Joe,
> If you only have a single interface for the Hub-PE, then the same
> interfaces is used for both the hub and the spoke traffic, which would
> defeat the above mantra, and you wouldn't be able to separate the
> traffic
Well not necessairly. If you don't put in the vrf the routes you are
actually advertising to other PEs you could get away with only 1 link to
your hub site. Rememeber you _don't_do_ the vrf lookup (expect in the
cisco aggregate label case) on the SP->HUB site direction.
That is just the idea - we don't have such a knob - neither does junos I
am afraid ;-).
R.
> Joe Lin wrote:
>
> The mantra for hub and spoke is:
>
> All traffic going to the spokes must go thru the hub. (similar to
> traditional hub-and-spoke frame-relay topology)
>
> Whether this is necessary in real life, that's a judgment call.
>
> If you only have a single interface for the Hub-PE, then the same
> interfaces is used for both the hub and the spoke traffic, which would
> defeat the above mantra, and you wouldn't be able to separate the
> traffic.
>
> Furthermore, if you add additional spokes to the PE that is also your
> Hub-PE. You would never be able to achieve the above mantra, for the
> spokes will talk amongst themselves without going thru the hub!
>
> -joe
>
> -----Original Message-----
> From: Dave Qi [mailto:dqi@BLOOMBERG.COM]
> Sent: Monday, January 21, 2002 5:17 PM
> To: juniper-nsp@puck.nether.net
> Subject: [j-nsp] Hub-Spoke L3VPN Configuration
>
> according to the doc, in order to configure a hub-and-spoke VPN
> topology,
> there must be 2 interfcaes connectinhg the hub PE rtr to the hub CE
> rtr,
> and eatch interfcae must have its own VRF table on the hub PE rtr. Is
> it
> really necessary to have 2 interfaces? Ihave configured a hub-and-spoke
> topology w/ just one interface and it works fine. Did I miss anything
> obvious here??
>
> here is my config on Hub PE rtr: (192.168.1.9/32 and 10.7.0.2/32 are
> from
> spoke PE rtr(10.0.0.7) and 172.17.2.8/32 are from spoke PE rtr
> (10.0.0.6)
> root@LAB-A3# show routing-instances
> VPN-A-A1-to-A9 {
> instance-type vrf;
> interface ge-0/0/0.0;
> route-distinguisher 10.0.0.3:19;
> vrf-import VPN-A-Import;
> vrf-export VPN-A-Export;
> protocols {
> rip {
> group to-CE-A1 {
> export exportVpnA;
> neighbor ge-0/0/0.0;
> }
> }
> }
> }
> root@LAB-A3# show protocols bgp
> group peA3-to-peA7A6 {
> type internal;
> traceoptions {
> file bgp.log size 5m world-readable;
> flag policy detail;
> flag route detail;
> flag update detail;
> }
> local-address 10.0.0.3;
> family inet-vpn {
> unicast;
> }
> neighbor 10.0.0.7;
> neighbor 10.0.0.6;
> }
>
> [edit]
> root@LAB-A3# run show interfaces terse
> Interface Admin Link Proto Local Remote
> ge-0/0/0 up up
> ge-0/0/0.0 up up inet 10.3.4.1/24
> mpls
> ge-0/1/0 up up
> ge-0/1/0.0 up up inet 10.3.3.1/24
> mpls
> fe-1/0/0.0 up up inet 10.3.2.1/24
> mpls
> fe-1/0/1 up up
> fe-1/0/1.0 up up inet 10.3.1.1/24
> mpls
> at-1/1/0 up up
> at-1/1/0.0 up up inet 10.5.0.2/30
> mpls
> lo0 up up
> lo0.0 up up inet 10.0.0.3 --> 0/0
>
> root@LAB-A3# run show route table bgp.l3vpn.0 detail
>
> bgp.l3vpn.0: 3 destinations, 3 routes (3 active, 0 holddown, 0 hidden)
> + = Active Route, - = Last Active, * = Both
>
> 10.0.0.6:18:172.17.2.8/32 (1 entry, 0 announced)
> *BGP Preference: 170/-101
> Route Distinguisher: 10.0.0.6:18
> Source: 10.0.0.6
> Nexthop: via at-1/1/0.0, selected
> label-switched-path a3-to-a6
> Push 100010, Push 100012(top)
> Protocol Nexthop: 10.0.0.6 Indirect nexthop: 8377ee0 51
> State: <Active Int Ext>
> Local AS: 123 Peer AS: 123
> Age: 1:37:03 Metric: 1 Metric2: 2
> Task: BGP_123.10.0.0.6+1064
> AS path: I
> Communities: target:123:19 Route-Type:0.0.0.0:1:0
> VPN Label: 100010
> Localpref: 100
> Router ID: 10.0.0.6
> Secondary tables: VPN-A-A1-to-A9.inet.0
>
> 10.0.0.7:189:10.7.0.2/32 (1 entry, 0 announced)
> *BGP Preference: 170/-101
> Route Distinguisher: 10.0.0.7:189
> Source: 10.0.0.7
> Nexthop: via at-1/1/0.0, selected
> label-switched-path a3-to-a7
> Push 100021, Push 100009(top)
> Protocol Nexthop: 10.0.0.7 Indirect nexthop: 8445000 44
> State: <Active Int Ext>
> Local AS: 123 Peer AS: 123
> Age: 6:31:39 Metric2: 3
> Task: BGP_123.10.0.0.7+1060
> AS path: I
> Communities: target:123:19
> VPN Label: 100021
> Localpref: 100
> Router ID: 10.0.0.7
> Secondary tables: VPN-A-A1-to-A9.inet.0
>
> 10.0.0.7:189:192.168.1.9/32 (1 entry, 0 announced)
> *BGP Preference: 170/-101
> Route Distinguisher: 10.0.0.7:189
> Source: 10.0.0.7
> Nexthop: via at-1/1/0.0, selected
> label-switched-path a3-to-a7
> Push 100021, Push 100009(top)
> Protocol Nexthop: 10.0.0.7 Indirect nexthop: 8445000 44
> State: <Active Int Ext>
> Local AS: 123 Peer AS: 123
> Age: 6:31:39 Metric2: 3
> Task: BGP_123.10.0.0.7+1060
> AS path: I
> Communities: target:123:19
> VPN Label: 100021
> Localpref: 100
> Router ID: 10.0.0.7
> Secondary tables: VPN-A-A1-to-A9.inet.0
This archive was generated by hypermail 2b29 : Mon Aug 05 2002 - 10:42:38 EDT