[j-nsp] BGP label allocation error...

Harry Reynolds harry at juniper.net
Mon Apr 10 18:45:30 EDT 2006 

The reason is because the IP/R chip cannot do both a label and IP route
lookup in one pass without vrf-table-label or a VT-interface. As a
result a label is not advertised for multi-access VRF interfaces unless
a next hop has been learned over that interface. This prevents the black
hole condition that would result from having the IP/R chip do a label
lookup only to find no L2 rewrite information in the egress interface.

The second lookup is needed to populate the L2 rewrite table when a
multi-access VRF interfaces is in use. This is not needed for a p-t-p
vrf interface. In effect, the funky static route primes the L2 re-write
table so that additional ARP exchanges are no longer necessary for L2
rewrite; this allows the label to be process by the IP/R chip while
still having the correct L2 encap added at egress. Note that IP level
firewall features are not available in this mode because the route
lookup chip is performing a label, not an IP packet operation. Normally
the workaround involves a /30 static in the vrf pointing to the attached
CE; if there is no CE then it would seem, based on the link below, that
you can point the static to PE itself.

The vrf-table-label deal binds each VRF to a unique label, such that
egress VRF can be identified at ingress by the B/LI chip. This frees the
IP/R chip to perform a L3 lookup, which can include IP level firewall as
a result. VT-interface effectively loops the packet back through the
IP/CF for L3 lookup (and firewall), but this requires tunnel pic
hardware.

As a side note, the static route is not needed if the PE is learning any
routes from the CE via a dynamic routing protocol like BGP or ospf.

 HTHs


> -----Original Message-----
> From: juniper-nsp-bounces at puck.nether.net 
> [mailto:juniper-nsp-bounces at puck.nether.net] On Behalf Of 
> Alexander Tarkhov
> Sent: Monday, April 10, 2006 2:32 PM
> To: Brian W. Gemberling
> Cc: juniper-nsp at puck.nether.net
> Subject: Re: [j-nsp] BGP label allocation error...
> 
> Hi Brian,
> One very strange static route should solve it.
> If there is no CE router in this VLAN, then you have to 
> manually configure some host (/32) route inside the VRF 
> (routing instance) pointing to itself.
> This is not well documented, so I can't say why. Here is an 
> example 
> http://www.juniper.net/techpubs/software/junos/junos75/swconfi
> g75-vpns/html/vpnl3-trouble14.html
> This static route is only required for multiaccess vrf 
> interfaces without directly connected CE router. Hope it helps.
> 
> -Alexander
> 
> P.S. Alternative way of solving this can be use of 
> vrf-table-label command, which totaly changes label 
> allocation, and brings other advantages too. I think it's 
> better to go with simplest solution however.
> 
> 
> 
> On 4/11/06, Brian W. Gemberling <brian at pulltheplug.com> wrote:
> >
> > Hello,
> >
> > I'm trying to help a friend with a problem.  They have a directly 
> > connected VLAN on a GE port they want in a VRF.  They have 
> added this 
> > interface to the VRF and it works locally.  It, however, is not 
> > getting passed via BGP to other routers.  Below is the route,
> >
> > * 65066:101:10.253.0.0/24 (1 entry, 1 announced)
> >   BGP group ibgp-route-reflector-clients type Internal
> >       Route Distinguisher: 65066:101
> >       BGP label allocation failure: Need a nexthop address on LAN
> >       Nexthop: Not advertised
> >       Localpref: 100
> >       AS path: I
> >       Communities: target:65066:101
> >
> >
> > I'm assuming the issue is "BGP label allocation failure: Need a 
> > nexthop address on LAN".  I've never seen this error before.  Can 
> > anyone shed some light on this for me?  Thanks!
> > _______________________________________________
> > juniper-nsp mailing list juniper-nsp at puck.nether.net 
> > http://puck.nether.net/mailman/listinfo/juniper-nsp
> >
> 
> 
> --
> * most punctuation intentionally omitted for your temperament.
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net 
> http://puck.nether.net/mailman/listinfo/juniper-nsp
>

More information about the juniper-nsp mailing list