[j-nsp] VRF export/import of eBGP learned route

Philippe Girard philippe at skyhook.ca
Thu Jun 28 22:44:07 EDT 2018


I'm setting up this VRF that hosts the full routing table. I have other
peerings or remote PEs that import IX routes through eBGP as well.

The problem resides on something TAC tells me is Juniper specific, which is
to add my own internal ASN to the as-path when using vrf-import to get a
route that was learned through eBGP from another router to avoid potential

So, let's say IX has AS 123 and I have AS 456 in the VRF, and my real
inet.0 AS is 789, what is seen by another PE than the one learning the
route directly from the IX is:

IX -- eBGP - PE1 - iBGP inet-vpn - PE2

Route as-path seen by PE1: 123 XXX YYY I
Route as-path seen by PE2: 456 123 XXX YYY I

The behaviour is the same on all Junos routing devices in my core (MX +
QFX5100) and I have to configure routing-options autonomous-system 456
loops 2 for the other peers to accept routes imported by eBGP on another

Obviously, the "real" as-path is as follows, since the AS doing the
underlay iBGP has ASN 789.

456 [789] 456 123 XXX YYY I

I've tried independant domain but that makes me unable to filter any bgp
attribute in vrf-imports and exports. I've also tried an "option A" peering
between the routers and that revealed the underlay AS in the path. Using
remove-private created a loop by re-sending the learned routes towards the

Would anybody have an idea on how to achieve the equivalent of having and
inet.0 iBGP mesh and importing routes without the own as prepending that
takes place as described?



More information about the juniper-nsp mailing list