I am currently using OSPFv3 between the CE and PE in the following scenario. The PEs are Juniper and CEs, another vendor (Cisco). I have enabled the address families/realms for both IPv4 and IPv6 between the CEs and the PEs. OSPF is established and I can see the OSPFv3 routes from the local CE on the local PE which is advertised through MP-BGP to the remote PE. In other words, I can see all OSPFv3 routes in the VPNv4 table. However, remote routes that is imported into the local PE (VRF) is not advertised into OSPFv3. I have configured export/Import policy for OSPF to export the BGP routes from the VRF to OSPF and also for loop prevention using tagging but seems that's not working as I can't see any remote routes in the local CPEs. I checked the OSPFv3 database (and also in realm IPv4-Unicast), no remote route is installed. With OSPFv2, everything works perfect with the exact same configurations w.r.t MPLS VPN.
Any idea what's going on please? Any help will be appreciated.
|CE-1| --- |PE-1| ---- |PE-2| --- |CE-2|
Can you please share the export/import policy which you are using to advertise BGP routes to OSPFv3 here?
Thanks Sarathirao. Please see below the policy statements for OSPF. I have included the policy statement for the IPVPN also.
set policy-options policy-statement OSPF-EXPORT term 10 from protocol bgpset policy-options policy-statement OSPF-EXPORT term 10 then tag 65532set policy-options policy-statement OSPF-EXPORT term 10 then acceptset policy-options policy-statement OSPF-IMPORT term 10 from protocol ospf3set policy-options policy-statement OSPF-IMPORT term 10 from tag 65532set policy-options policy-statement OSPF-IMPORT term 10 then rejectset policy-options policy-statement OSPF-IMPORT then accept
set policy-options policy-statement VPN-EXPORT term 10 from protocol directset policy-options policy-statement VPN-EXPORT term 10 from protocol staticset policy-options policy-statement VPN-EXPORT term 10 from protocol ospf3set policy-options policy-statement VPN-EXPORT term 10 then metric 10set policy-options policy-statement VPN-EXPORT term 10 then community add SET-RT-1:2888set policy-options policy-statement VPN-EXPORT term 10 then acceptset policy-options policy-statement VPN-EXPORT then rejectset policy-options policy-statement VPN-IMPORT term 10 from protocol bgpset policy-options policy-statement VPN-IMPORT term 10 from community MATCH-RT-1:2888set policy-options policy-statement VPN-IMPORT term 10 then metric add 10set policy-options policy-statement VPN-IMPORT term 10 then acceptset policy-options policy-statement VPN-IMPORT then reject
set policy-options community MATCH-RT-1:2888 members target:1:2888set policy-options community SET-RT-1:2888 members target:1:2888
Can you share routing-instance configuration as well?
are you running ipv6 in your core as well or using 6vPE?
Below is the routing-instance configurations; no IPv6 in the CORE but is enabled to route VPNv6 prefixes.
set routing-instances VRF-OSPF instance-type vrfset routing-instances VRF-OSPF interface <interface id>set routing-instances VRF-OSPF route-distinguisher 1:3set routing-instances VRF-OSPF vrf-import VPN-IMPORTset routing-instances VRF-OSPF vrf-export VPN-EXPORTset routing-instances VRF-OSPF vrf-table-labelset routing-instances VRF-OSPF routing-options auto-exportset routing-instances VRF-OSPF protocols ospf3 realm ipv4-unicast area 0.0.0.0 interface <interface id>set routing-instances VRF-OSPF protocols ospf3 export OSPF-EXPORTset routing-instances VRF-OSPF protocols ospf3 import OSPF-IMPORTset routing-instances VRF-OSPF protocols ospf3 area 0.0.0.0 interface <interface id>
I am curious now, Can you please explain how are you enabling your core to route VPNv6 prefix? by enabling family inet6-vpn under protocol bgp?
do you see hidden routes in vrf/routing-instance table?
For IPv6 route, you need to have IPv6 next-hop. I am not sure how you are doing this. try enabling ipv6-tunneling inder protocol mpls and check.
Hi Singhh, Thanks for looking into this.
In my small lab of just 2 PEs, here is the configurations. I am not particularly routing any IPv6 prefixes at the moment.
set protocols bgp group CORE-MPLS type internalset protocols bgp group CORE-MPLS local-address 220.127.116.11set protocols bgp group CORE-MPLS family inet anyset protocols bgp group CORE-MPLS family inet-vpn anyset protocols bgp group CORE-MPLS family inet6 anyset protocols bgp group CORE-MPLS family inet6-vpn anyset protocols bgp group CORE-MPLS neighbor 18.104.22.168
Also, I can't see any hidden prefixes; see below
> show route table VRF-OSPF.inet hidden
VRF-OSPF.inet.0: 3 destinations, 3 routes (3 active, 0 holddown, 0 hidden)
VRF-OSPF.inet6.0: 5 destinations, 5 routes (5 active, 0 holddown, 0 hidden)
From the core perspective, I can see the exported ospf routes from both PEs in the bgp.l3vpn.0 table.
1) Please confirm if you see remote CE route in bgp vpnv4 table ?
2) Are these 5 route in "VRF-OSPF.inet6.0: 5 destinations, 5 routes" table imported from bgp vpnv4 table?
Aslo, It seems like, your PE to CE is v6 and your core is v4 only. Can you configure ipv6-tunneling as well under protocol mpls and check?
And can you share your full config, if possible?
1. Yes, I can see remote CE route in VPNv4 table.
2. No. Those are local prefixes including the link local prefixes.
3. I have configured the ipv6-tunneling on both PEs under the MPLS proto but still those routes are not redistributed into ospfv3 domain. Also, the PE-CE is enabled for both v6 and v4.
I have also attached both PE configurations.
NB: The current configurations works perfectly well with OSPFv2 and the current requirement is using OSPFv3 to route IPv4 traffic.
Thanks for your help so far mate.
Couldn't check full config but I don't see any export policy applied to BGP on both PE.
Set protocol bgp group CORE-MPLS export OSPF-IMPORT
try same way on PE2 as well and let me know if it works
VPNv4 is enabled between both PEs and VPNv4 prefixes are advertised/received by both PEs. See the configure below for the VRF configurations. The VRF export is already advertising the OSPFv3 routes into MP-BGP. As confirmed earlier, I can see both local and remote routes in the bgp.l3vpn.0 and the VRF tables. The issue here is the imported routes are not advertised to the OSPFv3 domain i.e. not installed in the OSPFv3 database and not advertised to the CE.
Any reason why you want me to apply the ospf export policy to bgp again? It is already exported through the VRF.
set routing-instances VRF-OSPF vrf-import VPN-IMPORTset routing-instances VRF-OSPF vrf-export VPN-EXPORT
I am not sure how the routes are getting exported in BGP without applying export policies to BGP.
To check further, Can you paste the output of below commands from PE1?
show route table VRF-OSPF.inet.0
show route advertising-protocol bgp 22.214.171.124
Attached is the output of the show commands you requested.
Let me test this. I will check and let you know
Many Thanks Singh. I will wait for your feedback.
I just test it in My lab.
Please use config as below.
set protocols ospf3 realm ipv4-unicast export OSPF-EXPORT
Massive Thanks Singhh. That did the magic.
Really appreciate your help on this mate.