The mantra for hub and spoke is:
All traffic going to the spokes must go thru the hub. (similar to
traditional hub-and-spoke frame-relay topology)
Whether this is necessary in real life, that's a judgment call.
If you only have a single interface for the Hub-PE, then the same
interfaces is used for both the hub and the spoke traffic, which would
defeat the above mantra, and you wouldn't be able to separate the
traffic.
Furthermore, if you add additional spokes to the PE that is also your
Hub-PE. You would never be able to achieve the above mantra, for the
spokes will talk amongst themselves without going thru the hub!
-joe
-----Original Message-----
From: Dave Qi [mailto:dqi@BLOOMBERG.COM]
Sent: Monday, January 21, 2002 5:17 PM
To: juniper-nsp@puck.nether.net
Subject: [j-nsp] Hub-Spoke L3VPN Configuration
according to the doc, in order to configure a hub-and-spoke VPN
topology,
there must be 2 interfcaes connectinhg the hub PE rtr to the hub CE
rtr,
and eatch interfcae must have its own VRF table on the hub PE rtr. Is
it
really necessary to have 2 interfaces? Ihave configured a hub-and-spoke
topology w/ just one interface and it works fine. Did I miss anything
obvious here??
here is my config on Hub PE rtr: (192.168.1.9/32 and 10.7.0.2/32 are
from
spoke PE rtr(10.0.0.7) and 172.17.2.8/32 are from spoke PE rtr
(10.0.0.6)
root@LAB-A3# show routing-instances
VPN-A-A1-to-A9 {
instance-type vrf;
interface ge-0/0/0.0;
route-distinguisher 10.0.0.3:19;
vrf-import VPN-A-Import;
vrf-export VPN-A-Export;
protocols {
rip {
group to-CE-A1 {
export exportVpnA;
neighbor ge-0/0/0.0;
}
}
}
}
root@LAB-A3# show protocols bgp
group peA3-to-peA7A6 {
type internal;
traceoptions {
file bgp.log size 5m world-readable;
flag policy detail;
flag route detail;
flag update detail;
}
local-address 10.0.0.3;
family inet-vpn {
unicast;
}
neighbor 10.0.0.7;
neighbor 10.0.0.6;
}
[edit]
root@LAB-A3# run show interfaces terse
Interface Admin Link Proto Local Remote
ge-0/0/0 up up
ge-0/0/0.0 up up inet 10.3.4.1/24
mpls
ge-0/1/0 up up
ge-0/1/0.0 up up inet 10.3.3.1/24
mpls
fe-1/0/0.0 up up inet 10.3.2.1/24
mpls
fe-1/0/1 up up
fe-1/0/1.0 up up inet 10.3.1.1/24
mpls
at-1/1/0 up up
at-1/1/0.0 up up inet 10.5.0.2/30
mpls
lo0 up up
lo0.0 up up inet 10.0.0.3 --> 0/0
root@LAB-A3# run show route table bgp.l3vpn.0 detail
bgp.l3vpn.0: 3 destinations, 3 routes (3 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
10.0.0.6:18:172.17.2.8/32 (1 entry, 0 announced)
*BGP Preference: 170/-101
Route Distinguisher: 10.0.0.6:18
Source: 10.0.0.6
Nexthop: via at-1/1/0.0, selected
label-switched-path a3-to-a6
Push 100010, Push 100012(top)
Protocol Nexthop: 10.0.0.6 Indirect nexthop: 8377ee0 51
State: <Active Int Ext>
Local AS: 123 Peer AS: 123
Age: 1:37:03 Metric: 1 Metric2: 2
Task: BGP_123.10.0.0.6+1064
AS path: I
Communities: target:123:19 Route-Type:0.0.0.0:1:0
VPN Label: 100010
Localpref: 100
Router ID: 10.0.0.6
Secondary tables: VPN-A-A1-to-A9.inet.0
10.0.0.7:189:10.7.0.2/32 (1 entry, 0 announced)
*BGP Preference: 170/-101
Route Distinguisher: 10.0.0.7:189
Source: 10.0.0.7
Nexthop: via at-1/1/0.0, selected
label-switched-path a3-to-a7
Push 100021, Push 100009(top)
Protocol Nexthop: 10.0.0.7 Indirect nexthop: 8445000 44
State: <Active Int Ext>
Local AS: 123 Peer AS: 123
Age: 6:31:39 Metric2: 3
Task: BGP_123.10.0.0.7+1060
AS path: I
Communities: target:123:19
VPN Label: 100021
Localpref: 100
Router ID: 10.0.0.7
Secondary tables: VPN-A-A1-to-A9.inet.0
10.0.0.7:189:192.168.1.9/32 (1 entry, 0 announced)
*BGP Preference: 170/-101
Route Distinguisher: 10.0.0.7:189
Source: 10.0.0.7
Nexthop: via at-1/1/0.0, selected
label-switched-path a3-to-a7
Push 100021, Push 100009(top)
Protocol Nexthop: 10.0.0.7 Indirect nexthop: 8445000 44
State: <Active Int Ext>
Local AS: 123 Peer AS: 123
Age: 6:31:39 Metric2: 3
Task: BGP_123.10.0.0.7+1060
AS path: I
Communities: target:123:19
VPN Label: 100021
Localpref: 100
Router ID: 10.0.0.7
Secondary tables: VPN-A-A1-to-A9.inet.0
This archive was generated by hypermail 2b29 : Mon Aug 05 2002 - 10:42:38 EDT