[j-nsp] l3vpn BGP advertisements

Harry Reynolds harry at juniper.net
Tue Jul 18 20:26:02 EDT 2006


Update: I forgot to include direct in the vrf export policy. In this
example both the static and the PE's VRF interface direct route is being
sent:

harry at vpn02> show configuration policy-options policy-statement
test-export 
term 1 {
    from {
        protocol static;
        route-filter 10.0.1.0/24 exact;
    }
    then accept;
}
term 2 {
    from protocol direct;
    then accept;
}

harry at vpn02> show route advertising-protocol bgp 1.1.0.1 detail


test.inet.0: 3 destinations, 3 routes (3 active, 0 holddown, 0 hidden)
* 10.0.1.0/24 (1 entry, 1 announced)
 BGP group int type Internal
     Route Distinguisher: 1:1
     VPN Label: 100000
     Nexthop: Self
     Flags: Nexthop Change
     Localpref: 100
     AS path: I

* 10.0.1.0/30 (1 entry, 1 announced)
 BGP group int type Internal
     Route Distinguisher: 1:1
     VPN Label: 100000
     Nexthop: Self
     Flags: Nexthop Change
     Localpref: 100
     AS path: I

Cheers

> -----Original Message-----
> From: juniper-nsp-bounces at puck.nether.net 
> [mailto:juniper-nsp-bounces at puck.nether.net] On Behalf Of 
> Harry Reynolds
> Sent: Tuesday, July 18, 2006 5:15 PM
> To: juniper-nsp at nurk.org; juniper-nsp at puck.nether.net
> Subject: Re: [j-nsp] l3vpn BGP advertisements
> 
> You could try a static route to the device "on the other end 
> of the link" (where the CE would be), and then do a static 
> arp entry for the associated /32 next-hop under the vrf 
> interface. The static route alone will not work if there is 
> no CE to reply to ARP requests, IIRC. Then use policy to 
> advertise the static route. Not the same as the direct 
> interface, but might work; in this example I am using a /30 
> on the vrf interface and advertising a larger /24.
> 
> Something like:
> 
> 
> [edit]
> harry at vpn02# show interfaces ge-7/0/0           
> unit 0 {
>     family inet {
>         address 10.0.1.1/30 {
>             arp 10.0.1.2 mac 00:90:69:00:a7:72;
>         }
>     }
> }
> 
> [edit]
> harry at vpn02# show routing-instances
> test {
>     instance-type vrf;
>     interface ge-7/0/0.0;
>     route-distinguisher 1:1;
>     vrf-export test-export;
>     vrf-target target:1:100;
>     routing-options {
>         static {
>             route 10.0.1.0/24 next-hop 10.0.1.2;
>         }
>     }
> }
> 
> [edit]
> harry at vpn02# show policy-options policy-statement test-export term 1 {
>     from {
>         protocol static;
>         route-filter 10.0.1.0/24 exact;
>     }
>     then accept;
> }
> 
> [edit]
> harry at vpn02# run show arp 
> MAC Address       Address         Name                     Interface
> Flags
> 00:90:xx:xx:xx:xx 10.0.1.2        10.0.1.2                  ge-7/0/0.0
> permanent <<<
> 
> 
> [edit]
> harry at vpn02# run show route advertising-protocol bgp 1.1.0.1 detail 
> 
> test.inet.0: 3 destinations, 3 routes (3 active, 0 holddown, 0 hidden)
> * 10.0.1.0/24 (1 entry, 1 announced)
>  BGP group int type Internal
>      Route Distinguisher: 1:1
>      VPN Label: 100000
>      Nexthop: Self
>      Flags: Nexthop Change
>      Localpref: 100
>      AS path: I
> 
> 
> Regards and HTHs
> 
>  
> 
> > -----Original Message-----
> > From: juniper-nsp-bounces at puck.nether.net
> > [mailto:juniper-nsp-bounces at puck.nether.net] On Behalf Of 
> > juniper-nsp at nurk.org
> > Sent: Tuesday, July 18, 2006 4:32 PM
> > To: juniper-nsp at puck.nether.net
> > Subject: [j-nsp] l3vpn BGP advertisements
> > 
> > 
> > Hello,
> > 
> > I've created a VRF between 2 M20's. I currently have a policy that 
> > distributes static and direct routes. The issue I'm having is junos 
> > doesn't seem to advertise the route directly connected to 
> an fe port. 
> > If I add a loopback interface to the VRF it will advertise 
> it's route 
> > though. I've tried adding a static route to the fe interface, but 
> > junos complains about it not being a p2p address. Is it possible to 
> > have a VRF hang off an interface w/o a CE router on the other end?
> > 
> > As you can see below, junos shows the route as "Direct" for both 
> > loopback and fe, but does not advertise the fe route...
> > 
> > 
> > > show configuration policy-options policy-statement mgt-vpn-export
> > term 1 {
> >      from protocol [ direct static ];
> >      then {
> >          community add mgt-vpn;
> >          accept;
> >      }
> > }
> > 
> > 
> > > show configuration routing-instances mgt-vpn
> > description "Management VPN";
> > instance-type vrf;
> > interface fe-0/0/1.0;
> > interface lo0.1;
> > route-distinguisher 12345:13;
> > vrf-import mgt-vpn-import;
> > vrf-export mgt-vpn-export;
> > 
> > 
> > > show route table mgt-vpn 10.4.18.0
> > 
> > mgt-vpn.inet.0: 4 destinations, 4 routes (4 active, 0 holddown, 0 
> > hidden)
> > + = Active Route, - = Last Active, * = Both
> > 
> > 10.4.18.0/24       *[Direct/0] 2d 16:58:45
> >                      > via fe-0/0/1.0
> > 
> > 
> > > show route table mgt-vpn 10.4.4.1
> > 
> > mgt-vpn.inet.0: 4 destinations, 4 routes (4 active, 0 holddown, 0 
> > hidden)
> > + = Active Route, - = Last Active, * = Both
> > 
> > 10.4.4.1/32        *[Direct/0] 1d 21:05:50
> >                      > via lo0.1
> > 
> > 
> > > show route advertising-protocol bgp <ip>
> > 
> > mgt-vpn.inet.0: 4 destinations, 4 routes (4 active, 0 holddown, 0 
> > hidden)
> >    Prefix                  Nexthop              MED     
> > Lclpref    AS path
> > * 10.4.4.1/32             Self                         100        I
> > * 10.4.18.0/24            Not advertised               100        I
> > 
> > 
> > Thank you for any information you can provide...
> > 
> > --
> > Sean Swallow
> > _______________________________________________
> > juniper-nsp mailing list juniper-nsp at puck.nether.net 
> > https://puck.nether.net/mailman/listinfo/juniper-nsp
> > 
> 
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net 
> https://puck.nether.net/mailman/listinfo/juniper-nsp
> 



More information about the juniper-nsp mailing list