[j-nsp] next-hop address on LAN

Harshit Kumar harshit at juniper.net
Thu Mar 9 02:44:20 EST 2006


VT interface is another way. Both are documented below:

https://www.juniper.net/techpubs/software/junos/junos75/swconfig75-vpns/html/vpnl3-config26.html#1072815 

-harshit

> -----Original Message-----
> From: juniper-nsp-bounces at puck.nether.net 
> [mailto:juniper-nsp-bounces at puck.nether.net] On Behalf Of 
> Rafal Szarecki (WA/EPO)
> Sent: Wednesday, March 08, 2006 11:37 PM
> To: Ariff Premji
> Cc: juniper-nsp at puck.nether.net
> Subject: Re: [j-nsp] next-hop address on LAN
> 
> Ofcourse vrf-table-label works also, but this is not just replacement.
> 
> The difference is how egress PE takes forwarding decision. 
> With vrf-table-lable label is stripped and then vrf makes 
> regular IP lookup. With static routes, PE nake decission base 
> on inner label and then behave as penultimate hop (make PHP). 
> So logically LSP egress is not PE but CE.
> 
> VRF-table-lable has following limitation:
> - not all types of uplink configuration (core interfaces) are 
> supported
> - even more limitation on core interface if LR are used
> - if you configure Hub-end-Spoke or central services VPN, 
> then skokes can communicate each oder via hub vrf, but 
> without touching hub CE.  (spokes have different route-targets). 
> 
> Rafal
> 
> > -----Original Message-----
> > From: Ariff Premji [mailto:premji at speakeasy.net] 
> > Sent: Thursday, March 09, 2006 8:23 AM
> > To: Rafal Szarecki (WA/EPO)
> > Cc: Thomas Salmen; juniper-nsp at puck.nether.net
> > Subject: Re: [j-nsp] next-hop address on LAN
> > 
> > Thomas,
> > Add the vrf-table-label command to you VPN config and you 
> > should be all set (on the VPN that has the GE):
> > 
> > >> routing-instances {
> > >>     test_vpn {
> > >>         instance-type vrf;
> > >>         interface ge-1/3/0.205;
> >             vrf-table-label                 <---*****
> > >>         route-distinguisher 65001:1001;
> > >>         vrf-target target: 65001:1001;
> > >>     }
> > >> }
> > 
> > 
> > The method Rafal indicated below has been replaced with this knob:
> > 
> > http://www.juniper.net/techpubs/software/junos/junos75/swconfig75-
> > vpns/html/vpnl3-config25.html#1141682
> > 
> > Hths,
> > 
> > -Ariff
> > 
> > On Mar 8, 2006, at 11:14 PM, Rafal Szarecki ((WA/EPO)) wrote:
> > 
> > > Hi,
> > >
> > > You need hack. You have to have some routing in  VRF. Can 
> be static 
> > > one. So try to add:
> > >
> > >  routing-instances {
> > >      test_vpn {
> > >         routing-option {
> > > 	static {
> > > 		route <CE-address/32> next-hop <CE-address/32>;
> > >      }
> > >  }
> > >
> > > Stiupid but should work.
> > > The reason is that in RFC2546bis CE is mandatory ad is a 
> *router*, 
> > > thus on vrf you have to have routing to networks behind.
> > > Fore some reason JUNOS do not assign lable to connected 
> > networks but 
> > > only to this routed via static or dynamic routing.
> > >
> > > This is behaviour specififc for multiaccess links (ethernet), and 
> > > never happen on p-t-p like ATM VC.
> > >
> > > Rafał Jan Szarecki JNCIE #136
> > > Senior Consultant - Datacom Networks
> > > Ericsson Poland EPO/S/D
> > > Office: +48 22 6916635
> > > ECN:    837 6635
> > > Mobile: +48 602418971
> > > Skype: callto://Rafal_Szarecki <callto://Rafal_Szarecki/>
> > >
> > >
> > >
> > >
> > >> -----Original Message-----
> > >> From: juniper-nsp-bounces at puck.nether.net
> > >> [mailto:juniper-nsp-bounces at puck.nether.net] On Behalf Of Thomas 
> > >> Salmen
> > >> Sent: Thursday, March 09, 2006 5:07 AM
> > >> To: juniper-nsp at puck.nether.net
> > >> Subject: [j-nsp] next-hop address on LAN
> > >>
> > >>
> > >> Hello,
> > >>
> > >> Can anybody suggest what the following might mean?
> > >>
> > >>
> > >> thomas at nct_ar3# run show route advertising-protocol bgp
> > >> 172.16.8.2 extensive
> > >>
> > >>
> > >> orcon_vpn.inet.0: 3 destinations, 3 routes (3 active, 0 
> > holddown, 0 
> > >> hidden)
> > >>
> > >> * 10.78.1.0/30 (1 entry, 1 announced)  BGP group internal type 
> > >> Internal
> > >>      Route Distinguisher: 65001:1001
> > >>      BGP label allocation failure: Need a nexthop 
> address on LAN  
> > >> <---- this
> > >>      Nexthop: Self
> > >>      Flags: Nexthop Change
