[j-nsp] Looking for ideas to configure hub and spoke vpn on the
same PE.
Pedro Roque Marques
roque at juniper.net
Thu Sep 22 16:51:17 EDT 2005
Joseph Lin wrote:
> All,
>
> Its been about 2 years since I visited this subject, and am curious to know
> if anyone has came up with any new to configure this.
>
> Here's the sample topology.
>
> spoke#2
> |
> |
> Hub -- PE ----------------- PE ---------spoke#3
> |
> |
> spoke#1
>
> The main problem I had was how to force spoke#1,spoke#2 to route thru the
> Hub's since they are on the same PE.
>
> There were talks of mechanisms for inter-vrf routing, or using egress
> filtering.
>
> Can anyone hand me a clue??
>
Joseph,
You will need a hub and spoke VRF in the PE which is attached to the
hub. i.e. hub VRF exports "target:<hub>" routes and imports
"target:<spoke>" routes and vice-versa.
Don't forget to enable auto-export on those VRFs.
If you do have vrf-table-label enabled on the hub VRF you will need to
get a bit fancier and do something like this:
Example w/ RIP as the PE-CE protocol torwards the hub.
routing-instances {
hub {
instance-type vrf;
interface so-1/0/1.0;
route-distinguisher 10.255.245.51:2;
vrf-export hub_export_reject;
vrf-target import target:10458:1;
routing-options {
interface-routes {
rib-group inet hub-rg;
}
}
protocols {
rip {
rib-group hub-rg;
group pe-ce {
export rip_advertise;
neighbor so-1/0/1.0;
}
}
}
}
hub_downstream {
instance-type vrf;
route-distinguisher 10.255.245.51:1;
vrf-target target:10458:2;
vrf-table-label;
}
}
routing-options {
rib-groups {
hub-rg {
import-rib [ hub.inet.0 hub_downstream.inet.0 ];
}
}
autonomous-system 10458;
}
policy-options {
policy-statement hub_export_reject {
then {
community add hub_target;
reject;
}
}
policy-statement rip_advertise {
term a {
from protocol bgp;
then accept;
}
then reject;
}
community hub_target members target:10458:2;
community spoke_target members target:10458:1;
}
More information about the juniper-nsp
mailing list