[j-nsp] Internet access from VRF issue
Krasimir Avramski
krasi at smartcom.bg
Wed Jun 5 10:34:50 EDT 2013
Hi,
Make R4 RR for R1 (family inet unicast) and it should work. You will have
further intricacy on R3 accepting this route because R4 vpn-inet family
will not reset next-hop self automatically. In order to fix this you should
apply nhs for this route through explicit vrf-export policy.
The reason your OSFP routes are not advertised is that you already had
enabled RR under VPN4 family, so your vpn4 export table moved to
bgp.l3vpn.0 (from your output shared here):
R4 at M7i-2# run show route advertising-protocol bgp 172.27.255.3
*bgp.l3vpn.0*: 3 destinations, 3 routes (3 active, 0 holddown, 0 hidden)
.............................
Since there are no ospf routes in this table they are not advertised.
Auto-export feature is not an option here since secondary routes are not
honoured and I'm not aware rt-export process module to hide protocols
origin ;-).
https://www.juniper.net/techpubs/en_US/junos10.1/topics/example/route-sharing-simple-overlapping-vpns-solutions.html
Best Regards,
Krasi
On Tue, Jun 4, 2013 at 11:33 PM, Alexey <alexey.sazhin at yandex.ru> wrote:
> Mihai, Olivier,
> thanks for your response, I also suggests that it could be related with
> IBGP rules, but unfortunately making R4 route-reflector for R3 doesn't
> resolve the issue:
>
> R4 at M7i-2# show protocols bgp
> ...
> group vpnv4-r3 {
> type internal;
> local-address 172.27.255.4;
> family inet-vpn {
> unicast;
> }
> cluster 0.0.0.1;
> neighbor 172.27.255.3;
> }
>
> [edit]
> R4 at M7i-2#
>
> R4 at M7i-2# run show route advertising-protocol bgp 172.27.255.3
>
> bgp.l3vpn.0: 3 destinations, 3 routes (3 active, 0 holddown, 0 hidden)
> Restart Complete
> Prefix Nexthop MED Lclpref AS path
> 172.27.255.4:100:2.2.2.2/32
> * Self 100 1 I
> 172.27.255.4:100:172.27.0.4/30
> * Self 100 I
>
> [edit]
> R4 at M7i-2#
>
> Earlier I also try to use rib-group "inet0->vrf" which imports routes to
> inet.0 and Customer.inet.0 tables, ospf routes get into Customer.inet.0 but
> still don't get advertised to R3:
>
> R4 at M7i-2# show protocols ospf
> rib-group inet0->vrf;
>
> R4 at M7i-2# show routing-options rib-groups
> inet0->vrf {
> import-rib [ inet.0 Customer.inet.0 ];
> }
>
>
> The same ospf route in both tables of R4:
> R4 at M7i-2# run show route protocol ospf 172.27.0.0/30
>
> inet.0: 32 destinations, 37 routes (30 active, 0 holddown, 2 hidden)
> Restart Complete
> + = Active Route, - = Last Active, * = Both
>
> 172.27.0.0/30 *[OSPF/10] 00:07:35, metric 100
>
> > to 172.27.0.10 via ge-1/3/0.41
>
> inet.3: 7 destinations, 11 routes (2 active, 0 holddown, 7 hidden)
> Restart Complete
>
> Customer.inet.0: 13 destinations, 13 routes (13 active, 0 holddown, 0
> hidden)
> + = Active Route, - = Last Active, * = Both
>
> 172.27.0.0/30 *[OSPF/10] 00:07:35, metric 100
>
> > to 172.27.0.10 via ge-1/3/0.41
>
> [edit]
> R4 at M7i-2#
>
> But still no ospf routes advertised to R3:
>
>
>
> [edit]
> R4 at M7i-2#
>
>
> --
> Alexey S.
> Leading engineer
> Network solutions team
> CCIE R&S
>
> alexey.sazhin at yandex.ru
>
> 04.06.2013, 21:09, "Mihai" <mihaigabriel at gmail.com>:
>
> > for R3, sorry :)
> >
> > On 06/04/2013 07:56 PM, Mihai wrote:
> >> Hello,
> >>
> >> Maybe I am wrong, but as long as R1,R3,R4 are internal bgp neighbors,
> R4
> >> should be route reflector for R4.
> >>
> >> Regards,
> >> Mihai
> >>
> >> On 06/04/2013 06:44 PM, Alexey wrote:
> >>> Hi guys,
> >>>
> >>> Now I'm preparing for JNCIE-SP certification, and faced with problem
> >>> providing internet-access for VPN users.
> >>>
> >>> I attach my test topology to email.
> >>> R4 and R3 are PE routers which holds vrf table "Customer", R1 router
> >>> holds ipv4 static route 8.8.8.8/32 to represent Internet routes.
> >>> Between R4 and R3 there is vpnv4 IBGP session and Between R4 and R1 -
> >>> ipv4 IBGP.
> >>>
> >>> I use rib-group to import IPv4 routes received from R1 also in table
> >>> Customer.inet.0. Routes are imported as expected and I see
> 8.8.8.8/32
> >>> in vrf Customer:
> >>> R4# run show route table Customer 8.8.8.8
> >>>
> >>> Customer.inet.0: 4 destinations, 4 routes (4 active, 0 holddown, 0
> >>> hidden)
> >>> + = Active Route, - = Last Active, * = Both
> >>>
> >>> 8.8.8.8/32 *[BGP/170] 00:50:35, localpref 100, from 172.27.255.1
> >>> AS path: I
> >>>> to 172.27.0.10 via ge-1/3/0.41, label-switched-path r4-to-r1
> >>> [edit]
> >>> R4 at M7i-2#
> >>>
> >>> But the problem is that R4 doesn't pass this route from VRF to R3 via
> >>> MP-BGP.
> >>> R4 at M7i-2# run show route advertising-protocol bgp 172.27.255.3
> >>>
> >>> Customer.inet.0: 4 destinations, 4 routes (4 active, 0 holddown, 0
> >>> hidden)
> >>> Prefix Nexthop MED Lclpref AS path
> >>> * 2.2.2.2/32 Self 100 1 I
> >>> * 172.27.0.4/30 Self 100 I
> >>>
> >>> [edit]
> >>> R4 at M7i-2#
> >>>
> >>> The same task was in bootcamp lab guide book, and according to it,
> >>> other members of VRF do receive internet routes. I also tried to use
> >>> VRF export policy;vrf-table-label - nothing helps.
> >>> Please help, may be there is some knob to make it work?
> >>>
> >>> PS:All routers are real equipment (no logical systems).
> >>> PSS:I also attach relevant parts of config.
> >>>
> >>> _______________________________________________
> >>> juniper-nsp mailing list juniper-nsp at puck.nether.net
> >>> https://puck.nether.net/mailman/listinfo/juniper-nsp
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
More information about the juniper-nsp
mailing list