[j-nsp] BGP RR in MPLS VPN

Lewis, Charles charles_h_lewis at fanniemae.com
Tue Oct 10 17:01:58 EDT 2006


It's similar to what Harry Reynolds suggested in an earlier message but typically if you're running an RR you'll have IGP reachability to the loopbacks in your network within inet.0.  As such, a simple application of rib-groups would solve your issue -

rib-groups {
    rr-label-reachability {
        import-rib [ inet.0 inet.3 ];
    }
} 

In your IGP of choice (or static):

 rib-group rr-label-reachability;

Obviously filters can be applied to limit the routes entering inet.3, etc, but we've found the above to be a very useful solution.

CHL


-----Original Message-----
From: juniper-nsp-bounces at puck.nether.net [mailto:juniper-nsp-bounces at puck.nether.net] On Behalf Of senad palislamovic
Sent: Tuesday, October 10, 2006 1:31 PM
To: swm at emanon.com; 'Anton Smith'; juniper-nsp at puck.nether.net
Subject: Re: [j-nsp] BGP RR in MPLS VPN

All,


As mentioned earlier; from forwarding perspective,
there is no need for LSPs from RR to PEs, as PE needs
LSP to another PE, not an RR.  

However, BGP will only look at inet.3 table for
resolution of VPN routes.  Having RR running inet-vpn
family, if loopbacks are not present for route
resolution in inet.3; the route WILL be hidden.  

So the problem is populating inet.3 with PEs
loopbacks.  This could be commonly solved with LSPs
from PEs to RRs (with LDP that is given, cuz its
already present in inet.3).  However, if running RSVP,
which involves a lot of manual configuration, I'd say
the trick with rib-groups could be used to populate
inet.3 with PEs' loopbacks.  

AFAIK, there are not any hidden nobs for it as of yet
(like traffic-engineering bgp-igp-both-ribs, but
copying in other direction, from inet.0 to inet.3)

HTH

Senad

--- Scott Morris <swm at emanon.com> wrote:

> If your next hops are the loopbacks of the PE's, you
> can always have those
> in your inet.3 table.  But you are correct, if the
> RR cannot resolve that
> next hop then the route will not be used or sent to
> other peers.
> 
> If you do something like next-hop-self on the RR,
> then you most definitely
> will need to involve the RR in your LSPs.  But
> otherwise, it can be avoided.
> 
> While it would be nice if there were a way to
> disable that check, according
> to JunOS docs, it still notes that the RR is not
> "supported" for VPN routes
> for this reason.  (e.g. this is workaround, not an
> officially supported
> thing at this time!)
> 
> It's nice to do this to have the LSPs where it makes
> sense, and simply use
> the RR as an efficient mechanism to exchange routing
> information.
> 
> Scott 
> 
> -----Original Message-----
> From: juniper-nsp-bounces at puck.nether.net
> [mailto:juniper-nsp-bounces at puck.nether.net] On
> Behalf Of Anton Smith
> Sent: Tuesday, October 10, 2006 7:39 AM
> To: juniper-nsp at puck.nether.net
> Subject: Re: [j-nsp] BGP RR in MPLS VPN
> 
> Hi,
> 
> Senad wrote:
>  > Scott, I AFAIK, unless P (RR) has PE's loopbacks
> (if IBGP) or physical >
> links (whatever is BGP NH) in its inet.3 table, the
> VPN routes will be >
> hidden. Therefore, we do need LSPs from PE to RRs.
> Plz, correct me if >I am
> wrong. It's been a while and can't jump on boxes
> right now. HTH,  > Senad
> 
>  > --- Scott Morris <swm at emanon.com> wrote:
>  > > No.  The RR will simply pass around routing  >
> > information.  As long
> as the  > > next-hop IP remains unchanged (PE to PE)
> then your  > > LSPs
> have no need to go  > > through the RR.
>  > >
>  > > HTH,
>  > >
>  > > Scott
> 
> Senad, I think you are correct. If the next-hops are
> not resolvable on the
> RR it won´t re-advertise them.
> 
> Does anyone know if there is a reason for this? And
> if so, are there any
> plans to put some kind of override knob in for this
> situation? Does the P
> really need LSPs to the PEs? Just because the P
> cannot resolve the next-hop
> does not necessarily mean the PEs will be unable to.
> 
> Regards,
> Anton
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
> 
> 
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
> 


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 
_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp



More information about the juniper-nsp mailing list