[j-nsp] OSPF external routes in database but not in routing table

Krasimir Avramski krasi at smartcom.bg
Tue Apr 29 06:08:15 EDT 2014


Hello,
You should ask service provider to clear D/N bit from LSA advertisements
(equal to "domain-id disable" in case juniper equipment is used). It is
also  desirable SP to set domain-vpn-tag to 0(junos by default encode own
AS number here) since the sanity check rule is matching own AS against AS
encoded in tag.

Krasi


On 29 April 2014 12:50, Mohammad Salbad <masalbad at gmail.com> wrote:

> Thank you Krasi
>
>
>
> So, setting domain-vpn-tag to 0 on the providers PE will not help… :(
>
> Is that mean there is no solution or workaround for this neither on my MX
> nor Provider PE…. :(
>
> And the only solution is to revert back the instance type to be VR instead
> of VRF…..
>
>
>
> I really hoped there is a workaround for this…
>
>
>
> However, thank you all for your help
>
>
>
> BR
>
> M. Salbad
>
>
>
> From: Krasimir Avramski [mailto:krasi at smartcom.bg]
> Sent: Tuesday, April 29, 2014 1:32 PM
> To: Mohammad Salbad
> Cc: Juniper-Nsp
> Subject: Re: [j-nsp] OSPF external routes in database but not in routing
> table
>
>
>
> domain vpn tag(external route tag) is already set to 0 - the problem is
> that D/N bit is set as per RFC4576 (0x82 from your output lsa options).
>
>
>
> Krasi
>
>
>
> On 29 April 2014 11:05, Mohammad Salbad <masalbad at gmail.com <mailto:
> masalbad at gmail.com> > wrote:
>
> Thank you all experts for your support and help
>
>
>
> Based on what I understood from you:
>
> In order to be able to add the ospf external routes into the routing table
> I
> shall ask the service provider to set the domain-vpn-tag value to 0 on his
> PE.
>
> And there nothing to be done on my MX router (CE) to ignore the DN bit set
> by the service provider PE.
>
>
>
> Thank you again
>
> M. Salbad
>
>
>
> From: Ivan Ivanov [mailto:ivanov.ivan at gmail.com <mailto:
> ivanov.ivan at gmail.com> ]
> Sent: Tuesday, April 29, 2014 11:01 AM
> To: Amos Rosenboim
> Cc: Mohammad Salbad; juniper-nsp at puck.nether.net <mailto:
> juniper-nsp at puck.nether.net>
>
> Subject: Re: [j-nsp] OSPF external routes in database but not in routing
> table
>
>
>
>
> Hi,
>
>
>
> Try to configure under the OSPF stanza for removing DN bit in Type 5 LSA -
> 'domain-vpn-tag 0'
>
> If you want to disable DN bit checks for Type 3 LSA add - 'domain-id
> disable'
>
> HTH,
>
> Ivan,
>
>
>
>
>
> On Tue, Apr 29, 2014 at 8:49 AM, Amos Rosenboim <amos at oasis-tech.net<mailto:
> amos at oasis-tech.net>
>
> <mailto:amos at oasis-tech.net <mailto:amos at oasis-tech.net> > > wrote:
>
> Hi,
>
> I know Cisco have a configuration knob for this, I believe it's called
> vrf-capability.
> I am not sure If Juniper have something similar.
>
> Amos
>
> Sent from my iPhone
>
>
> On 29 Apr 2014, at 02:21, "Mohammad Salbad" <masalbad at gmail.com <mailto:
> masalbad at gmail.com>
>
> <mailto:masalbad at gmail.com <mailto:masalbad at gmail.com> > <mailto:
> masalbad at gmail.com <mailto:masalbad at gmail.com>
>
> <mailto:masalbad at gmail.com <mailto:masalbad at gmail.com> > >> wrote:
>
> 1.1.1.1 is PE router id
>
> so far we believe the issue is due to DN bit is set by the provider and
> hence the external routes are not injected in the routing table...as per
> Alberto Santos below reply to me:
>
> " as expected in rfc4577, Type 5 LSA must set DN bit, if the router does
> not
> set it, domain tag should be used instead. I believe the PE router is
> setting the DN bit and because of the routing instance was config as VRF it
> is not installing the route, I think you should change to VR type instead."
