Routing

Hello everyone!

I`m trying to set up L3vpn.

The set up is quite simple:

PE1(lo 1.1.1.1/32,3.3.3.3/32)->PE2(lo 2.2.2.2/32, 4.4.4.4/32)

PE1 

show interfaces lo0.0
family inet {
    filter {
        input LOOPBACK;
    }
    address 1.1.1.1/32 {
        primary;
        preferred;
    }
    address 3.3.3.3/32;
}

PE2

show interfaces lo0.0
family inet {
    filter {
        input LOOPBACK;
    }
    address 2.2.2.2/32 {
        primary;
        preferred;
    }
    address 4.4.4.4/32;
}

iBGP session established between 1.1.1.1/32 and 2.2.2.2/32

And i got two LSP from 3.3.3.3 to 4.4.4.4 and from 4.4.4.4 to 3.3.3.3

PE1 is RR  and PE2 is RR client.

then i got vrf:

PE1:

show routing-instances VPN-A

instance-type vrf;
interface lo0.2000;
route-distinguisher 65000:2000;
vrf-import vpna-import;
vrf-export vpna-export;
routing-options {
    static {
        route 192.168.2.0/24 discard;
    }
}

On PE2:

instance-type vrf;
interface lo0.2000;
route-distinguisher 65000:2000;
vrf-import vpna-import;
vrf-export vpna-export;
routing-options {
    static {
        route 192.168.1.0/24 discard;
    }
}

Export policies on PE1:

term A {
    from {
        route-filter 192.168.2.0/24 exact;
    }
    then {
        community add vpna-comm;
        next-hop 3.3.3.3;
        accept;
    }
}
term B {
    then reject;
}

on PE2:

term A {
    from {
        route-filter 192.168.1.0/24 exact;
    }
    then {
        community add vpna-comm;
        next-hop 4.4.4.4;
        accept;
    }
}
term B {
    then reject;
}

So on export i want to change next-hop for l3vpn prefixes.

But changing next-hop works perfect on PE2:

run show route 192.168.1.0/24 advertising-protocol bgp 1.1.1.1 extensive

VPN-A.inet.0: 2 destinations, 2 routes (1 active, 0 holddown, 1 hidden)
* 192.168.1.0/24 (1 entry, 1 announced)
 BGP group internal-65000 type Internal
     Route Distinguisher: 65000:2000
     VPN Label: 299808
     Nexthop: 4.4.4.4
     Flags: Nexthop Change
     Localpref: 100
     AS path: [65000] I
     Communities: target:65000:2000

While on PE1 it doesnt work:

run show route 192.168.2.0/24 advertising-protocol bgp 2.2.2.2 extensive

VPN-A.inet.0: 2 destinations, 2 routes (2 active, 0 holddown, 0 hidden)
* 192.168.2.0/24 (1 entry, 1 announced)
 BGP group IBGP type Internal
     Route Distinguisher: 65000:2000
     VPN Label: 299824
     Nexthop: Self
     Flags: Nexthop Change
     Localpref: 100
     AS path: [65000] I
     Communities: target:65000:2000

 

Hi Folks,

Can you please share the full config of both the routers?

I am interested to look into it.

Hi Folks,

I spend some time in lab and I could find similar behavior; with RR + LSP on secondary IP back-to-back, manipulating the next-hop with export policy does not work. Let me try to fix it. I assume the config matches to yours.

 

Even though the topology looks simple by definition; it’s really tricky J

 

labroot@re0_re0> show configuration logical-systems              

pe1 {

    interfaces {

        ge-0/0/0 {

            unit 23 {

                vlan-id 23;

                family inet {

                    address 1.1.23.1/30;

                }

                family mpls;

            }

        }

        lo0 {

            unit 102 {

                family inet {

                    address 1.1.1.1/32 {

                        primary;

                        preferred;

                    }

                    address 3.3.3.3/32;

                }

            }

            unit 2000 {

                family inet {

                    address 10.10.10.10/32;

                }

            }

        }

    }

    protocols {

        rsvp {

            interface all;

        }

        mpls {

            label-switched-path pe1tope2 {

                from 3.3.3.3;

                to 4.4.4.4;

            }                          

            interface all;

        }

        bgp {

            group ibgp {

                type internal;

                local-address 1.1.1.1;

                family inet-vpn {

                    unicast;

                }

                cluster 67.0.0.1;

                neighbor 2.2.2.2;

            }

        }

        ospf {

            traffic-engineering;

            area 0.0.0.0 {

                interface all;

            }

        }

    }

    policy-options {

        policy-statement plb {

            then {

                load-balance per-packet;

            }

        }

        policy-statement vpna-export {

            term A {                   

                from {

                    route-filter 192.168.2.0/24 exact;

                }

                then {

                    community add vpna-comm;

                    next-hop 3.3.3.3;

                    accept;

                }

            }

            term B {

                then reject;

            }

        }

        policy-statement vpna-import {

            term 1 {

                from {

                    protocol bgp;

                    community vpna-comm;

                }

                then accept;

            }

            term 2 {

                then reject;

            }

        }

        community vpna-comm members target:65000:20000;

    }

    routing-instances {

        VPN-A {

            instance-type vrf;

            interface lo0.2000;

            route-distinguisher 65000:2000;

            vrf-import vpna-import;

            vrf-export vpna-export;

            routing-options {

                static {               

                    route 192.168.2.0/24 discard;

