[j-nsp] VRF export/import of eBGP learned route

Niall Donaghy niall.donaghy at geant.org
Fri Jun 29 17:39:25 EDT 2018


Hi Alexander,

In our network, inet.0 is AS20965 and IAS.inet.0 is AS21320.
The IAS routing instance contains all commercial routes - public, private,
and upstream peerings.

Between inet.0 and IAS.inet.0 we have logical tunnels with BGP peerings.

The routers are all configured with autonomous-system 20965, but to networks
external to AS21320, we appear as AS21320, with the following configuration:

set routing-instances IAS protocols bgp group SOMEGROUP neighbor x.x.x.x
local-as 21320
set routing-instances IAS protocols bgp group SOMEGROUP neighbor x.x.x.x
local-as private
set routing-instances IAS protocols bgp group SOMEGROUP neighbor x.x.x.x
local-as no-prepend-global-as

This keeps things tidy, loop-free, and BGP all the way, ie: no RIB groups or
'loops 2' statements, and we benefit from BGP path loop detection, and BGP
policy controls between the two ASes.

We've been running with 2.6M routes this way for 2.5 years+ and no issues.

Happy to share if ever you want to refine your solution.

Br,
Niall

-----Original Message-----
From: juniper-nsp [mailto:juniper-nsp-bounces at puck.nether.net] On Behalf Of
Philippe Girard
Sent: 29 June 2018 15:15
To: Alexander Arseniev <arseniev at btinternet.com>
Cc: juniper-nsp at puck.nether.net
Subject: Re: [j-nsp] VRF export/import of eBGP learned route

Hello everyone

Thank you so much for your suggestions. The solution in this case is to
remove the autonomous-system statement completely from the routing-instance
routing-options and apply the local-as statement under bgp with the private
knob.

protocols {
    bgp {
        local-as 456 loops 2 private

This creates an internal table that looks just like it would under regular
bgp inet.0.

Thanks again!

On Fri, Jun 29, 2018 at 4:07 AM Alexander Arseniev via juniper-nsp <
juniper-nsp at puck.nether.net> wrote:

> Hello,
>
> Does "no-prepend-global-as" help?
>
>
> https://www.juniper.net/documentation/en_US/junos/topics/concept/bgp-l
> ocal-as-introduction.html
>
> HTH
>
> Thx
>
> Alex
>
>
> On 29/06/2018 04:58, Aaron Gould wrote:
> > Use with caution in live environment as I'm going off of some 
> > testing I
> was
> > recently doing in my lab and I'm pretty sure I saw this same issue.
> >
> > Sounds like something I saw with my internet boundary pe's, would 
> > add my
> AS
> > on routes were learned from internet and send as vpnv4 routes into 
> > my internal ibgp environment and internal pe's were seeing their own 
> > AS and routes were being hidden as looped...
> >
> > Try this on PE1 ....
> >
> > If pe1 ebgp group is called "ebgp-to-ix"...
> > If IX ip that you neighbor with is 1.2.3.4...
> > If vrf on PE1 and PE2 is called "my-vrf"...
> >
> > ...do this on PE1...
> > set routing-instances my-vrf protocols bgp group ebgp-to-ix neighbor
> 1.2.3.4
> > local-as private
> >
> > ...now see if PE2 is still seeing its own AS as looped
> >
> > - Aaron
> >
> >
> > _______________________________________________
> > juniper-nsp mailing list juniper-nsp at puck.nether.net 
> > https://puck.nether.net/mailman/listinfo/juniper-nsp
>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net 
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp


More information about the juniper-nsp mailing list