[j-nsp] Cisco-style "allowas-in" OR: Inter-connecting VPNs (+default VRF) using eBGP

Andrew Ramsey akramsey at juniper.net
Tue May 15 07:45:38 EDT 2007


Can you do "show route protocol bgp hidden extensive"

> -----Original Message-----
> From: juniper-nsp-bounces at puck.nether.net [mailto:juniper-nsp-
> bounces at puck.nether.net] On Behalf Of Phil Mayers
> Sent: Tuesday, May 15, 2007 7:15 AM
> To: juniper-nsp
> Subject: [j-nsp] Cisco-style "allowas-in" OR: Inter-connecting VPNs
> (+default VRF) using eBGP
> 
> All,
> 
> I'm running a (slightly more complex) version of the network shown
here:
> 
>
http://picasaweb.google.co.uk/phil.mayers/NetworkDiagrams/photo#50647429
15
> 858918722
> 
> Important things to note: there are only 6 physical routers in this
> network. rtr-A and rtr-B are 6500s running MPLS L3 VPNs. The cisco
> implementation mandates that the BGP process "inside" the VPN be the
> same AS# as the other VPNs and the non-VPN.
> 
> The network basically works; as long as I use "allowas-in 1" on the
VPN
> and non-VPN eBGP peerings it's all good and the routes propagate
between
> the VRFs and into the non-VRF.
> 
> However, the two Junipers ignore the routes from the VPNs, presumably
> because they've got their own AS# in, though there's no logging in the
> (oh so awful) traceing. What's slightly odd is that the ciscos seem to
> need no special handling in order to accept iBGP routes with their own
> as# in - the "allowas-in" command is only needed for the eBGP
peerings.
> 
> Can anyone comment on the expected behaviour, any workarounds
available
> to me (make the junipers accepts the routes) or any possible
alternative
> techniques?
> 
> Things I've tried:
> 
>   * remove-private-as on the firewall->nonVRF eBGP peering does not
> appear to work, presumably because we *are using* private as# at both
> ends.
> 
>   * Ciscos' "local-as" command on the vrf->firewall eBGP peerings does
> not appear to do what I expected: instead of masquerading the routes
as
> e.g. 64582, is appears to *prepend* it.
> 
> Comments appreciated.
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp



More information about the juniper-nsp mailing list