[j-nsp] Problem of Forwarding on VPN using vrf-table-label.

Ger, Javier jger at cablevision.com.ar
Tue Oct 19 10:30:51 EDT 2010


Dear community,

just to add some additional comments/questions about this topic.

We have 2 PE (logical systems) with 2 VRF belonging to same VPN (working with AFI IPv4 and SAFI VPNv4).
- VRF-A in PE1 has only 1 CE1 facing interface and a PE-CE eBGP session is established throught it.
- VRF-A within PE2 has 2 interfaces to CE2. There are 2 eBGP sessiones between both devices, one per interface.
- VRFs in both ends are using the vrf-target option, which should result in a default VRF policy that advertise all active routes in the VRF, including the directly connected routes from the PE-CE VRF interfaces. 

Based on the mentioned scenario we see the following behavior.
1- When vrf-table-label is not configured, the only direct routes we receive on the remote end are those having an active eBGP route (in other words, the next hop of the eBGP active route, pointing to the attached CE, belongs to /30 of the direct route being received).
2- When vrf-table-label is configured, every direct route is received on the remote, even those not having an active eBGP route.

I would like to have a better understanding about the reasons for the described behavior.
 
Any help would be much appreciated.


-----Mensaje original-----
De: juniper-nsp-bounces at puck.nether.net [mailto:juniper-nsp-bounces at puck.nether.net] En nombre de David Lockuan
Enviado el: Sábado, 16 de Octubre de 2010 07:16 p.m.
Para: Cristian Frizziero
CC: juniper-nsp at puck.nether.net
Asunto: Re: [j-nsp] Problem of Forwarding on VPN using vrf-table-label.

Hi Cristian,

It is correct, I had 2 PE with 2 VPN. Sorry I don't send the
configuration of both PE's. Just now I send you the both
configurations.

I noted that when I used the command "vrf-table-label" the next-hop
after the label lookup is to next-table of the VPN and when I don't
used it the next-hop is the IP address or interface to face the CE
router. Other things that I noted is the vpn-label on both PE is the
same for each VPN and when I don't use the command the vpn-label is
different for each VPN.

I send the output of my review. In this case I put only into VPN-A the
command and the VPN-B is without the command.

Visite http://www.cablevision.com.ar

Visite http://www.fibertel.com.ar

___________________________________________________________________________

Este mensaje es confidencial. Puede contener informacion amparada por el secreto comercial.
Si usted ha recibido este e-mail por error, debera eliminarlo de su sistema.
No debera copiar el mensaje ni divulgar su contenido a ninguna persona. Muchas gracias.

This message is confidential. It may also contain information that is privileged or not
authorized to be disclosed. If you have received it by mistake, delete it from your system.
You should not copy the messsage nor disclose its contents to anyone. Many thanks.
___________________________________________________________________________



More information about the juniper-nsp mailing list