[j-nsp] advertise-from-main-vpn-tables and Hub&Spoke VRFs (was: KB20870 workaround creates problems with Hub and Spoke) downstream hubs?

Sebastian Wiesinger sebastian at karotte.org
Tue May 29 05:15:02 EDT 2018


* Olivier Benghozi <olivier.benghozi at wifirst.fr> [2018-02-15 10:33]:
> Hi Sebastian,
> 
> This is an old workaround by the way.

> Simpler workaround: use advertise-from-main-vpn-tables knob
> available since 12.3 (required if you have NSR anyway):

So, I'm still stuck on this.

When using 'advertise-from-main-vpn-tables' Hub&Spoke VRFs with a
downstream hub[1] break.

In my mind the problem is that the downstream hub instance does not
advertise the hub routes to the bgp.l3vpn.0 table. Route
redistribution should work like this:

a) without advertise-from-main-vpn-tables

[Hub instance] -> [Downstream hub instance] -> MP-BGP neighbors

This *works*



b) with advertise-from-main-vpn-tables

[Hub instance] -> [Downstream hub instance] -XXXX-> [bgp.l3vpn.0] -> MP-BGP neighbors

And there it breaks. Routes from the hub instance that get import into
the downstream hub instance are not exported to the bgp.l3vpn.0 table
and thus do not get advertised to other MP-BGP neighbors.

I tried various options with auto-export and explicit rib-groups but I
can't find any working scenario.

If anyone has a working config for this please let me know.

Regards

Sebastian

[1] https://www.juniper.net/documentation/en_US/junos/topics/example/vpn-hub-spoke-topologies-one-interface.html
-- 
GPG Key: 0x93A0B9CE (F4F6 B1A3 866B 26E9 450A  9D82 58A2 D94A 93A0 B9CE)
'Are you Death?' ... IT'S THE SCYTHE, ISN'T IT? PEOPLE ALWAYS NOTICE THE SCYTHE.
            -- Terry Pratchett, The Fifth Elephant


More information about the juniper-nsp mailing list