;
> vrf-export VPN-A-Export;
> protocols {
> rip {
> group to-CE-A1 {
> export exportVpnA;
> neighbor ge-0/0/0.0;
> }
> }
> }
> }
> root@LAB-A3# show protocols bgp
> group peA3-to-peA7A6 {
> type internal;
> traceoptions {
> file bgp.log size 5m world-readable;
> flag policy detail;
> flag route detail;
> flag update detail;
> }
> local-address 10.0.0.3;
> family inet-vpn {
> unicast;
> }
> neighbor 10.0.0.7;
> neighbor 10.0.0.6;
> }
>
> [edit]
> root@LAB-A3# run show interfaces terse
> Interface Admin Link Proto Local Remote
> ge-0/0/0 up up
> ge-0/0/0.0 up up inet 10.3.4.1/24
> mpls
> ge-0/1/0 up up
> ge-0/1/0.0 up up inet 10.3.3.1/24
> mpls
> fe-1/0/0.0 up up inet 10.3.2.1/24
> mpls
> fe-1/0/1 up up
> fe-1/0/1.0 up up inet 10.3.1.1/24
> mpls
> at-1/1/0 up up
> at-1/1/0.0 up up inet 10.5.0.2/30
> mpls
> lo0 up up
> lo0.0 up up inet 10.0.0.3 --> 0/0
>
> root@LAB-A3# run show route table bgp.l3vpn.0 detail
>
> bgp.l3vpn.0: 3 destinations, 3 routes (3 active, 0 holddown, 0 hidden)
> + = Active Route, - = Last Active, * = Both
>
> 10.0.0.6:18:172.17.2.8/32 (1 entry, 0 announced)
> *BGP Preference: 170/-101
> Route Distinguisher: 10.0.0.6:18
> Source: 10.0.0.6
> Nexthop: via at-1/1/0.0, selected
> label-switched-path a3-to-a6
> Push 100010, Push 100012(top)
> Protocol Nexthop: 10.0.0.6 Indirect nexthop: 8377ee0 51
> State: <Active Int Ext>
> Local AS: 123 Peer AS: 123
> Age: 1:37:03 Metric: 1 Metric2: 2
> Task: BGP_123.10.0.0.6+1064
> AS path: I
> Communities: target:123:19 Route-Type:0.0.0.0:1:0
> VPN Label: 100010
> Localpref: 100
> Router ID: 10.0.0.6
> Secondary tables: VPN-A-A1-to-A9.inet.0
>
> 10.0.0.7:189:10.7.0.2/32 (1 entry, 0 announced)
> *BGP Preference: 170/-101
> Route Distinguisher: 10.0.0.7:189
> Source: 10.0.0.7
> Nexthop: via at-1/1/0.0, selected
> label-switched-path a3-to-a7
> Push 100021, Push 100009(top)
> Protocol Nexthop: 10.0.0.7 Indirect nexthop: 8445000 44
> State: <Active Int Ext>
> Local AS: 123 Peer AS: 123
> Age: 6:31:39 Metric2: 3
> Task: BGP_123.10.0.0.7+1060
> AS path: I
> Communities: target:123:19
> VPN Label: 100021
> Localpref: 100
> Router ID: 10.0.0.7
> Secondary tables: VPN-A-A1-to-A9.inet.0
>
> 10.0.0.7:189:192.168.1.9/32 (1 entry, 0 announced)
> *BGP Preference: 170/-101
> Route Distinguisher: 10.0.0.7:189
> Source: 10.0.0.7
> Nexthop: via at-1/1/0.0, selected
> label-switched-path a3-to-a7
> Push 100021, Push 100009(top)
> Protocol Nexthop: 10.0.0.7 Indirect nexthop: 8445000 44
> State: <Active Int Ext>
> Local AS: 123 Peer AS: 123
> Age: 6:31:39 Metric2: 3
> Task: BGP_123.10.0.0.7+1060
> AS path: I
> Communities: target:123:19
> VPN Label: 100021
> Localpref: 100
> Router ID: 10.0.0.7
> Secondary tables: VPN-A-A1-to-A9.inet.0
This archive was generated by hypermail 2b29 : Mon Aug 05 2002 - 10:42:38 EDT