[j-nsp] VRF export/import of eBGP learned route

Fri Jun 29 21:03:28 EDT 2018

Hi, thanks for adding to this.

I've just removed the loops statement in there to see what would happen. It
seems to me like the AS number in routing-options is pretty much the source
of the looping trigger that occurs (the addition of a second internal AS to
the path).

Everything works well and loop free without the loops statement, seems I
won't have to go the tunnel way.

Thanks again!

On Fri, Jun 29, 2018 at 5:39 PM Niall Donaghy <niall.donaghy at geant.org>
wrote:

> Hi Alexander,
>
> In our network, inet.0 is AS20965 and IAS.inet.0 is AS21320.
> The IAS routing instance contains all commercial routes - public, private,
> and upstream peerings.
>
> Between inet.0 and IAS.inet.0 we have logical tunnels with BGP peerings.
>
> The routers are all configured with autonomous-system 20965, but to
> networks
> external to AS21320, we appear as AS21320, with the following
> configuration:
>
> set routing-instances IAS protocols bgp group SOMEGROUP neighbor x.x.x.x
> local-as 21320
> set routing-instances IAS protocols bgp group SOMEGROUP neighbor x.x.x.x
> local-as private
> set routing-instances IAS protocols bgp group SOMEGROUP neighbor x.x.x.x
> local-as no-prepend-global-as
>
> This keeps things tidy, loop-free, and BGP all the way, ie: no RIB groups
> or
> 'loops 2' statements, and we benefit from BGP path loop detection, and BGP
> policy controls between the two ASes.
>
> We've been running with 2.6M routes this way for 2.5 years+ and no issues.
>
> Happy to share if ever you want to refine your solution.
>
> Br,
> Niall
>
> -----Original Message-----
> From: juniper-nsp [mailto:juniper-nsp-bounces at puck.nether.net] On Behalf
> Of
> Philippe Girard
> Sent: 29 June 2018 15:15
> To: Alexander Arseniev <arseniev at btinternet.com>
> Cc: juniper-nsp at puck.nether.net
> Subject: Re: [j-nsp] VRF export/import of eBGP learned route
>
> Hello everyone
>
> Thank you so much for your suggestions. The solution in this case is to
> remove the autonomous-system statement completely from the routing-instance
> routing-options and apply the local-as statement under bgp with the private
> knob.
>
> protocols {
>     bgp {
>         local-as 456 loops 2 private
>
> This creates an internal table that looks just like it would under regular
> bgp inet.0.
>
> Thanks again!
>
> On Fri, Jun 29, 2018 at 4:07 AM Alexander Arseniev via juniper-nsp <
> juniper-nsp at puck.nether.net> wrote:
>
> > Hello,
> >
> > Does "no-prepend-global-as" help?
> >
> >
> > https://www.juniper.net/documentation/en_US/junos/topics/concept/bgp-l
> > ocal-as-introduction.html
> >
> > HTH
> >
> > Thx
> >
> > Alex
> >
> >
> > On 29/06/2018 04:58, Aaron Gould wrote:
> > > Use with caution in live environment as I'm going off of some
> > > testing I
> > was
> > > recently doing in my lab and I'm pretty sure I saw this same issue.
> > >
> > > Sounds like something I saw with my internet boundary pe's, would
> > > add my
> > AS
> > > on routes were learned from internet and send as vpnv4 routes into
> > > my internal ibgp environment and internal pe's were seeing their own
> > > AS and routes were being hidden as looped...
> > >
> > > Try this on PE1 ....
> > >
> > > If pe1 ebgp group is called "ebgp-to-ix"...
> > > If IX ip that you neighbor with is 1.2.3.4...
> > > If vrf on PE1 and PE2 is called "my-vrf"...
> > >
> > > ...do this on PE1...
> > > set routing-instances my-vrf protocols bgp group ebgp-to-ix neighbor
> > 1.2.3.4
> > > local-as private
> > >
> > > ...now see if PE2 is still seeing its own AS as looped
> > >
> > > - Aaron
> > >
> > >
> > > _______________________________________________
> > > juniper-nsp mailing list juniper-nsp at puck.nether.net
> > > https://puck.nether.net/mailman/listinfo/juniper-nsp
> >
> > _______________________________________________
> > juniper-nsp mailing list juniper-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/juniper-nsp
> >
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>