Routing

Expand all | Collapse all

ISSUES-ROUTE POLICY INET VPN

Jump to Best Answer
  • 1.  ISSUES-ROUTE POLICY INET VPN

    Posted 05-12-2018 20:31

    Hi Community,

     

    I need to filter specific route (aggregate default route) from ABR on inet vpn address family  (Seamless MPLS) for a specifc group (Uplink), I tried the next configuration:

     

    set routing-instances VPN routing-options aggregate route 0.0.0.0/0 community 28006:44444

    set policy-options community CM-VPN-DEFAULT-ROUTE members 28006:44444

     

    root@ABR1> ...cy-options policy-statement PS-BGP-VPN-EXPORT-UP
    term LOCAL-DEFAULT-ROUTE {
    from {
    family inet-vpn;
    community CM-VPN-DEFAULT-ROUTE;
    }
    then reject;
    }
    from family inet-vpn;
    then accept;

    root@ABR1> show configuration protocols bgp group GR-IBGP-UP
    type internal;
    local-address 9.9.0.4;
    family inet {
    labeled-unicast {
    rib-group RG-REMOTE-LOOPBACKS;
    aigp;
    per-prefix-label;
    rib {
    inet.3;
    }
    }
    }
    family inet-vpn {
    unicast;
    }
    family inet6-vpn {
    unicast;
    }
    family route-target {
    advertise-default;
    }
    export [ PS-BGP-LU-EXPORT-UP PS-BGP-VPN-EXPORT-UP ];
    neighbor 9.9.0.2 {
    description "### iBGP TO P01-RR ###";
    }
    neighbor 9.9.0.8 {
    description "### iBGP TO PE8 ###";
    }

     

    But the the default route still anounced like describe the next output

     

     

    oot@ABR1> ...tocol bgp 9.9.0.2 table bgp.l3vpn.0

    bgp.l3vpn.0: 10 destinations, 14 routes (10 active, 0 holddown, 0 hidden)
    Prefix Nexthop MED Lclpref AS path
    28006:1:5.5.5.5/32
    * 172.9.0.5 0 100 ?
    28006:1:6.6.6.6/32
    * 172.9.0.6 100 I
    28006:2:0.0.0.0/0
    * Self 100 ?
    28006:2:4.4.4.4/32
    * Self 100 I
    28006:2:5.5.5.5/32
    * 172.9.0.5 0 100 ?
    28006:2:6.6.6.6/32
    * 172.9.0.6 100 I

     

    Even if I applied a policy with drop all for inet-vpn

     

    root@ABR1> ...ation policy-options policy-statement PS-BGP-VPN-EXPORT-UP-1
    term REJECT-ALL {
    from {
    family inet-vpn;
    }
    then reject;
    }

     

    The aggregate default route still anouced to the neighbors

     

    root@ABR1> show route advertising-protocol bgp 9.9.0.2 table bgp.l3vpn.0

    bgp.l3vpn.0: 10 destinations, 14 routes (10 active, 0 holddown, 0 hidden)
    Prefix Nexthop MED Lclpref AS path
    28006:2:0.0.0.0/0
    * Self 100 ?
    28006:2:4.4.4.4/32
    * Self 100 I

     

    I would greatly appreciate your comments about this behavio and how i can fix this configuration

     

    Thanks in advance

     

     

     

     

     

     

     

     



  • 2.  RE: ISSUES-ROUTE POLICY INET VPN

     
    Posted 05-12-2018 21:39

     

    Could you remove advertise-default?

     

    family route-target {
    advertise-default;

     

    & apply this on this in LOCAL-DEFAULT-ROUTE term:

     

    set from protocol aggregate
    set from route-filter 0/0 exact

     

     



  • 3.  RE: ISSUES-ROUTE POLICY INET VPN

    Posted 05-13-2018 00:28

    Hello,

    You need "vpn-apply-export" knob to make sure Your "family inet-vpn" routes are filtered by group|neighbor export policy

    https://www.juniper.net/documentation/en_US/junos/topics/usage-guidelines/vpns-configuring-policies-for-the-vrf-table-on-pe-routers-in-vpns.html#id-10143422

    HTH

    Thx
    Alex



  • 4.  RE: ISSUES-ROUTE POLICY INET VPN

    Posted 05-13-2018 06:17

    Yes, that's the problem

     

    Thank you



  • 5.  RE: ISSUES-ROUTE POLICY INET VPN
    Best Answer

    Posted 05-14-2018 02:35

    Hello,

    Glad to help.

    Could You please mark my post as "Accepted Solution" in order for others who came to this forum later with the same problem to find a fix faster?

    Thanks
    Alex