[j-nsp] Redistribute Connected in Junos

Dave Bell me at geordish.org
Tue Nov 17 10:49:45 EST 2015 

Hi James,

Your export policy isn't adding on your community.

Try:
term 10 {
    from {
        protocol direct;
        interface [ ge-0/1/0.89 fe-1/1/3.89 ];
    }
    community add 0089_VRF;
    then accept;
}

You also need to make sure your import policy is importing that.

In fairness, you probably don't need an import/export policy here, as
your policy is very simple. You could just remove vrf-import/export,
and set vrf-target target:12345:89

Regards,
Dave

On 17 November 2015 at 15:42, James Bensley <jwbensley at gmail.com> wrote:
> Hi All,
>
> I'm much more of a Cisco head; trying to redistribute the connected
> subnets into an MPLS L3VPN form PE2, up to some RRs then down to PE1,
> not sure what I've missed here, can anyone help me out?
>
> bensley at PE2> show route table 0089.inet.0
> 172.31.253.100/31  *[Direct/0] 3w4d 12:42:16
>                     > via fe-1/1/3.89
> 172.31.253.100/32  *[Local/0] 3w4d 12:42:16
>                       Local via fe-1/1/3.89
> 172.31.253.102/31  *[Direct/0] 3w4d 12:42:16
>                     > via ge-0/1/0.89
> 172.31.253.102/32  *[Local/0] 3w4d 12:42:16
>                       Local via ge-0/1/0.89
> PE2.Lo0.IP.80/32    *[Direct/0] 3w4d 12:42:16
>                     > via lo0.89
>
> bensley at PE2> show configuration policy-options community 0089_VRF
> members target:12345:89;
>
> bensley at PE2> show configuration routing-instances 0089
> instance-type vrf;
> interface lo0.89;
> interface ge-0/1/0.89;
> interface fe-1/1/3.89;
> route-distinguisher PE2.Lo0.IP.80:89;
> vrf-import plc-VRF-0089-Import;
> vrf-export plc-VRF-0089-Export;
> vrf-table-label;
>
>
> bensley at PE2> show configuration policy-options policy-statement
> plc-VRF-0089-Export
> term 10 {
>     from {
>         protocol direct;
>         interface [ ge-0/1/0.89 fe-1/1/3.89 ];
>     }
>     then accept;
> }
>
> bensley at PE2> show route advertising-protocol bgp RR1.Lo0.IP.165 table
> bgp.l3vpn.0 | match 89
>   PE2.Lo0.IP.80:89:172.31.253.100/31
>   PE2.Lo0.IP.80:89:172.31.253.102/31
>
>
> So that all looks good to my layman eyes, however over on PE1 we don't
> receive the routes:
>
> bensley at PE1> show route receive-protocol bgp RR1.Lo0.IP.165 table
> bgp.l3vpn.0 | match 89
>   PE9.Lo0.IP.9:1067:10.1.89.0/24
>   PE9.Lo0.IP.9:1067:10.2.89.0/24
>   RR1.Lo0.IP.165:511:10.89.55.0/28
>
>
>
> The RR also doesn't show the routes in "show route receive-protocol
> bgp..." (it doesn't have the routing instance configured either but I
> don't believe that should make a difference in Junos? I think I should
> at least see the routes in the BGP RIB?). PE1 is sending some eBGP
> learnt routes inside this VRF to PE2 via the RR, and PE2 is
> successfully receiving them so I'm just trying to get some directly
> connected return routes back from PE2 via RR to PE1.
>
> Many thanks,
> James.
>
>
> bensley at RR1> show configuration protocols bgp group Core-MX480
> type internal;
> local-address RR1.Lo0.IP.165;
> family inet {
>     unicast;
> }
> family inet-vpn {
>     unicast;
> }
> family inet6 {
>     unicast;
> }
> family l2vpn {
>     signaling;
> }
> export [ export-ibgp-ipv4-default-route export-ibgp-ipv4-client-routes
> export-ibgp-ipv4-no-transit ];
> cluster RR1.Lo0.IP.165;
> neighbor PE1.Lo0.IP.85 {
>     description "PE1";
> }
> bensley at RR1> show configuration protocols bgp group Core-Others
> type internal;
> local-address RR1.Lo0.IP.165;
> family inet {
>     unicast;
> }
> family inet-vpn {
>     unicast;
> }
> family inet6 {
>     unicast;
> }
> family l2vpn {
>     signaling;
> }
> export [ export-ibgp-ipv4-default-route export-ibgp-ipv4-client-routes
> export-ibgp-ipv4-no-transit ];
> cluster RR1.Lo0.IP.165;
> local-as 12345;
> neighbor PE2.Lo0.IP.80 {
>     description " PE2";
> }
>
> # There are no import statements, iBGP should advertise all routes
> then, so only the export statements could potentially filter the
> routes but thye *seem* to be allowed
>
> bensley at RR1> show configuration policy-options policy-statement
> export-ibgp-ipv4-client-routes
> term downstream-transit {
>     from {
>         protocol bgp;
>         community [ downstream-transit lpsn-ipv4-route ];
>     }
>     then accept;
> }
> term vpn-routes {
>     from {
>         protocol bgp;
>         rib bgp.l3vpn.0;
>     }
>     then accept;
> }
> term l2vpn-routes {
>     from {
>         protocol bgp;
>         rib bgp.l2vpn.0;
>     }
>     then accept;
> }
>
>
> bensley at PE1> show configuration protocols bgp group core-mx480-rr
> type internal;
> local-address PE1.85;
> family inet {
>     unicast;
> }
> family inet-vpn {
>     unicast;
> }
> family inet6 {
>     unicast;
> }
> family l2vpn {
>     signaling;
> }
> export [ export-bgp-default export-bgp-ipv4-transit
> export-bgp-ipv4-downstream-routes export-bgp-vrf-all
> export-bgp-ipv4-deny-all export-bgp-ipv6-deny-all ];
> neighbor RR1.Lo0.IP.165 {
>     description "RR1";
> }
> neighbor RR2.Lo0.IP.166 {
>     description "RR2";
> }
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp

More information about the juniper-nsp mailing list