[j-nsp] Origin with VPN
Ahmad Alhady
ahmad.alhady at yahoo.com
Sun Dec 28 22:13:16 EST 2008
Hi Fulks
I have PE1 and PE2 connceted to CE1 and CE2
CE1 and CE2 has backdor link and are connected direct iBGP session...
I want to prevent loops
I assign origin in the export vrf policy for both of PEs, and reject all routes have origin from exporting it
BUT still seeing that PE see his CE routes from his CE (prefered) and the remote PE
I tried another solution, assign different origins in each PE, and
rejecting the traffic who have his own origin. but still the PEs seeing
the routes from direct CEs !! also PE1 seeing both routes from CE1, and PE2 seeing both routes from CE2...
////////////////////////////1st Solution////////////////////////////////
root# show policy-statement vpnx-ex
term 1 {
from {
protocol bgp;
community originx;
}
then reject;
}
term 2 {
from {
protocol bgp;
neighbor CE;
}
then {
community add originx;
community add targetx;
accept;
}
}
root# show policy-statement vpnx-im
term 1 {
from {
protocol bgp;
community targetx;
}
then accept;
}
/////////////////////// 2nd Solution ////////////////////////////////////////
root# show policy-statement vpnx-ex
term 1 {
from {
protocol bgp;
neighbor 10.10.1.1;
}
then {
community add targetx;
community add originx;
accept;
}
}
root# show policy-statement vpnx-im
term 1a {
from {
protocol bgp;
community originx;
}
then reject;
}
term 1 {
from {
protocol bgp;
community targetx;
}
then accept;
}
/////////////////////////////////////////////////////
What do you recommend me to do !?
Thanks
Ahmad
More information about the juniper-nsp
mailing list