[j-nsp] L3VPN advertises the directly connected subnet - why?

Harry Reynolds harry at juniper.net
Tue Jan 26 11:37:51 EST 2010

It sounds like you are using vrf-export for policy. If so, it automatically advertises the direct subnet as soon as the CE next hop is learned via some other router exchange, say OSPF. If you use explicit vrf-export you will return to the default behavior and you will need to match on and accept the type of route you wish to readvertise.

If you have a broadcast vrf interface, and try to export only the direct, when you have learned no other CE routes you will find the route is not advertised with a label, causing it to be hidden at the remote end. This is because when routing to the direct vrf the PE actually pops the label and shunts to the CE, who then returns the pack if its actually addressed to the PE's end of the vrf. If we have not yet learned the CE next hop, there is no way to shunt, so the direct vrf is unlabeled.


-----Original Message-----
From: juniper-nsp-bounces at puck.nether.net [mailto:juniper-nsp-bounces at puck.nether.net] On Behalf Of Jeroen Valcke
Sent: Tuesday, January 26, 2010 7:52 AM
To: juniper-nsp at puck.nether.net
Subject: [j-nsp] L3VPN advertises the directly connected subnet - why?


I'm doing some testing with simple plain L3VPNs and ran into some weird behaviour. At least I think it's weird. Perhaps somebody can enlighten me.

A CE router is exchanging routes with the PE through BGP. These routes are correctly advertised 'over' the L3VPN towards other CE routers.
However the directly connected subnet between the CE and PE is also advertised to the other CE routers. 

Why is this? It was my understanding that only the routes learned from the BGP advertisement from the CE router would be advertised to the other CE routers.

What's the reasoning behind this behaviour?
Can I alter this behaviour? And if yes, is it safe to do so?

Weirdly enough I've found a Juniper KB [1] which seems to document the exact opposite behaviour of what I'm experiencing. This KB describes a case where the directly connected subnet is not advertised over the L3VPN and how to 'fix' this.

Thanks for any clues.
Kind regards,

PS: JunOS version on the PE routers is 9.3R2.8

[1] http://kb.juniper.net/index?page=content&id=KB12430&cat=BGP&actp=LIST

Jeroen Valcke
juniper-nsp mailing list juniper-nsp at puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp

More information about the juniper-nsp mailing list