[j-nsp] Hidden L3VPN Routes
Chris Staudt
christoph.staudt at teresto.net
Wed Jun 8 12:03:08 EDT 2005
Hello together,
I am facing a problem with a Juniper M40 and hope to find some help here.
In general my network consists of cisco only equipment running ISIS, BGP
and MPLS.
I am trying to include some Juniper boxes now. It first ran very good but
now I am stuck.
I have ISIS, BGP and L3VPN running, but the M40 won't accept any VPN
Prefixes announced to it saying:"next hop unusable" even thoug the next
hop can pefectly be reached and ist lerned via ISIS.
For further information I am posting some show outputs below. Any help is
appreciated!
regards
chris
-----
chris at juni> ...ocol bgp 217.24.235.15 hidden extensive
inet.0: 162642 destinations, 162649 routes (162642 active, 0 holddown, 0
hidden)
VRF_COMATEC.inet.0: 10 destinations, 10 routes (4 active, 0 holddown, 6
hidden)
0.0.0.0/0 (1 entry, 0 announced)
Route Distinguisher: 9063:1
VPN Label: 56
Nexthop: 217.24.235.14
MED: 0
Localpref: 100
AS path: I (Originator) Cluster list: 0.0.35.103
AS path: Originator ID: 217.24.235.14
Communities: target:9063:1
150.100.0.0/16 (1 entry, 0 announced)
Route Distinguisher: 9063:1
VPN Label: 198
Nexthop: 217.24.235.14
MED: 0
Localpref: 100
AS path: ? (Originator) Cluster list: 0.0.35.103
AS path: Originator ID: 217.24.235.14
Communities: target:9063:1
192.168.8.0/24 (1 entry, 0 announced)
Route Distinguisher: 9063:1
VPN Label: 65
Nexthop: 217.24.235.7
MED: 0
Localpref: 100
AS path: ? (Originator) Cluster list: 0.0.35.103
AS path: Originator ID: 217.24.235.7
Communities: target:9063:1
192.168.99.0/28 (1 entry, 0 announced)
Route Distinguisher: 9063:1
VPN Label: 161
Nexthop: 217.24.235.22
MED: 0
Localpref: 100
AS path: ? (Originator) Cluster list: 0.0.35.103
AS path: Originator ID: 217.24.235.22
Communities: target:9063:1
192.168.199.0/24 (1 entry, 0 announced)
Route Distinguisher: 9063:1
VPN Label: 74
Nexthop: 217.24.235.22
MED: 0
Localpref: 100
AS path: ? (Originator) Cluster list: 0.0.35.103
AS path: Originator ID: 217.24.235.22
Communities: target:9063:1
192.168.199.1/32 (1 entry, 0 announced)
Route Distinguisher: 9063:1
VPN Label: 155
Nexthop: 217.24.235.22
MED: 0
Localpref: 100
AS path: ? (Originator) Cluster list: 0.0.35.103
AS path: Originator ID: 217.24.235.22
Communities: target:9063:1
iso.0: 1 destinations, 1 routes (1 active, 0 holddown, 0 hidden)
mpls.0: 4 destinations, 4 routes (4 active, 0 holddown, 0 hidden)
bgp.l3vpn.0: 6 destinations, 6 routes (0 active, 0 holddown, 6 hidden)
9063:1:0.0.0.0/0 (1 entry, 0 announced)
Route Distinguisher: 9063:1
VPN Label: 56
Nexthop: 217.24.235.14
MED: 0
Localpref: 100
AS path: I (Originator) Cluster list: 0.0.35.103
AS path: Originator ID: 217.24.235.14
Communities: target:9063:1
9063:1:150.100.0.0/16 (1 entry, 0 announced)
Route Distinguisher: 9063:1
VPN Label: 198
Nexthop: 217.24.235.14
MED: 0
Localpref: 100
AS path: ? (Originator) Cluster list: 0.0.35.103
AS path: Originator ID: 217.24.235.14
Communities: target:9063:1
9063:1:192.168.8.0/24 (1 entry, 0 announced)
Route Distinguisher: 9063:1
VPN Label: 65
Nexthop: 217.24.235.7
MED: 0
Localpref: 100
