[j-nsp] vpn-apply-export

Blaz Zupan blaz at inlimbo.org
Mon Nov 10 12:20:03 EST 2003


> I think I need to see the complete config to get a better handle. It sounds
> like you are saying:
>
>  term limited-routes {
>         from {
>             protocol [ bgp aggregate static ];
>             as-path limited-routes;
>         }
>         then accept;
>     }
>
>
> Is part of your unicast PE-PE BGP routing policy. I assumed this was part of
> your VRF related policies.

Below is the relevant part of the configuration. This is the configuration
that worked with 5.5. With 5.7, I need to add "static" to the "limited-routes"
term of the "to-ibgp-amis-routes" policy, otherwise the static default route
does not propagate to the Cisco PE. I believe this is supposed to be needed
only when I configure vpn-apply-export, but I did not configure it.

protocols {
    mpls {
        interface e3-0/0/2.0;
        interface fe-0/1/0.308;
    }
    bgp {
        group ibgp {
            type internal;
            local-address 212.18.32.166;
            peer-as 8591;
            neighbor 212.18.32.175 {
                family inet {
                    unicast;
                }
                family inet-vpn {
                    unicast;
                }
                export to-ibgp-amis-routes;
                cluster 212.18.32.166;
            }
        }
    }
    ldp {
        interface e3-0/0/2.0;
    }
}
policy-options {
    policy-statement to-ibgp-amis-routes {
        term as8591 {
            from community [ from-customer from-lix from-six ];
            then accept;
        }
        term limited-routes {
            from {
                protocol [ bgp aggregate ];
                as-path limited-routes;
            }
            then accept;
        }
        term everything-else {
            then reject;
        }
    }
    policy-statement vpn-telemach-import {
        term a {
            from {
                protocol bgp;
                community vpn-telemach;
            }
            then accept;
        }
        term b {
            then reject;
        }
    }
    policy-statement vpn-telemach-export {
        term a {
            then {
                community add vpn-telemach;
                accept;
            }
        }
        term b {
            then reject;
        }
    }
    community from-customer members 8591:1000;
    community from-lix members 8591:1002;
    community from-six members 8591:1001;
    community vpn-telemach members target:12644:1;
    as-path limited-routes "[0-65535]{0,2}";
}

routing-instances {
    telemach {
        instance-type vrf;
        interface fe-0/1/0.308;
        route-distinguisher 12644:1;
	vrf-import vpn-telemach-import;
	vrf-export vpn-telemach-export;
        routing-options {
            static {
                route 0.0.0.0/0 next-hop 213.143.77.41;
            }
        }
    }
}


More information about the juniper-nsp mailing list