[j-nsp] Internet access from VRF issue

Alexey alexey.sazhin at yandex.ru
Tue Jun 4 16:33:04 EDT 2013 

Mihai, Olivier, 
thanks for your response, I also suggests that it could be related with IBGP rules, but unfortunately making R4 route-reflector for R3 doesn't resolve the issue:

R4 at M7i-2# show protocols bgp 
...
group vpnv4-r3 {
    type internal;
    local-address 172.27.255.4;
    family inet-vpn {
        unicast;
    }
    cluster 0.0.0.1;
    neighbor 172.27.255.3;
}

[edit]
R4 at M7i-2# 

R4 at M7i-2# run show route advertising-protocol bgp 172.27.255.3    

bgp.l3vpn.0: 3 destinations, 3 routes (3 active, 0 holddown, 0 hidden)
Restart Complete
  Prefix                  Nexthop              MED     Lclpref    AS path
  172.27.255.4:100:2.2.2.2/32                    
*                         Self                         100        1 I
  172.27.255.4:100:172.27.0.4/30                    
*                         Self                         100        I

[edit]
R4 at M7i-2#

Earlier I also try to use rib-group "inet0->vrf" which imports routes to inet.0 and Customer.inet.0 tables, ospf routes get into Customer.inet.0 but still don't get advertised to R3:

R4 at M7i-2# show protocols ospf   
rib-group inet0->vrf;

R4 at M7i-2# show routing-options rib-groups 
inet0->vrf {
    import-rib [ inet.0 Customer.inet.0 ];
}


The same ospf route in both tables of R4:
R4 at M7i-2# run show route protocol ospf 172.27.0.0/30  

inet.0: 32 destinations, 37 routes (30 active, 0 holddown, 2 hidden)
Restart Complete
+ = Active Route, - = Last Active, * = Both

172.27.0.0/30      *[OSPF/10] 00:07:35, metric 100

>  to 172.27.0.10 via ge-1/3/0.41

inet.3: 7 destinations, 11 routes (2 active, 0 holddown, 7 hidden)
Restart Complete

Customer.inet.0: 13 destinations, 13 routes (13 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

172.27.0.0/30      *[OSPF/10] 00:07:35, metric 100

>  to 172.27.0.10 via ge-1/3/0.41

[edit]
R4 at M7i-2# 

But still no ospf routes advertised to R3:
R4 at M7i-2# run show route advertising-protocol bgp 172.27.255.3    

bgp.l3vpn.0: 3 destinations, 3 routes (3 active, 0 holddown, 0 hidden)
Restart Complete
  Prefix                  Nexthop              MED     Lclpref    AS path
  172.27.255.4:100:2.2.2.2/32                    
*                         Self                         100        1 I
  172.27.255.4:100:172.27.0.4/30                    
*                         Self                         100        I

[edit]
R4 at M7i-2#


-- 
Alexey S.
Leading engineer
Network solutions team
CCIE R&S

alexey.sazhin at yandex.ru

04.06.2013, 21:09, "Mihai" <mihaigabriel at gmail.com>:

>    for R3, sorry :)
>
>  On 06/04/2013 07:56 PM, Mihai wrote:
>>   Hello,
>>
>>   Maybe I am wrong, but as long as R1,R3,R4 are internal bgp neighbors, R4
>>   should be route reflector for R4.
>>
>>   Regards,
>>   Mihai
>>
>>   On 06/04/2013 06:44 PM, Alexey wrote:
>>>   Hi guys,
>>>
>>>   Now I'm preparing for JNCIE-SP certification, and faced with problem
>>>   providing internet-access for VPN users.
>>>
>>>   I attach my test topology to email.
>>>   R4 and R3 are PE routers which holds vrf table "Customer", R1 router
>>>   holds ipv4 static route 8.8.8.8/32 to represent Internet routes.
>>>   Between R4 and R3 there is vpnv4 IBGP session and Between R4 and R1 -
>>>   ipv4 IBGP.
>>>
>>>   I use rib-group to import IPv4 routes received from R1 also in table
>>>   Customer.inet.0. Routes are imported as expected and I see 8.8.8.8/32
>>>   in vrf Customer:
>>>   R4# run show route table Customer 8.8.8.8
>>>
>>>   Customer.inet.0: 4 destinations, 4 routes (4 active, 0 holddown, 0
>>>   hidden)
>>>   + = Active Route, - = Last Active, * = Both
>>>
>>>   8.8.8.8/32 *[BGP/170] 00:50:35, localpref 100, from 172.27.255.1
>>>   AS path: I
>>>>   to 172.27.0.10 via ge-1/3/0.41, label-switched-path r4-to-r1
>>>   [edit]
>>>   R4 at M7i-2#
>>>
>>>   But the problem is that R4 doesn't pass this route from VRF to R3 via
>>>   MP-BGP.
>>>   R4 at M7i-2# run show route advertising-protocol bgp 172.27.255.3
>>>
>>>   Customer.inet.0: 4 destinations, 4 routes (4 active, 0 holddown, 0
>>>   hidden)
>>>   Prefix Nexthop MED Lclpref AS path
>>>   * 2.2.2.2/32 Self 100 1 I
>>>   * 172.27.0.4/30 Self 100 I
>>>
>>>   [edit]
>>>   R4 at M7i-2#
>>>
>>>   The same task was in bootcamp lab guide book, and according to it,
>>>   other members of VRF do receive internet routes. I also tried to use
>>>   VRF export policy;vrf-table-label - nothing helps.
>>>   Please help, may be there is some knob to make it work?
>>>
>>>   PS:All routers are real equipment (no logical systems).
>>>   PSS:I also attach relevant parts of config.
>>>
>>>   _______________________________________________
>>>   juniper-nsp mailing list juniper-nsp at puck.nether.net
>>>   https://puck.nether.net/mailman/listinfo/juniper-nsp

More information about the juniper-nsp mailing list