                }

            }

        }

    }

    routing-options {

        autonomous-system 65000;

        forwarding-table {

            export plb;

        }

    }

}

pe2 {

    interfaces {

        ge-0/0/1 {

            unit 23 {

                vlan-id 23;

                family inet {

                    address 1.1.23.2/30;

                }

                family mpls;

            }

        }

        lo0 {

            unit 103 {

                family inet {

                    address 2.2.2.2/32 {

                        primary;

                        preferred;

                    }

                    address 4.4.4.4/32;

                }

            }

            unit 3000 {

                family inet {

                    address 20.20.20.20/32;

                }

            }

        }

    }

    protocols {

        rsvp {

            interface all;

        }

        mpls {

            label-switched-path pe2tope1 {

                from 4.4.4.4;

                to 3.3.3.3;

            }

            interface all;

        }

        bgp {

            group ibgp {

                type internal;

                local-address 2.2.2.2;

                family inet-vpn {

                    unicast;

                }

                neighbor 1.1.1.1;

            }

        }

        ospf {

            traffic-engineering;

            area 0.0.0.0 {

                interface all;

            }

        }

    }

    policy-options {

        policy-statement plb {

            then {

                load-balance per-packet;

            }

        }

        policy-statement vpna-export {

            term A {

                from {

                    route-filter 192.168.1.0/24 exact;

                }

                then {

                    community add vpna-comm;

                    next-hop 4.4.4.4;

                    accept;

                }

            }

            term B {

                then reject;

            }

        }

        policy-statement vpna-import {

            term 1 {

                from {

                    protocol bgp;

                    community vpna-comm;

                }

                then accept;

            }

            term 2 {

                then reject;

            }

        }

        community vpna-comm members target:65000:20000;

    }

    routing-instances {

        VPN-A {

            instance-type vrf;

            interface lo0.3000;

            route-distinguisher 65000:2000;

            vrf-import vpna-import;

            vrf-export vpna-export;

            routing-options {

                static {

                    route 192.168.1.0/24 discard;

                }

            }

        }

    }

    routing-options {

        autonomous-system 65000;

        forwarding-table {

            export plb;

        }

    }

}

 

labroot@re0_re0:pe1> show route advertising-protocol bgp 2.2.2.2 extensive

 

VPN-A.inet.0: 3 destinations, 3 routes (2 active, 0 holddown, 1 hidden)

* 192.168.2.0/24 (1 entry, 1 announced)

 BGP group ibgp type Internal

     Route Distinguisher: 65000:2000

     VPN Label: 299792

     Nexthop: Self

     Flags: Nexthop Change

     Localpref: 100

     AS path: [65000] I

     Communities: target:65000:20000

 

bgp.l3vpn.0: 2 destinations, 2 routes (1 active, 0 holddown, 1 hidden)

 

* 65000:2000:192.168.2.0/24 (1 entry, 1 announced)

 BGP group ibgp type Internal

     Route Distinguisher: 65000:2000

     VPN Label: 299792

     Nexthop: Self <<<<<<<<<<<<<<< In RR it does not work

     Flags: Nexthop Change

     Localpref: 100

     AS path: [65000] I

     Communities: target:65000:20000

labroot@re0_re0:pe2> show route advertising-protocol bgp 1.1.1.1 extensive

 

VPN-A.inet.0: 3 destinations, 3 routes (2 active, 0 holddown, 1 hidden)

* 192.168.1.0/24 (1 entry, 1 announced)

 BGP group ibgp type Internal

     Route Distinguisher: 65000:2000

     VPN Label: 299776

     Nexthop: 4.4.4.4 <<<<<<<<<<<<<<< RR client it works

     Flags: Nexthop Change

     Localpref: 100

     AS path: [65000] I

     Communities: target:65000:20000

 

labroot@re0_re0:pe2>

 

 

Hi Folks,

I could recollect this is a limitation with PE acting as RR. Apply a export policy in IBGP session with vpn-apply-export knob in place and it helps as below.

 

        bgp {

            group ibgp {

                type internal;

                local-address 1.1.1.1;

                family inet-vpn {

                    unicast;

                }

                export cnh;

                vpn-apply-export;

                cluster 67.0.0.1;

                neighbor 2.2.2.2;

            }

        }

 

    policy-options {

        policy-statement cnh {

            from family inet-vpn;

            then {

                next-hop 3.3.3.3;

            }

        }

 

labroot@re0_re0:pe1> show route advertising-protocol bgp 2.2.2.2 extensive   

 

VPN-A.inet.0: 3 destinations, 3 routes (2 active, 0 holddown, 1 hidden)

* 192.168.2.0/24 (1 entry, 1 announced)

 BGP group ibgp type Internal

     Route Distinguisher: 65000:2000

     VPN Label: 299792

     Nexthop: 3.3.3.3

     Flags: Nexthop Change

     Localpref: 100

     AS path: [65000] I

     Communities: target:65000:20000

 

bgp.l3vpn.0: 2 destinations, 2 routes (1 active, 0 holddown, 1 hidden)

 

* 65000:2000:192.168.2.0/24 (1 entry, 1 announced)

 BGP group ibgp type Internal

     Route Distinguisher: 65000:2000

     VPN Label: 299792

     Nexthop: 3.3.3.3

     Flags: Nexthop Change

     Localpref: 100

     AS path: [65000] I

     Communities: target:65000:20000

 

labroot@re0_re0:pe1>

 

 

Looks like it works!

Thanks!