[j-nsp] R: Cisco-style "allowas-in" OR: Inter-connecting VPNs (+default VRF) using eBGP
Massimiliano Galizia XMG (RM/TEI)
massimiliano.xmg.galizia at ericsson.com
Tue May 15 07:40:36 EDT 2007
I'm not sure to completely understand your issue, so don't curse me if I ask you this question: is your trouble caused by AS PATH number? Since it is the first thing a router examines to detect loops, a repeated AS number in the path makes routes go in the waste.
Did you try to put the "loops 2" statement in the autonomous-system configuration?
Infact this is one way to alter AS PATH behaviour. You can allow the local AS # to appear in the path as many as 10 times.
MASSIMILIANO GALIZIA
-----Messaggio originale-----
Da: juniper-nsp-bounces at puck.nether.net [mailto:juniper-nsp-bounces at puck.nether.net] Per conto di Phil Mayers
Inviato: martedì 15 maggio 2007 13.15
A: juniper-nsp
Oggetto: [j-nsp] Cisco-style "allowas-in" OR: Inter-connecting VPNs (+default VRF) using eBGP
All,
I'm running a (slightly more complex) version of the network shown here:
http://picasaweb.google.co.uk/phil.mayers/NetworkDiagrams/photo#5064742915858918722
Important things to note: there are only 6 physical routers in this
network. rtr-A and rtr-B are 6500s running MPLS L3 VPNs. The cisco
implementation mandates that the BGP process "inside" the VPN be the
same AS# as the other VPNs and the non-VPN.
The network basically works; as long as I use "allowas-in 1" on the VPN
and non-VPN eBGP peerings it's all good and the routes propagate between
the VRFs and into the non-VRF.
However, the two Junipers ignore the routes from the VPNs, presumably
because they've got their own AS# in, though there's no logging in the
(oh so awful) traceing. What's slightly odd is that the ciscos seem to
need no special handling in order to accept iBGP routes with their own
as# in - the "allowas-in" command is only needed for the eBGP peerings.
Can anyone comment on the expected behaviour, any workarounds available
to me (make the junipers accepts the routes) or any possible alternative
techniques?
Things I've tried:
* remove-private-as on the firewall->nonVRF eBGP peering does not
appear to work, presumably because we *are using* private as# at both ends.
* Ciscos' "local-as" command on the vrf->firewall eBGP peerings does
not appear to do what I expected: instead of masquerading the routes as
e.g. 64582, is appears to *prepend* it.
Comments appreciated.
_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
More information about the juniper-nsp
mailing list