[j-nsp] access-internal routes

Aaron aaron1 at gvtc.com
Fri Apr 1 16:40:45 EDT 2016


Thanks Daniel, I recall that's what another guy suggested... he gave my like 20 lines of junos code... then I found that one-line that did the trick. 

Aaron

-----Original Message-----
From: dverlouw at gmail.com [mailto:dverlouw at gmail.com] On Behalf Of Daniel Verlouw
Sent: Friday, April 1, 2016 3:09 PM
To: Aaron <aaron1 at gvtc.com>
Cc: juniper-nsp List <juniper-nsp at puck.nether.net>
Subject: Re: [j-nsp] access-internal routes

Hi,

On Wed, Mar 30, 2016 at 10:41 PM, Aaron <aaron1 at gvtc.com> wrote:
> what are these routes (access-internal) ?  i'm seeing them actually 
> being sent over my MPLS L3VPN into my other pe's as /32 routes.  very interesting.
> and seemingly very inefficient and busy.  not sure that I like the 
> idea of host routes for 10's of thousands of hosts being injected into 
> my mpls vpn all over my network.  i'm thinking this is happening 
> possible from dhcp relay on my acx5048.  how do I turn off the /32 
> route injection at the
> acx5048 ?

what does your VRF export policy look like? Sounds like you're permitting all routes from all protocols and tagging them with RT community. Try changing your VRF export policy to reject the access-internal routes prior to accepting&tagging all the rest (or permit&tag e.g. only bgp and connected and reject everything else).

BR, Daniel.



More information about the juniper-nsp mailing list