[j-nsp] vpn-apply-export
harry
harry at juniper.net
Mon Nov 10 12:43:23 EST 2003
Odd. Can you confirm that the static route is active in the VRF?
It seems that:
policy-statement vpn-telemach-export {
term a {
then {
community add vpn-telemach;
accept;
}
}
term b {
then reject;
Should match on all active routes in the VRF and export them. Once a route
is accepted it cannot be later rejected (as I understand), so I am not sure
why modifying your PE-PE export policy should have any effect. Your AS path
reg x seems to match on a null AS path, so this explains why adding static
allows the export of the static despite no as path parameters being
configured for that static. You may want to open a case with JTAC as this
does not seem to be the desired behavior.
> -----Original Message-----
> From: Blaz Zupan [mailto:blaz at inlimbo.org]
> Sent: Monday, November 10, 2003 9:20 AM
> To: harry
> Cc: juniper-nsp at puck.nether.net
> Subject: RE: [j-nsp] vpn-apply-export
>
>
> > I think I need to see the complete config to get a better
> handle. It
> > sounds like you are saying:
> >
> > term limited-routes {
> > from {
> > protocol [ bgp aggregate static ];
> > as-path limited-routes;
> > }
> > then accept;
> > }
> >
> >
> > Is part of your unicast PE-PE BGP routing policy. I assumed
> this was
> > part of your VRF related policies.
>
> Below is the relevant part of the configuration. This is the
> configuration that worked with 5.5. With 5.7, I need to add
> "static" to the "limited-routes" term of the
> "to-ibgp-amis-routes" policy, otherwise the static default
> route does not propagate to the Cisco PE. I believe this is
> supposed to be needed only when I configure vpn-apply-export,
> but I did not configure it.
>
> protocols {
> mpls {
> interface e3-0/0/2.0;
> interface fe-0/1/0.308;
> }
> bgp {
> group ibgp {
> type internal;
> local-address 212.18.32.166;
> peer-as 8591;
> neighbor 212.18.32.175 {
> family inet {
> unicast;
> }
> family inet-vpn {
> unicast;
> }
> export to-ibgp-amis-routes;
> cluster 212.18.32.166;
> }
> }
> }
> ldp {
> interface e3-0/0/2.0;
> }
> }
> policy-options {
> policy-statement to-ibgp-amis-routes {
> term as8591 {
> from community [ from-customer from-lix from-six ];
> then accept;
> }
> term limited-routes {
> from {
> protocol [ bgp aggregate ];
> as-path limited-routes;
> }
> then accept;
> }
> term everything-else {
> then reject;
> }
> }
> policy-statement vpn-telemach-import {
> term a {
> from {
> protocol bgp;
> community vpn-telemach;
> }
> then accept;
> }
> term b {
> then reject;
> }
> }
> policy-statement vpn-telemach-export {
> term a {
> then {
> community add vpn-telemach;
> accept;
> }
> }
> term b {
> then reject;
> }
> }
> community from-customer members 8591:1000;
> community from-lix members 8591:1002;
> community from-six members 8591:1001;
> community vpn-telemach members target:12644:1;
> as-path limited-routes "[0-65535]{0,2}";
> }
>
> routing-instances {
> telemach {
> instance-type vrf;
> interface fe-0/1/0.308;
> route-distinguisher 12644:1;
> vrf-import vpn-telemach-import;
> vrf-export vpn-telemach-export;
> routing-options {
> static {
> route 0.0.0.0/0 next-hop 213.143.77.41;
> }
> }
> }
> }
>
More information about the juniper-nsp
mailing list