>
> So I'm wondering if there is any way to ignore the DN bit for the external
> routes received from the provider ospf link? That I don't want to keep the
> instance type to be vrf NOT VR...
>
> Regards
> M. Salbad
>
> -----Original Message-----
>
> From: Payam Chychi [mailto:pchychi at gmail.com <mailto:pchychi at gmail.com>
>  <mailto:pchychi at gmail.com <mailto:pchychi at gmail.com> > ]
> Sent: Tuesday, April 29, 2014 2:17 AM
>
> To: Mohammad Salbad; juniper-nsp at puck.nether.net <mailto:
> juniper-nsp at puck.nether.net>
>
> <mailto:juniper-nsp at puck.nether.net <mailto:juniper-nsp at puck.nether.net>
> > <mailto:juniper-nsp at puck.nether.net <mailto:juniper-nsp at puck.nether.net>
>
> <mailto:juniper-nsp at puck.nether.net <mailto:juniper-nsp at puck.nether.net>
> > >
> Subject: Re: [j-nsp] OSPF external routes in database but not in routing
> table
>
> Hi Mohammad,
>
> - Any route-maps preventing the prefix from being installed?
> - How are you learning 1.1.1.1?
>
>
> Payam
>
> On 2014-04-28, 2:13 PM, Mohammad Salbad wrote:
> Dear Experts
>
>
>
> we have an MX router connected to a service provider network which
> provides us with OSPF L3VPN connectivity with remote branches.
>
>
>
> at the beginning we used to have our connection with the provider into
> a routing instance with type virtual router and we were able to
> receive external routes from remote branches from our provider ospf
> link.
>
> for special purposes we decided to change the instance type to be vrf
> in our MX  router.
>
> once we have changed the instance type to be vrf external routes
> received through our provider connection are no longer in the routing
> table although they are in the ospf data base????
>
>
>
> Below is a sample of ospf database for one of the external routes
> which were not injected in routing table
>
>
>
> Extern   10.10.10.10   1.1.1.1   0x80003a74   893  0x82 0x347d  36
>
>   mask 255.255.255.252
>
>   Topology default (ID 0)
>
>     Type: 2, Metric: 1, Fwd addr: 0.0.0.0, Tag: 0.0.0.0
>
>   Aging timer 00:45:07
>
>   Installed 00:14:52 ago, expires in 00:45:07
>
>   Last changed 01:03:59 ago, Change count: 1
>
>
>
> Any Ideas???
>
>
>
> Regards
>
> M. Salbad
>
>
>
>
>
> _______________________________________________
>
> juniper-nsp mailing list juniper-nsp at puck.nether.net <mailto:
> juniper-nsp at puck.nether.net>
>
> <mailto:juniper-nsp at puck.nether.net <mailto:juniper-nsp at puck.nether.net>
> > <mailto:juniper-nsp at puck.nether.net <mailto:juniper-nsp at puck.nether.net>
>
> <mailto:juniper-nsp at puck.nether.net <mailto:juniper-nsp at puck.nether.net>
> > >
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net <mailto:
> juniper-nsp at puck.nether.net>
>
> <mailto:juniper-nsp at puck.nether.net <mailto:juniper-nsp at puck.nether.net>
> > <mailto:juniper-nsp at puck.nether.net <mailto:juniper-nsp at puck.nether.net>
>
> <mailto:juniper-nsp at puck.nether.net <mailto:juniper-nsp at puck.nether.net>
> > >
>
> https://puck.nether.net/mailman/listinfo/juniper-nsp
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net <mailto:
> juniper-nsp at puck.nether.net>
> <mailto:juniper-nsp at puck.nether.net <mailto:juniper-nsp at puck.nether.net> >
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
>
>
>
>
> --
> Best Regards!
>
> Ivan Ivanov
>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net <mailto:
> juniper-nsp at puck.nether.net>
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
>
>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp


More information about the juniper-nsp mailing list