[j-nsp] Internet access from VRF issue
Alexey
alexey.sazhin at yandex.ru
Tue Jun 4 12:12:33 EDT 2013
topology in txt format, since .jpeg hasn't attached:
(R2)--vrf Customer-(R4)-----(core)-----(R1)-|8.8.8.8/32 static route in inet.0 to emulate Internet routes
|
|
(R3)
|vrf Customer
--
Alexey S.
Leading engineer
Network solutions team
CCIE R&S
alexey.sazhin at yandex.ru
04.06.2013, 19:51, "Alexey" <alexey.sazhin at yandex.ru>:
> Hi guys,
>
> Now I'm preparing for JNCIE-SP certification, and faced with problem providing internet-access for VPN users.
>
> I attach my test topology to email.
> R4 and R3 are PE routers which holds vrf table "Customer", R1 router holds ipv4 static route 8.8.8.8/32 to represent Internet routes. Between R4 and R3 there is vpnv4 IBGP session and Between R4 and R1 - ipv4 IBGP.
>
> I use rib-group to import IPv4 routes received from R1 also in table Customer.inet.0. Routes are imported as expected and I see 8.8.8.8/32 in vrf Customer:
> R4# run show route table Customer 8.8.8.8
>
> Customer.inet.0: 4 destinations, 4 routes (4 active, 0 holddown, 0 hidden)
> + = Active Route, - = Last Active, * = Both
>
> 8.8.8.8/32 *[BGP/170] 00:50:35, localpref 100, from 172.27.255.1
> AS path: I
>
>> to 172.27.0.10 via ge-1/3/0.41, label-switched-path r4-to-r1
>
> [edit]
> R4 at M7i-2#
>
> But the problem is that R4 doesn't pass this route from VRF to R3 via MP-BGP.
> R4 at M7i-2# run show route advertising-protocol bgp 172.27.255.3
>
> Customer.inet.0: 4 destinations, 4 routes (4 active, 0 holddown, 0 hidden)
> Prefix Nexthop MED Lclpref AS path
> * 2.2.2.2/32 Self 100 1 I
> * 172.27.0.4/30 Self 100 I
>
> [edit]
> R4 at M7i-2#
>
> The same task was in bootcamp lab guide book, and according to it, other members of VRF do receive internet routes. I also tried to use VRF export policy;vrf-table-label - nothing helps.
> Please help, may be there is some knob to make it work?
>
> PS:All routers are real equipment (no logical systems).
> PSS:I also attach relevant parts of config.
>
> --
> Alexey S.
> Leading engineer
> Network solutions team
> CCIE R&S
>
> ,
> #####Configs:
> R4 at M7i-2# show protocols bgp
> group ipv4-r1 {
> type internal;
> local-address 172.27.255.4;
> family inet {
> unicast {
> rib-group inet0->vrf;
> }
> }
> neighbor 172.27.255.1;
> }
> group vpnv4-r3 {
> type internal;
> local-address 172.27.255.4;
> family inet-vpn {
> unicast;
> }
> neighbor 172.27.255.3;
> }
>
> [edit]
> R4 at M7i-2# show routing-options rib-groups
> inet0->vrf {
> import-rib [ inet.0 Customer.inet.0 ];
> }
>
> [edit]
> R4 at M7i-2#
> R4 at M7i-2# show routing-instances
> Customer {
> instance-type vrf;
> interface ge-1/3/0.42;
> route-distinguisher 172.27.255.4:100;
> vrf-target target:4:100;
> protocols {
> bgp {
> group R2-peer {
> neighbor 172.27.0.5 {
> peer-as 1;
> }
> }
> }
> }
> }
>
> [edit]
> R4 at M7i-2#
>
> R1 at M7i-1# show protocols bgp
> group ipv4-r4 {
> type internal;
> local-address 172.27.255.1;
> family inet {
> unicast;
> }
> export export-bgp-inet;
> neighbor 172.27.255.4;
> }
>
> [edit]
> R1 at M7i-1# show routing-options static
> route 8.8.8.8/32 discard;
>
> [edit]
> R1 at M7i-1#
>
> R3 at M7i-3# show protocols bgp
> group vpnv4-r1 {
> type internal;
> local-address 172.27.255.3;
> family inet-vpn {
> unicast;
> }
> neighbor 172.27.255.4;
> }
>
> [edit]
> R3 at M7i-3# show routing-instances
> Customer {
> instance-type vrf;
> route-distinguisher 172.27.255.3:100;
> vrf-target target:4:100;
> }
>
> [edit]
> R3 at M7i-3#
>
> ###Show results:
> R4 at M7i-2# run show bgp summary
> Groups: 3 Peers: 3 Down peers: 0
> Table Tot Paths Act Paths Suppressed History Damp State Pending
> inet.0 1 1 0 0 0 0
> bgp.l3vpn.0 0 0 0 0 0 0
> Peer AS InPkt OutPkt OutQ Flaps Last Up/Dwn State|#Active/Received/Accepted/Damped...
> 172.27.0.5 1 157 155 0 2 1:09:09 Establ
> Customer.inet.0: 1/1/1/0
> 172.27.255.1 3 142 139 0 0 1:02:15 Establ
> inet.0: 1/1/1/0
> 172.27.255.3 3 165 175 0 0 1:12:52 Establ
> bgp.l3vpn.0: 0/0/0/0
>
> [edit]
> R4 at M7i-2# run show route receive-protocol bgp 172.27.255.1
>
> inet.0: 32 destinations, 37 routes (30 active, 0 holddown, 2 hidden)
> Restart Complete
> Prefix Nexthop MED Lclpref AS path
> * 8.8.8.8/32 172.27.255.1 100 I
>
> inet.3: 7 destinations, 11 routes (2 active, 0 holddown, 7 hidden)
> Restart Complete
>
> Customer.inet.0: 4 destinations, 4 routes (4 active, 0 holddown, 0 hidden)
> Prefix Nexthop MED Lclpref AS path
> * 8.8.8.8/32 172.27.255.1 100 I
>
> [edit]
> R4 at M7i-2# run show route 8.8.8.8/32
>
> inet.0: 32 destinations, 37 routes (30 active, 0 holddown, 2 hidden)
> Restart Complete
> + = Active Route, - = Last Active, * = Both
>
> 8.8.8.8/32 *[BGP/170] 01:02:45, localpref 100, from 172.27.255.1
> AS path: I
>
>> to 172.27.0.10 via ge-1/3/0.41, label-switched-path r4-to-r1
>
> Customer.inet.0: 4 destinations, 4 routes (4 active, 0 holddown, 0 hidden)
> + = Active Route, - = Last Active, * = Both
>
> 8.8.8.8/32 *[BGP/170] 01:01:00, localpref 100, from 172.27.255.1
> AS path: I
>
>> to 172.27.0.10 via ge-1/3/0.41, label-switched-path r4-to-r1
>
> [edit]
> R4 at M7i-2#
> R4 at M7i-2# run show route advertising-protocol bgp 172.27.255.3
>
> Customer.inet.0: 4 destinations, 4 routes (4 active, 0 holddown, 0 hidden)
> Prefix Nexthop MED Lclpref AS path
> * 2.2.2.2/32 Self 100 1 I
> * 172.27.0.4/30 Self 100 I
>
> [edit]
> R4 at M7i-2#
>
> R3 at M7i-3# run show route 8.8.8.8
>
> [edit]
> R3 at M7i-3#
>
> ,
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
More information about the juniper-nsp
mailing list