[j-nsp] Cisco-style "allowas-in" OR: Inter-connecting VPNs (+default VRF) using eBGP
Phil Mayers
p.mayers at imperial.ac.uk
Tue May 15 07:15:12 EDT 2007
All,
I'm running a (slightly more complex) version of the network shown here:
http://picasaweb.google.co.uk/phil.mayers/NetworkDiagrams/photo#5064742915858918722
Important things to note: there are only 6 physical routers in this
network. rtr-A and rtr-B are 6500s running MPLS L3 VPNs. The cisco
implementation mandates that the BGP process "inside" the VPN be the
same AS# as the other VPNs and the non-VPN.
The network basically works; as long as I use "allowas-in 1" on the VPN
and non-VPN eBGP peerings it's all good and the routes propagate between
the VRFs and into the non-VRF.
However, the two Junipers ignore the routes from the VPNs, presumably
because they've got their own AS# in, though there's no logging in the
(oh so awful) traceing. What's slightly odd is that the ciscos seem to
need no special handling in order to accept iBGP routes with their own
as# in - the "allowas-in" command is only needed for the eBGP peerings.
Can anyone comment on the expected behaviour, any workarounds available
to me (make the junipers accepts the routes) or any possible alternative
techniques?
Things I've tried:
* remove-private-as on the firewall->nonVRF eBGP peering does not
appear to work, presumably because we *are using* private as# at both ends.
* Ciscos' "local-as" command on the vrf->firewall eBGP peerings does
not appear to do what I expected: instead of masquerading the routes as
e.g. 64582, is appears to *prepend* it.
Comments appreciated.
More information about the juniper-nsp
mailing list