[j-nsp] VRF export/import of eBGP learned route

Chuck Anderson cra at WPI.EDU
Fri Jun 29 03:12:16 EDT 2018

I don't see this issue.  Does it only happen when you have a different ASN inside the VRF?

On Thu, Jun 28, 2018 at 10:44:07PM -0400, Philippe Girard wrote:
> Grettings
> I'm setting up this VRF that hosts the full routing table. I have other
> peerings or remote PEs that import IX routes through eBGP as well.
> The problem resides on something TAC tells me is Juniper specific, which is
> to add my own internal ASN to the as-path when using vrf-import to get a
> route that was learned through eBGP from another router to avoid potential
> loops.
> So, let's say IX has AS 123 and I have AS 456 in the VRF, and my real
> inet.0 AS is 789, what is seen by another PE than the one learning the
> route directly from the IX is:
> IX -- eBGP - PE1 - iBGP inet-vpn - PE2
> Route as-path seen by PE1: 123 XXX YYY I
> Route as-path seen by PE2: 456 123 XXX YYY I
> The behaviour is the same on all Junos routing devices in my core (MX +
> QFX5100) and I have to configure routing-options autonomous-system 456
> loops 2 for the other peers to accept routes imported by eBGP on another
> node.
> Obviously, the "real" as-path is as follows, since the AS doing the
> underlay iBGP has ASN 789.
> 456 [789] 456 123 XXX YYY I
> I've tried independant domain but that makes me unable to filter any bgp
> attribute in vrf-imports and exports. I've also tried an "option A" peering
> between the routers and that revealed the underlay AS in the path. Using
> remove-private created a loop by re-sending the learned routes towards the
> edge.
> Would anybody have an idea on how to achieve the equivalent of having and
> inet.0 iBGP mesh and importing routes without the own as prepending that
> takes place as described?

More information about the juniper-nsp mailing list