[j-nsp] Internet access from VRF issue
Ivan Ivanov
ivanov.ivan at gmail.com
Wed Jun 5 06:22:21 EDT 2013
Hi,
Did you try to configure policy matching those routes and use it for *
vrf-export*?
The other option that I am thinking is to use *auto-export.* Because BGP is
advertising only the primary route. With *auto-export* the routes will be
looking like not coming from BGP process. But this is not the case with
OSPF so with OSPF it should work.
R4 at M7i-2# run show route 8.8.8.8/32 extensive - should show that the route
is secondary in Customer.inet.0
HTH,
Ivan,
On Wed, Jun 5, 2013 at 11:43 AM, Mihai Gabriel <mihaigabriel at gmail.com>wrote:
> I don't have the book with me right now to check, but I tried your setup
> without succes:)
> A workaround for this would be a generated default route on R4 when
> 8.8.8.8 exists in customer.inet.0
>
> mihai at mx#run show route table customer.inet.0 0.0.0.0/0 exact
>
> customer.inet.0: 8 destinations, 8 routes (8 active, 0 holddown, 0 hidden)
> + = Active Route, - = Last Active, * = Both
>
> 0.0.0.0/0 *[Aggregate/130] 00:06:26
> Reject
>
> mihai at mx#show routing-instances customer routing-options generate
> route 0.0.0.0/0 policy if-8.8.8.8-exist;
>
>
> mihai at mx#show policy-options policy-statement if-8.8.8.8-exist
> term 10 {
> from {
> protocol bgp;
> route-filter 8.8.8.8/32 exact;
> }
> then accept;
> }
> term 20 {
> then reject;
> }
>
> mihai at mx#run show route advertising-protocol bgp 172.27.255.3 0.0.0.0/0
>
> bgp.l3vpn.0: 7 destinations, 7 routes (7 active, 0 holddown, 0 hidden)
> Prefix Nexthop MED Lclpref AS path
> 10:10:0.0.0.0/0
> * Self 100 I
>
>
> On Tue, Jun 4, 2013 at 11:33 PM, Alexey <alexey.sazhin at yandex.ru> wrote:
>
> > Mihai, Olivier,
> > thanks for your response, I also suggests that it could be related with
> > IBGP rules, but unfortunately making R4 route-reflector for R3 doesn't
> > resolve the issue:
> >
> > R4 at M7i-2# show protocols bgp
> > ...
> > group vpnv4-r3 {
> > type internal;
> > local-address 172.27.255.4;
> > family inet-vpn {
> > unicast;
> > }
> > cluster 0.0.0.1;
> > neighbor 172.27.255.3;
> > }
> >
> > [edit]
> > R4 at M7i-2#
> >
> > R4 at M7i-2# run show route advertising-protocol bgp 172.27.255.3
> >
> > bgp.l3vpn.0: 3 destinations, 3 routes (3 active, 0 holddown, 0 hidden)
> > Restart Complete
> > Prefix Nexthop MED Lclpref AS path
> > 172.27.255.4:100:2.2.2.2/32
> > * Self 100 1 I
> > 172.27.255.4:100:172.27.0.4/30
> > * Self 100 I
> >
> > [edit]
> > R4 at M7i-2#
> >
> > Earlier I also try to use rib-group "inet0->vrf" which imports routes to
> > inet.0 and Customer.inet.0 tables, ospf routes get into Customer.inet.0
> but
> > still don't get advertised to R3:
> >
> > R4 at M7i-2# show protocols ospf
> > rib-group inet0->vrf;
> >
> > R4 at M7i-2# show routing-options rib-groups
> > inet0->vrf {
> > import-rib [ inet.0 Customer.inet.0 ];
> > }
> >
> >
> > The same ospf route in both tables of R4:
> > R4 at M7i-2# run show route protocol ospf 172.27.0.0/30
> >
> > inet.0: 32 destinations, 37 routes (30 active, 0 holddown, 2 hidden)
> > Restart Complete
> > + = Active Route, - = Last Active, * = Both
> >
> > 172.27.0.0/30 *[OSPF/10] 00:07:35, metric 100
> >
> > > to 172.27.0.10 via ge-1/3/0.41
> >
> > inet.3: 7 destinations, 11 routes (2 active, 0 holddown, 7 hidden)
> > Restart Complete
> >
> > Customer.inet.0: 13 destinations, 13 routes (13 active, 0 holddown, 0
> > hidden)
> > + = Active Route, - = Last Active, * = Both
> >
> > 172.27.0.0/30 *[OSPF/10] 00:07:35, metric 100
> >
> > > to 172.27.0.10 via ge-1/3/0.41
> >
> > [edit]
> > R4 at M7i-2#
> >
> > But still no ospf routes advertised to R3:
> > R4 at M7i-2# run show route advertising-protocol bgp 172.27.255.3
> >
> > bgp.l3vpn.0: 3 destinations, 3 routes (3 active, 0 holddown, 0 hidden)
> > Restart Complete
> > Prefix Nexthop MED Lclpref AS path
> > 172.27.255.4:100:2.2.2.2/32
> > * Self 100 1 I
> > 172.27.255.4:100:172.27.0.4/30
> > * Self 100 I
> >
> > [edit]
> > R4 at M7i-2#
> >
> >
> > --
> > Alexey S.
