[j-nsp] Weird traceroute across MPLS core using labeled-unicast IBGP

Daniel Roesen dr at cluenet.de
Mon Mar 8 15:16:12 EST 2004 

On Mon, Mar 08, 2004 at 11:56:55AM -0800, harry wrote:
> I think I see why you get a native reply. By default the local PE sources
> traffic from the VRF interfaces bound to the routing instance. You are
> souring from your PE's lo0, which should be routable by PE and P routers.
> Also, the loopback emulates an attached CE nicely. The remote PE pops the
> label, and sends it to the loopback, which result in the traffic coming back
> to the remote PE, just as it would if the CE was attached and you pinged the
> remote PE's VRF IP address. Note that the TTL is one higher than it should
> be, due to lack of CE forwarding.
> 
> What confounds me is that the route to the local PE's loopback address for
> native forwarding should be in inet.0, not the VRF. Even if you had a
> default route in the remote PE's VRF pointing to the local PE's VRF I would
> expect to see MPLS forwarding.  Thinking out loud that it seems when the
> incoming exception traffic is passed to the remote PE's RE, and that some
> how the VPN context is lost. This results in the remote PE consulting the
> inet.0 table when attempting to reply.  
> 
> Either this, or you do not have the so-0/2/0 interface at the remote PE
> bound to a VRF.

This is the basic misunderstanding. so-0/2/0 is NOT in a VRF, it's
simply a non-VPN interface. But as I have only the choice of running
EITHER "family unicast" OR "family labeled-unicast", the D PE will
always assign a VPN MPLS label to the route. Ideally, I would like to
see VPN labels attached ONLY to routes within L3VPN VRFs, NOT to
other routes which get advertised via IBGP.

Is there a technical reason (other than "we haven't implemented it
that way") why I can't just simply run unicast and labeled-unicast
NLRI in parallel (I guess these are two different SAFIs), with JunOS
announcing only VPN VRF routes with labels? After all, 10.0.0.0/30
is not a VPN route. :-)

> Note that the remote CE will have trouble routing back the
> response that is sourced from local PE's lo0.

Not really, as it's not in a VRF/L3VPN but a normal CE with plain
default route towards PE D. So A1 lo0.0 is reachable via IS-IS
and via MPLS LDP-signaled implicit LSP.


Best regards,
Daniel

More information about the juniper-nsp mailing list