[j-nsp] Fwd: AS path loop detection from IBGP peer

Steven Brenchley bresteven at gmail.com
Fri Aug 21 15:59:47 EDT 2009 

Hi Jana,

      I think I may have found a better solution.  There is another option,
which is to pass the iBGP information of your customer transparently across
the VPN network. i.e. the routes on the customer side will not see the
AS(es) that are used on the VPN network.

You can do this by configuring a VRF such that:

routing-options {
    autonomous-system <*customer AS*> *independent-domain*;
}
protocols {
    bgp {
        group ibgp {
            type *internal*;
            neighbor <peer IP>;
        }
    }
}

     This will instruct the PE to transport the customer network BGP
attributes transparently over the VPN infrastructure. The protocol extension
is documented in draft-marques-l3vpn-ibgp-01.


On Thu, Aug 20, 2009 at 1:48 PM, janardhan madabattula <
janardhan632 at gmail.com> wrote:

> Hi Steve,
>
> This is not working in IBGP case, I mean the command itself is not taking
> affect.
>
> Do you expect this to work in IBGP peers (PEs).?
>
>
> =================
>    }
>     policy-statement loopback1 {
>         from {
>             route-filter 6.6.6.6/32 exact;
>         }
>         then accept;
>     }
>     policy-statement spoke3-EX {
>         from protocol [ static direct bgp ];
>         then {
>             community add spoke3-comm1;
>             accept;
>         }
>     }
>     policy-statement spoke3-IMP {
>         from {
>             protocol bgp;
>             community spoke3-comm2;
>         }
>         then accept;
>     }
>     community vpn1-comm members target:1:6500;
>     community spoke3-comm1 members target:1:1100;
>     community spoke3-comm2 members target:1:1000;
> }
> routing-instances {
>     vpn1 {
>         instance-type vrf;
>         interface ge-0/0/6.1;
>         route-distinguisher 1.1.1.4:6500;
>         vrf-import vpn1-IMP;
>         vrf-export vpn1-EX;
>         routing-options {
>             rib vpn1.inet6.0 {
>                 static {
>                     route 210::/64 next-hop 3ffe::21:1;
>                 }
>             }
>         }
>         protocols {
>             bgp {
>                 family inet6 {
>                     unicast;
>                 }
>                 group to-N2X {
>                     peer-as 1000;
>                     local-as 1;
>                     neighbor 200::1;
>                 }
>             }
>         }
>     }
>     spoke3 {
>         instance-type vrf;
>         interface ge-0/0/6.2;
>         route-distinguisher 1.1.1.4:1100;
>         vrf-import spoke3-IMP;
>         vrf-export spoke3-EX;
>         routing-options {
>             rib spoke3.inet6.0 {
>                 static {
>                     route 155::/64 next-hop 150::1;
>                 }
>             }
>         }
>     }
> }
> routing-options {
>     autonomous-system loops 2;
> }
> [edit groups MPBN logical-systems jana]
> test at Systest-M320# commit check
> [edit logical-systems jana routing-options]
>   'autonomous-system'
>     Missing mandatory statement: <as_number>
> error: configuration check-out failed: (missing mandatory statements)
> [edit groups MPBN logical-systems jana]
> test at Systest-M320# set routing-options autonomous-system loops 2 1
> [edit groups MPBN logical-systems jana]
> test at Systest-M320# commit check
> [edit groups MPBN logical-systems jana protocols bgp group PE1]
>   'local-as'
>     Invalid loop count configured
> error: configuration check-out failed
> [edit groups MPBN logical-systems jana]
> test at Systest-M320#
> ==================
> THanks,
> Janardhan
>
> On Tue, Aug 18, 2009 at 4:45 PM, Steven Brenchley <bresteven at gmail.com>wrote:
>
>>      I've never set it up with IPV6 and the doc's don't say one way or
>> another but I would think it wouldn't make a difference
>> .
>>     If this is in a routing instance then you'll need to apply it in the
>> routing instance?
>>
>> # set routing-instances vpn routing-options autonomous-system loops 2
>>
>>
>> On Tue, Aug 18, 2009 at 7:03 PM, janardhan madabattula <
>> janardhan632 at gmail.com> wrote:
>>
>>> Hi,
>>>
>>> Does this work in 6VPE environment ?
>>>
>>> Still, I am seeing the IBGP peer is not installing those routes with its
>>> own AS in AS-PATH list.
>>>
>>> THanks,
>>> Jana
>>>
>>>   On Tue, Aug 18, 2009 at 3:47 PM, Steven Brenchley <bresteven at gmail.com
>>> > wrote:
>>>
>>>> Hi Janardhan,
>>>>       There is no way to disable AS loop detection but you can make the
>>>> router accept an AS loop up to 10 times.  Use the following command.
>>>>
>>>> # set routing-options autonomous-system loops 10
>>>>
>>>>   On Tue, Aug 18, 2009 at 5:01 PM, janardhan madabattula <
>>>> janardhan632 at gmail.com> wrote:
>>>>
>>>>>  Hi,
>>>>>
>>>>> Is there any way to disable AS path loop detection when it recieve
>>>>> route
>>>>> update from IBGP peer.
>>>>>
>>>>> Thanks,
>>>>> Janardhan
>>>>> _______________________________________________
>>>>> juniper-nsp mailing list juniper-nsp at puck.nether.net
>>>>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>>>>>
>>>>
>>>>
>>>>
>>>> --
>>>> Steven Brenchley
>>>> -------------------------------------
>>>> There are 10 types of people in the world those who understand binary
>>>> and those who don't.
>>>>
>>>
>>>
>>
>>
>> --
>> Steven Brenchley
>> -------------------------------------
>> There are 10 types of people in the world those who understand binary and
>> those who don't.
>>
>
>


-- 
Steven Brenchley
-------------------------------------
There are 10 types of people in the world those who understand binary and
those who don't.



-- 
Steven Brenchley
-------------------------------------
There are 10 types of people in the world those who understand binary and
those who don't.

More information about the juniper-nsp mailing list