> > Leading engineer
> > Network solutions team
> > CCIE R&S
> >
> > alexey.sazhin at yandex.ru
> >
> > 04.06.2013, 21:09, "Mihai" <mihaigabriel at gmail.com>:
> >
> > > for R3, sorry :)
> > >
> > > On 06/04/2013 07:56 PM, Mihai wrote:
> > >> Hello,
> > >>
> > >> Maybe I am wrong, but as long as R1,R3,R4 are internal bgp
> neighbors,
> > R4
> > >> should be route reflector for R4.
> > >>
> > >> Regards,
> > >> Mihai
> > >>
> > >> On 06/04/2013 06:44 PM, Alexey wrote:
> > >>> Hi guys,
> > >>>
> > >>> Now I'm preparing for JNCIE-SP certification, and faced with
> problem
> > >>> providing internet-access for VPN users.
> > >>>
> > >>> I attach my test topology to email.
> > >>> R4 and R3 are PE routers which holds vrf table "Customer", R1
> router
> > >>> holds ipv4 static route 8.8.8.8/32 to represent Internet routes.
> > >>> Between R4 and R3 there is vpnv4 IBGP session and Between R4 and
> R1 -
> > >>> ipv4 IBGP.
> > >>>
> > >>> I use rib-group to import IPv4 routes received from R1 also in
> table
> > >>> Customer.inet.0. Routes are imported as expected and I see
> > 8.8.8.8/32
> > >>> in vrf Customer:
> > >>> R4# run show route table Customer 8.8.8.8
> > >>>
> > >>> Customer.inet.0: 4 destinations, 4 routes (4 active, 0 holddown, 0
> > >>> hidden)
> > >>> + = Active Route, - = Last Active, * = Both
> > >>>
> > >>> 8.8.8.8/32 *[BGP/170] 00:50:35, localpref 100, from 172.27.255.1
> > >>> AS path: I
> > >>>> to 172.27.0.10 via ge-1/3/0.41, label-switched-path r4-to-r1
> > >>> [edit]
> > >>> R4 at M7i-2#
> > >>>
> > >>> But the problem is that R4 doesn't pass this route from VRF to R3
> via
> > >>> MP-BGP.
> > >>> R4 at M7i-2# run show route advertising-protocol bgp 172.27.255.3
> > >>>
> > >>> Customer.inet.0: 4 destinations, 4 routes (4 active, 0 holddown, 0
> > >>> hidden)
> > >>> Prefix Nexthop MED Lclpref AS path
> > >>> * 2.2.2.2/32 Self 100 1 I
> > >>> * 172.27.0.4/30 Self 100 I
> > >>>
> > >>> [edit]
> > >>> R4 at M7i-2#
> > >>>
> > >>> The same task was in bootcamp lab guide book, and according to it,
> > >>> other members of VRF do receive internet routes. I also tried to
> use
> > >>> VRF export policy;vrf-table-label - nothing helps.
> > >>> Please help, may be there is some knob to make it work?
> > >>>
> > >>> PS:All routers are real equipment (no logical systems).
> > >>> PSS:I also attach relevant parts of config.
> > >>>
> > >>> _______________________________________________
> > >>> juniper-nsp mailing list juniper-nsp at puck.nether.net
> > >>> https://puck.nether.net/mailman/listinfo/juniper-nsp
> >
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
--
Best Regards!
Ivan Ivanov
More information about the juniper-nsp
mailing list