[j-nsp] Internet access from VRF issue
Mihai Gabriel
mihaigabriel at gmail.com
Wed Jun 5 04:43:30 EDT 2013
I don't have the book with me right now to check, but I tried your setup
without succes:)
A workaround for this would be a generated default route on R4 when
8.8.8.8 exists in customer.inet.0
mihai at mx#run show route table customer.inet.0 0.0.0.0/0 exact
customer.inet.0: 8 destinations, 8 routes (8 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
0.0.0.0/0 *[Aggregate/130] 00:06:26
Reject
mihai at mx#show routing-instances customer routing-options generate
route 0.0.0.0/0 policy if-8.8.8.8-exist;
mihai at mx#show policy-options policy-statement if-8.8.8.8-exist
term 10 {
from {
protocol bgp;
route-filter 8.8.8.8/32 exact;
}
then accept;
}
term 20 {
then reject;
}
mihai at mx#run show route advertising-protocol bgp 172.27.255.3 0.0.0.0/0
bgp.l3vpn.0: 7 destinations, 7 routes (7 active, 0 holddown, 0 hidden)
Prefix Nexthop MED Lclpref AS path
10:10:0.0.0.0/0
* Self 100 I
On Tue, Jun 4, 2013 at 11:33 PM, Alexey <alexey.sazhin at yandex.ru> wrote:
> Mihai, Olivier,
> thanks for your response, I also suggests that it could be related with
> IBGP rules, but unfortunately making R4 route-reflector for R3 doesn't
> resolve the issue:
>
> R4 at M7i-2# show protocols bgp
> ...
> group vpnv4-r3 {
> type internal;
> local-address 172.27.255.4;
> family inet-vpn {
> unicast;
> }
> cluster 0.0.0.1;
> neighbor 172.27.255.3;
> }
>
> [edit]
> R4 at M7i-2#
>
> R4 at M7i-2# run show route advertising-protocol bgp 172.27.255.3
>
> bgp.l3vpn.0: 3 destinations, 3 routes (3 active, 0 holddown, 0 hidden)
> Restart Complete
> Prefix Nexthop MED Lclpref AS path
> 172.27.255.4:100:2.2.2.2/32
> * Self 100 1 I
> 172.27.255.4:100:172.27.0.4/30
> * Self 100 I
>
> [edit]
> R4 at M7i-2#
>
> Earlier I also try to use rib-group "inet0->vrf" which imports routes to
> inet.0 and Customer.inet.0 tables, ospf routes get into Customer.inet.0 but
> still don't get advertised to R3:
>
> R4 at M7i-2# show protocols ospf
> rib-group inet0->vrf;
>
> R4 at M7i-2# show routing-options rib-groups
> inet0->vrf {
> import-rib [ inet.0 Customer.inet.0 ];
> }
>
>
> The same ospf route in both tables of R4:
> R4 at M7i-2# run show route protocol ospf 172.27.0.0/30
>
> inet.0: 32 destinations, 37 routes (30 active, 0 holddown, 2 hidden)
> Restart Complete
> + = Active Route, - = Last Active, * = Both
>
> 172.27.0.0/30 *[OSPF/10] 00:07:35, metric 100
>
> > to 172.27.0.10 via ge-1/3/0.41
>
> inet.3: 7 destinations, 11 routes (2 active, 0 holddown, 7 hidden)
> Restart Complete
>
> Customer.inet.0: 13 destinations, 13 routes (13 active, 0 holddown, 0
> hidden)
> + = Active Route, - = Last Active, * = Both
>
> 172.27.0.0/30 *[OSPF/10] 00:07:35, metric 100
>
> > to 172.27.0.10 via ge-1/3/0.41
>
> [edit]
> R4 at M7i-2#
>
> But still no ospf routes advertised to R3:
> R4 at M7i-2# run show route advertising-protocol bgp 172.27.255.3
>
> bgp.l3vpn.0: 3 destinations, 3 routes (3 active, 0 holddown, 0 hidden)
> Restart Complete
> Prefix Nexthop MED Lclpref AS path
> 172.27.255.4:100:2.2.2.2/32
> * Self 100 1 I
> 172.27.255.4:100:172.27.0.4/30
> * Self 100 I
>
> [edit]
> R4 at M7i-2#
>
>
> --
> Alexey S.
> Leading engineer
> Network solutions team
> CCIE R&S
>
> alexey.sazhin at yandex.ru
>
> 04.06.2013, 21:09, "Mihai" <mihaigabriel at gmail.com>:
>
> > for R3, sorry :)
> >
> > On 06/04/2013 07:56 PM, Mihai wrote:
> >> Hello,
> >>
> >> Maybe I am wrong, but as long as R1,R3,R4 are internal bgp neighbors,
> R4
> >> should be route reflector for R4.
> >>
> >> Regards,
> >> Mihai
> >>
> >> On 06/04/2013 06:44 PM, Alexey wrote:
> >>> Hi guys,
> >>>
> >>> Now I'm preparing for JNCIE-SP certification, and faced with problem
> >>> providing internet-access for VPN users.
> >>>
> >>> I attach my test topology to email.
> >>> R4 and R3 are PE routers which holds vrf table "Customer", R1 router
> >>> holds ipv4 static route 8.8.8.8/32 to represent Internet routes.
> >>> Between R4 and R3 there is vpnv4 IBGP session and Between R4 and R1 -
> >>> ipv4 IBGP.
> >>>
> >>> I use rib-group to import IPv4 routes received from R1 also in table
> >>> Customer.inet.0. Routes are imported as expected and I see
> 8.8.8.8/32
> >>> in vrf Customer:
> >>> R4# run show route table Customer 8.8.8.8
> >>>
> >>> Customer.inet.0: 4 destinations, 4 routes (4 active, 0 holddown, 0
> >>> hidden)
> >>> + = Active Route, - = Last Active, * = Both
> >>>
> >>> 8.8.8.8/32 *[BGP/170] 00:50:35, localpref 100, from 172.27.255.1
> >>> AS path: I
> >>>> to 172.27.0.10 via ge-1/3/0.41, label-switched-path r4-to-r1
> >>> [edit]
> >>> R4 at M7i-2#
> >>>
> >>> But the problem is that R4 doesn't pass this route from VRF to R3 via
> >>> MP-BGP.
> >>> R4 at M7i-2# run show route advertising-protocol bgp 172.27.255.3
> >>>
> >>> Customer.inet.0: 4 destinations, 4 routes (4 active, 0 holddown, 0
> >>> hidden)
> >>> Prefix Nexthop MED Lclpref AS path
> >>> * 2.2.2.2/32 Self 100 1 I
> >>> * 172.27.0.4/30 Self 100 I
> >>>
> >>> [edit]
> >>> R4 at M7i-2#
> >>>
> >>> The same task was in bootcamp lab guide book, and according to it,
> >>> other members of VRF do receive internet routes. I also tried to use
> >>> VRF export policy;vrf-table-label - nothing helps.
> >>> Please help, may be there is some knob to make it work?
> >>>
> >>> PS:All routers are real equipment (no logical systems).
> >>> PSS:I also attach relevant parts of config.
> >>>
> >>> _______________________________________________
> >>> juniper-nsp mailing list juniper-nsp at puck.nether.net
> >>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
More information about the juniper-nsp
mailing list