[j-nsp] PE-CE issue with OSPF routes not getting into routing table
Krasimir Avramski
krasi at smartcom.bg
Sun Aug 26 05:16:25 EDT 2018
Hi,
The route from your output has DN bit set (Opt 0xa2) and it is loop
prevention mechanism as described in rfc4577.
More info from Juniper docs:
http://www.juniper.net/techpubs/en_US/junos12.2/topics/usage-guidelines/vpns-configuring-routing-between-pe-and-ce-routers-in-layer-3-vpns.html
Best Regards,
Krasi
On Sun, Aug 26, 2018, 05:19 Raymond, Adam via juniper-nsp <
juniper-nsp at puck.nether.net> wrote:
> Hi,
>
> Complex one, so I will try to describe this carefully.
>
> I have a IPv4 layer 3 MP-BGP VPN. There are two PEs that have an
> OSPF adjacency to CEs inside the VPN. The VPN only has a single OSPF area:
> 0.0.0.0. An external route, 172.16.64.0/20, is inserted into the VPN
> (called IP_ASC_VPN_1) via redistribution from iBGP and into OPSF.
> The slightly odd thing about this setup compared to a traditional
> VPN is that the PEs have devices connected to them that don't support
> dynamic routing - they are just node with a IP address and default gateway
> configured on them:
>
> PE3 -- CE5
> |
> P --------------------------------------------------------------P
> | |
> P -- PE1 --OSPF-- CE1 --OSPF-- CE2 --OPSF-- CE3 --OSPF-- PE2 -- P
> | |
> Node Node
>
> All of this works when all of the network is up and operational, but when
> the link from the P routers to the PEs breaks:
> PE3 -- CE5
> |
> P --------------------------------------------------------------P
> | |
> P -X- PE1 --OSPF-- CE1 --OSPF-- CE2 --OPSF-- CE3 --OSPF-- PE2 -- P
> | |
> Node Node
>
> Then the Node closest to the break becomes unreachable from CE5. CE5 is
> also the router that inserts 172.16.64.0/20 into the VPN. I can log into
> PE1 by jumping from CE1 and see what is happening on that router. PE1 is
> still learning the 172.16.64.0/20 route via OSPF as you can see it in the
> OSFP database:
> araymond at PE1> show ospf database external extensive lsa-id 172.16.64.0
> instance IP_ASC_VPN_1
> OSPF AS SCOPE link state database
> Type ID Adv Rtr Seq Age Opt Cksum
> Len
> Extern 172.16.64.0 172.16.49.68 0x80000001 192 0xa2 0xf2f1
> 36
> mask 255.255.240.0
> Topology default (ID 0)
> Type: 2, Metric: 3000, Fwd addr: 0.0.0.0, Tag: 208.0.255.152
> Aging timer 00:56:47
> Installed 00:03:06 ago, expires in 00:56:48
> Last changed 00:03:06 ago, Change count: 1
>
> where 172.16.49.68 is the router-id of PE2.
>
> The problem is that this route doesn't get added to the
> IP_ASC_VPN_1.inet.0 routing table. There seems to be something that makes
> this route ineligible, but I cannot figure out what it is. Can anyone help
> me with that?
>
> Regards,
>
> Adam Raymond | IP Platform Engineering Team Lead
>
> M: 0410 347 012 D: 03 8623 3638 | ext E: Adam.Raymond at vocus.com.au
> <mailto:Adam.Raymond at vocus.com.au>
> P: +61 3 8613 3333 W: vocus.com.au
> A: 333 Collins Street, Melbourne, VIC 3000, Australia | Follow us:
>
>
>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
More information about the juniper-nsp
mailing list