AS path: ? (Originator) Cluster list: 0.0.35.103
AS path: Originator ID: 217.24.235.7
Communities: target:9063:1
9063:1:192.168.99.0/28 (1 entry, 0 announced)
Route Distinguisher: 9063:1
VPN Label: 161
Nexthop: 217.24.235.22
MED: 0
Localpref: 100
AS path: ? (Originator) Cluster list: 0.0.35.103
AS path: Originator ID: 217.24.235.22
Communities: target:9063:1
9063:1:192.168.199.0/24 (1 entry, 0 announced)
Route Distinguisher: 9063:1
VPN Label: 74
Nexthop: 217.24.235.22
MED: 0
Localpref: 100
AS path: ? (Originator) Cluster list: 0.0.35.103
AS path: Originator ID: 217.24.235.22
Communities: target:9063:1
9063:1:192.168.199.1/32 (1 entry, 0 announced)
Route Distinguisher: 9063:1
VPN Label: 155
Nexthop: 217.24.235.22
MED: 0
Localpref: 100
AS path: ? (Originator) Cluster list: 0.0.35.103
AS path: Originator ID: 217.24.235.22
Communities: target:9063:1
__juniper_private1__.inet6.0: 1 destinations, 1 routes (1 active, 0
holddown, 0 hidden)
chris at juni>
-----
show route to one of the next hops that is said to be unusable:
chris at juni> show route 217.24.235.22
inet.0: 162624 destinations, 162631 routes (162624 active, 0 holddown, 0
hidden)
+ = Active Route, - = Last Active, * = Both
217.24.235.22/32 *[IS-IS/18] 1w0d 01:11:18, metric 1000
> to 217.24.235.166 via fe-3/0/0.0
------------
partial "show conf"
routing-options {
static {
route 0.0.0.0/0 next-hop 217.24.235.15;
}
router-id 217.24.235.28;
autonomous-system 9063;
}
protocols {
mpls {
interface fe-3/0/0.0;
interface lo0.1;
}
bgp {
traceoptions {
file bgp size 500000;
flag route detail;
}
group PG_TORR {
type internal;
local-address 217.24.235.28;
family inet {
unicast;
}
family inet-vpn {
unicast;
}
peer-as 9063;
neighbor 217.24.235.15 {
authentication-key "xxxxxxxxx"; ## SECRET-DATA
}
}
}
isis {
traceoptions {
file isis size 500000;
flag state detail;
flag all detail;
}
lsp-lifetime 65535;
level 2 {
authentication-key "xxxxxxx"; ## SECRET-DATA
authentication-type xxxx; ## SECRET-DATA
no-hello-authentication;
wide-metrics-only;
}
interface fe-3/0/0.0 {
level 2 metric 1000;
}
interface all {
level 1 disable;
}
}
ldp {
interface all;
}
}
policy-options {
policy-statement RP_DENY_ALL {
term deny_all {
from as-path AP_DENY_ALL;
}
then reject;
}
policy-statement XXXX-export {
term a {
from protocol static;
then {
community add XXXX;
accept;
}
}
term b {
then reject;
}
}
policy-statement XXXX-import {
term a {
from {
protocol bgp;
community XXXX;
}
then accept;
}
term b {
then reject;
}
}
community XXXX members target:9063:1;
as-path AP_DENY_ALL .*;
}
routing-instances {
VRF_XXXX {
instance-type vrf;
interface lo0.1;
interface fe-3/0/1.0;
route-distinguisher 9063:1;
vrf-import XXXX-import;
vrf-export XXXX-export;
routing-options {
static {
route 10.10.10.0/24 next-hop 192.168.187.1;
}
}
}
}
i.V.
--
Christoph Staudt, Leiter Netze und Systeme / CTO
Cisco Certified Network Associate
teresto media Aktiengesellschaft - RWE Group
Trierer Strasse 223-225 - 66663 Merzig / Germany
Tel. +49-(0)6861-9312-234 - Fax +49-(0)6861-9312-199
mailto: christoph.staudt at teresto.net - http://www.teresto.net
More information about the juniper-nsp
mailing list