[j-nsp] access-internal routes

Daniel Verlouw daniel at shunoshu.net
Fri Apr 1 16:09:07 EDT 2016


Hi,

On Wed, Mar 30, 2016 at 10:41 PM, Aaron <aaron1 at gvtc.com> wrote:
> what are these routes (access-internal) ?  i'm seeing them actually being
> sent over my MPLS L3VPN into my other pe's as /32 routes.  very interesting.
> and seemingly very inefficient and busy.  not sure that I like the idea of
> host routes for 10's of thousands of hosts being injected into my mpls vpn
> all over my network.  i'm thinking this is happening possible from dhcp
> relay on my acx5048.  how do I turn off the /32 route injection at the
> acx5048 ?

what does your VRF export policy look like? Sounds like you're
permitting all routes from all protocols and tagging them with RT
community. Try changing your VRF export policy to reject the
access-internal routes prior to accepting&tagging all the rest (or
permit&tag e.g. only bgp and connected and reject everything else).

BR, Daniel.


More information about the juniper-nsp mailing list