[j-nsp] Junos L3VPN & AS-PATH LOOP

Saku Ytti saku at ytti.fi
Fri Feb 21 10:03:24 EST 2020


Hey Rati,


> As soon I apply as-override feature on FW to hide originating AS and
> rewrite it to 20, then everything works as expected.
> Is there a special knob in Junos to Advertise "looped" routes over the
> iBGP L3VPN? I've reproduced the same setup in Cisco XR/XE and works fine
> without as-override to hide/rewrite originating-as.

IOS does not check AS_PATH in iBGP sessions, JunOS does. Neither is
wrong or right, standard is unopinionated here. I like IOS behaviour
better.

I hope the implication is clear here, to allow loops, in IOS it's
enough to allow it once on incoming eBGP session, on JunOS you need to
allow also on all the iBGP sessions. Basically no one runs multivendor
network with normalised BGP settings, there are all kind of small
different behaviours and standard people use is 'what ever vendor
does'. If you want JunOS to behave same as IOS, just allow arbitrary
loops in all iBGP sessions.

I would discourage setup where you need to do this. But I admit
network-based-FW is the one place where this really does make things
whole lot easier. I consider network-based-firewall mandatory feature
AS_PATH manipulation. So rewrite the AS_PATH, entirely, on the FW, to
remove the loops. Many FW support this.

-- 
  ++ytti


More information about the juniper-nsp mailing list