> > >>      Localpref: 100
> > >>      AS path: I
> > >>      Communities: target: 65001:1001
> > >>
> > >>
> > >> I'm configuring a VPN between two M-series, cr2 and ar3. The VPN 
> > >> consists of and ATM PVC connected to cr2 and a GE 
> > interface connected 
> > >> to ar3, static routing only.
> > >>
> > >>
> > >>
> > >> ar3 is learning connected routes for the ATM interface from cr2:
> > >>
> > >> thomas at nct_ar3# run show route table test_vpn
> > >>
> > >> orcon_vpn.inet.0: 3 destinations, 3 routes (3 active, 0 
> > holddown, 0 
> > >> hidden)
> > >> + = Active Route, - = Last Active, * = Both
> > >>
> > >> 10.78.1.0/30       *[Direct/0] 03:06:58
> > >>> via ge-1/3/0.205
> > >> 10.78.1.1/32       *[Local/0] 03:07:00
> > >>                       Local via ge-1/3/0.205
> > >> 10.240.1.0/30      *[BGP/170] 00:02:54, localpref 100, from  
> > >> 172.16.8.2
> > >>                       AS path: I
> > >>> to 172.16.9.4 via ge-1/3/0.200,
> > >> label-switched-path
> > >> pe_nct_cr2
> > >>
> > >>
> > >>
> > >>
> > >> However cr2 isn't learning VPN routes from ar3:
> > >>
> > >> thomas at nct_m02# run show route table test_vpn
> > >>
> > >> orcon_vpn.inet.0: 2 destinations, 2 routes (2 active, 0 
> > holddown, 0 
> > >> hidden)
> > >> + = Active Route, - = Last Active, * = Both
> > >>
> > >> 10.240.1.0/30      *[Direct/0] 2w4d 11:39:19
> > >>> via at-0/1/1.100
> > >> 10.240.1.1/32      *[Local/0] 2w4d 11:39:26
> > >>                       Local via at-0/1/1.100
> > >>
> > >>
> > >>
> > >>
> > >> And I can't figure out why. ar3 Config:
> > >>
> > >> rsvp {
> > >>     traceoptions {
> > >>         file log.rsvp;
> > >>         flag packets;
> > >>     }
> > >>     interface ge-1/3/0.200;
> > >> }
> > >> mpls {
> > >>     label-switched-path pe_nct_cr2 {
> > >>         to 172.16.8.2;
> > >>     }
> > >>     label-switched-path pe_nct_erx02 {
> > >>         to 172.16.8.15;
> > >>     }
> > >>     interface ge-1/3/0.200;
> > >> }
> > >> bgp {
> > >>     group internal {
> > >>         local-address 172.16.8.8;
> > >>         family inet {
> > >>             unicast;
> > >>         }
> > >>         family inet-vpn {
> > >>             unicast;
> > >>         }
> > >>         peer-as 65001;
> > >>         local-as 65001;
> > >>         neighbor 172.16.8.2 {
> > >>             import ibgp_reflector_import;
> > >>             export ibgp_reflector_export;
> > >>         }
> > >>     }
> > >> }
> > >>
> > >> routing-instances {
> > >>     test_vpn {
> > >>         instance-type vrf;
> > >>         interface ge-1/3/0.205;
> > >>         route-distinguisher 65001:1001;
> > >>         vrf-target target: 65001:1001;
> > >>     }
> > >> }
> > >>
> > >>
> > >> interfaces {
> > >>     ge-1/3/0 {
> > >>         vlan-tagging;
> > >>         mtu 9000;
> > >>         unit 200 {
> > >>             description "Core Interface";
> > >>             vlan-id 200;
> > >>             family inet {
> > >>                 address 172.16.9.8/26;
> > >>             }
> > >>             family mpls;
> > >>         }
> > >>         unit 205 {
> > >>             description "Test Interface";
> > >>             vlan-id 205;
> > >>             family inet {
> > >>                 address 10.78.1.1/30;
> > >>             }
> > >>         }
> > >>     }
> > >>     lo0 {
> > >>         unit 0 {
> > >>             family inet {
> > >>                 filter {
> > >>                     input filter_re;
> > >>                 }
> > >>                 address 172.16.8.8/32;
> > >>                 address 127.0.0.1/32;
> > >>             }
> > >>         }
> > >>     }
> > >> }
> > >>
> > >>
> > >>
> > >> Appreciate any advice.
> > >>
> > >> Cheers,
> > >> Thomas
> > >>
> > >>
> > >>
> > >>
> > >> _______________________________________________
> > >> juniper-nsp mailing list juniper-nsp at puck.nether.net 
> > >> http://puck.nether.net/mailman/listinfo/juniper-nsp
> > >>
> > >
> > > _______________________________________________
> > > juniper-nsp mailing list juniper-nsp at puck.nether.net 
> > > http://puck.nether.net/mailman/listinfo/juniper-nsp
> > 
> > 
> 
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> http://puck.nether.net/mailman/listinfo/juniper-nsp
> 



More information about the juniper-nsp mailing list