[j-nsp] OSPF external routes in database but not in routing table

Ivan Ivanov ivanov.ivan at gmail.com
Tue Apr 29 08:32:36 EDT 2014 

Hi,

Yes, the vpn-tag is 0 from the output. But side effect of the command
"domain-vpn-tag
0" is to remove the DN bit from Type 5 and Type 7 LSAs. This could help in
that case on CE side. You can give a shoot, it will not hurt. But just in
case you can do it in maintenance window.

HTH
Ivan,


On Tue, Apr 29, 2014 at 1:08 PM, Krasimir Avramski <krasi at smartcom.bg>wrote:

> Hello,
> You should ask service provider to clear D/N bit from LSA advertisements
> (equal to "domain-id disable" in case juniper equipment is used). It is
> also  desirable SP to set domain-vpn-tag to 0(junos by default encode own
> AS number here) since the sanity check rule is matching own AS against AS
> encoded in tag.
>
> Krasi
>
>
> On 29 April 2014 12:50, Mohammad Salbad <masalbad at gmail.com> wrote:
>
> > Thank you Krasi
> >
> >
> >
> > So, setting domain-vpn-tag to 0 on the providers PE will not help... :(
> >
> > Is that mean there is no solution or workaround for this neither on my MX
> > nor Provider PE.... :(
> >
> > And the only solution is to revert back the instance type to be VR
> instead
> > of VRF.....
> >
> >
> >
> > I really hoped there is a workaround for this...
> >
> >
> >
> > However, thank you all for your help
> >
> >
> >
> > BR
> >
> > M. Salbad
> >
> >
> >
> > From: Krasimir Avramski [mailto:krasi at smartcom.bg]
> > Sent: Tuesday, April 29, 2014 1:32 PM
> > To: Mohammad Salbad
> > Cc: Juniper-Nsp
> > Subject: Re: [j-nsp] OSPF external routes in database but not in routing
> > table
> >
> >
> >
> > domain vpn tag(external route tag) is already set to 0 - the problem is
> > that D/N bit is set as per RFC4576 (0x82 from your output lsa options).
> >
> >
> >
> > Krasi
> >
> >
> >
> > On 29 April 2014 11:05, Mohammad Salbad <masalbad at gmail.com <mailto:
> > masalbad at gmail.com> > wrote:
> >
> > Thank you all experts for your support and help
> >
> >
> >
> > Based on what I understood from you:
> >
> > In order to be able to add the ospf external routes into the routing
> table
> > I
> > shall ask the service provider to set the domain-vpn-tag value to 0 on
> his
> > PE.
> >
> > And there nothing to be done on my MX router (CE) to ignore the DN bit
> set
> > by the service provider PE.
> >
> >
> >
> > Thank you again
> >
> > M. Salbad
> >
> >
> >
> > From: Ivan Ivanov [mailto:ivanov.ivan at gmail.com <mailto:
> > ivanov.ivan at gmail.com> ]
> > Sent: Tuesday, April 29, 2014 11:01 AM
> > To: Amos Rosenboim
> > Cc: Mohammad Salbad; juniper-nsp at puck.nether.net <mailto:
> > juniper-nsp at puck.nether.net>
> >
> > Subject: Re: [j-nsp] OSPF external routes in database but not in routing
> > table
> >
> >
> >
> >
> > Hi,
> >
> >
> >
> > Try to configure under the OSPF stanza for removing DN bit in Type 5 LSA
> -
> > 'domain-vpn-tag 0'
> >
> > If you want to disable DN bit checks for Type 3 LSA add - 'domain-id
> > disable'
> >
> > HTH,
> >
> > Ivan,
> >
> >
> >
> >
> >
> > On Tue, Apr 29, 2014 at 8:49 AM, Amos Rosenboim <amos at oasis-tech.net
> <mailto:
> > amos at oasis-tech.net>
> >
> > <mailto:amos at oasis-tech.net <mailto:amos at oasis-tech.net> > > wrote:
> >
> > Hi,
> >
> > I know Cisco have a configuration knob for this, I believe it's called
> > vrf-capability.
> > I am not sure If Juniper have something similar.
> >
> > Amos
> >
> > Sent from my iPhone
> >
> >
> > On 29 Apr 2014, at 02:21, "Mohammad Salbad" <masalbad at gmail.com <mailto:
> > masalbad at gmail.com>
> >
> > <mailto:masalbad at gmail.com <mailto:masalbad at gmail.com> > <mailto:
> > masalbad at gmail.com <mailto:masalbad at gmail.com>
> >
> > <mailto:masalbad at gmail.com <mailto:masalbad at gmail.com> > >> wrote:
> >
> > 1.1.1.1 is PE router id
> >
> > so far we believe the issue is due to DN bit is set by the provider and
> > hence the external routes are not injected in the routing table...as per
> > Alberto Santos below reply to me:
> >
> > " as expected in rfc4577, Type 5 LSA must set DN bit, if the router does
> > not
> > set it, domain tag should be used instead. I believe the PE router is
> > setting the DN bit and because of the routing instance was config as VRF
> it
> > is not installing the route, I think you should change to VR type
> instead."
> >
> > So I'm wondering if there is any way to ignore the DN bit for the
> external
> > routes received from the provider ospf link? That I don't want to keep
> the
> > instance type to be vrf NOT VR...
> >
> > Regards
> > M. Salbad
> >
> > -----Original Message-----
> >
> > From: Payam Chychi [mailto:pchychi at gmail.com <mailto:pchychi at gmail.com>
> >  <mailto:pchychi at gmail.com <mailto:pchychi at gmail.com> > ]
> > Sent: Tuesday, April 29, 2014 2:17 AM
> >
> > To: Mohammad Salbad; juniper-nsp at puck.nether.net <mailto:
> > juniper-nsp at puck.nether.net>
> >
> > <mailto:juniper-nsp at puck.nether.net <mailto:juniper-nsp at puck.nether.net>
> > > <mailto:juniper-nsp at puck.nether.net <mailto:
> juniper-nsp at puck.nether.net>
> >
> > <mailto:juniper-nsp at puck.nether.net <mailto:juniper-nsp at puck.nether.net>
> > > >
> > Subject: Re: [j-nsp] OSPF external routes in database but not in routing
> > table
> >
> > Hi Mohammad,
> >
> > - Any route-maps preventing the prefix from being installed?
> > - How are you learning 1.1.1.1?
> >
> >
> > Payam
> >
> > On 2014-04-28, 2:13 PM, Mohammad Salbad wrote:
> > Dear Experts
> >
> >
> >
> > we have an MX router connected to a service provider network which
> > provides us with OSPF L3VPN connectivity with remote branches.
> >
> >
> >
> > at the beginning we used to have our connection with the provider into
> > a routing instance with type virtual router and we were able to
> > receive external routes from remote branches from our provider ospf
> > link.
> >
> > for special purposes we decided to change the instance type to be vrf
> > in our MX  router.
> >
> > once we have changed the instance type to be vrf external routes
> > received through our provider connection are no longer in the routing
> > table although they are in the ospf data base????
> >
> >
> >
> > Below is a sample of ospf database for one of the external routes
> > which were not injected in routing table
> >
> >
> >
> > Extern   10.10.10.10   1.1.1.1   0x80003a74   893  0x82 0x347d  36
> >
> >   mask 255.255.255.252
> >
> >   Topology default (ID 0)
> >
> >     Type: 2, Metric: 1, Fwd addr: 0.0.0.0, Tag: 0.0.0.0
> >
> >   Aging timer 00:45:07
> >
> >   Installed 00:14:52 ago, expires in 00:45:07
> >
> >   Last changed 01:03:59 ago, Change count: 1
> >
> >
> >
> > Any Ideas???
> >
> >
> >
> > Regards
> >
> > M. Salbad
> >
> >
> >
> >
> >
> > _______________________________________________
> >
> > juniper-nsp mailing list juniper-nsp at puck.nether.net <mailto:
> > juniper-nsp at puck.nether.net>
> >
> > <mailto:juniper-nsp at puck.nether.net <mailto:juniper-nsp at puck.nether.net>
> > > <mailto:juniper-nsp at puck.nether.net <mailto:
> juniper-nsp at puck.nether.net>
> >
> > <mailto:juniper-nsp at puck.nether.net <mailto:juniper-nsp at puck.nether.net>
> > > >
> > https://puck.nether.net/mailman/listinfo/juniper-nsp
> >
> >
> > _______________________________________________
> > juniper-nsp mailing list juniper-nsp at puck.nether.net <mailto:
> > juniper-nsp at puck.nether.net>
> >
> > <mailto:juniper-nsp at puck.nether.net <mailto:juniper-nsp at puck.nether.net>
> > > <mailto:juniper-nsp at puck.nether.net <mailto:
> juniper-nsp at puck.nether.net>
> >
> > <mailto:juniper-nsp at puck.nether.net <mailto:juniper-nsp at puck.nether.net>
> > > >
> >
> > https://puck.nether.net/mailman/listinfo/juniper-nsp
> > _______________________________________________
> > juniper-nsp mailing list juniper-nsp at puck.nether.net <mailto:
> > juniper-nsp at puck.nether.net>
> > <mailto:juniper-nsp at puck.nether.net <mailto:juniper-nsp at puck.nether.net>
> >
> > https://puck.nether.net/mailman/listinfo/juniper-nsp
> >
> >
> >
> >
> >
> > --
> > Best Regards!
> >
> > Ivan Ivanov
> >
> > _______________________________________________
> > juniper-nsp mailing list juniper-nsp at puck.nether.net <mailto:
> > juniper-nsp at puck.nether.net>
> > https://puck.nether.net/mailman/listinfo/juniper-nsp
> >
> >
> >
> > _______________________________________________
> > juniper-nsp mailing list juniper-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/juniper-nsp
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>



-- 
Best Regards!

Ivan Ivanov

More information about the juniper-nsp mailing list