Routing

Expand all | Collapse all

Route is not getting installed in Routing-instance

Jump to Best Answer
  • 1.  Route is not getting installed in Routing-instance

    Posted 02-22-2020 22:44

    Hi Team,

     

    i'm facing an issue where juniper is connected with CISCO (PE router)  and receiving two routes( 7.7.7.7 and 77.77.77.77) with route-target 100:1. i have created a policy to match the route target and applied in the routing-instance but route is not available in routing-instance table (routinginstance.inet.0) but it is available in bgp.l3vpn.0

     

    root@R1> show route table bgp.l3vpn.0 detail

    bgp.l3vpn.0: 2 destinations, 2 routes (2 active, 0 holddown, 0 hidden)
    100:1:7.7.7.7/32 (1 entry, 0 announced)
    *BGP Preference: 170/-101
    Route Distinguisher: 100:1
    Next hop type: Indirect
    Address: 0x93347f0
    Next-hop reference count: 1
    Source: 4.4.4.4
    Next hop type: Router, Next hop index: 585
    Next hop: 12.0.0.2 via em1.0, selected
    Label operation: Push 405, Push 202(top)
    Label TTL action: prop-ttl, prop-ttl(top)
    Protocol next hop: 4.4.4.4
    Push 405
    Indirect next hop: 945c570 131070
    State: <Active Int Ext>
    Local AS: 12 Peer AS: 12
    Age: 27:41 Metric: 1010 Metric2: 1
    Task: BGP_12.4.4.4.4+27322
    AS path: ?
    Communities: target:100:1
    Import Accepted
    VPN Label: 405
    Localpref: 100
    Router ID: 4.4.4.4

     

    routing-table of routing-instance:-

     

    root@R1> show route table A.inet.0

    A.inet.0: 4 destinations, 4 routes (4 active, 0 holddown, 0 hidden)
    + = Active Route, - = Last Active, * = Both

    6.6.6.6/32 *[OSPF/10] 00:43:50, metric 2
    > to 61.0.0.6 via em2.0
    61.0.0.0/24 *[Direct/0] 00:44:07
    > via em2.0
    61.0.0.1/32 *[Local/0] 00:44:09
    Local via em2.0
    224.0.0.5/32 *[OSPF/10] 00:44:11, metric 1
    MultiRecv

    root@R1>

     

     

     

     


    root@R1> show configuration policy-options
    policy-statement export_to_PE4 {
    term a {
    from protocol ospf2;
    then {
    community set export_to_PE4;
    accept;
    }
    }
    }
    policy-statement import_to_A {
    term a {
    from community import_to_PE4;
    then accept;
    }
    }
    community export_to_PE4 members target:100:1;
    community import_to_PE4 members [ target:200:1 target:100:1 ];

    root@R1>

     

     

     

    root@R1> show configuration routing-instances
    A {
    instance-type vrf;
    interface em2.0;
    route-distinguisher 100:1;
    vrf-import import_to_A;
    vrf-export export_to_PE4;
    vrf-table-label;
    protocols {
    ospf {
    inactive: traceoptions {
    file ospf_A size 10k files 3;
    flag hello;
    flag event;
    flag error detail;
    flag packets detail;
    }
    area 0.0.0.0 {
    interface em2.0 {
    interface-type p2p;
    }
    }
    }
    }
    }

    root@R1>

     

     

     


    root@R1> show bgp summary
    Groups: 1 Peers: 1 Down peers: 0
    Table Tot Paths Act Paths Suppressed History Damp State Pending
    bgp.l3vpn.0 2 2 0 0 0 0
    Peer AS InPkt OutPkt OutQ Flaps Last Up/Dwn State|#Active/Received/Accepted/Damped...
    4.4.4.4 12 106 109 0 0 46:38 Establ
    bgp.l3vpn.0: 2/2/2/0

    root@R1>


    #routing
    #L3VPN
    #BGP
    #MPLS


  • 2.  RE: Route is not getting installed in Routing-instance

    Posted 02-23-2020 00:47

    Hello,

     


    @Sunil_Sandhu wrote:

     

    policy-statement import_to_A {
    term a {
    from community import_to_PE4;
    then accept;
    }
    }
    community export_to_PE4 members target:100:1;
    community import_to_PE4 members [ target:200:1 target:100:1 ];

     

    You have configured VRF import policy with community expression to match on 2 communities using logical AND.

    Which means Your policy will only positively match if both communities are attached to the route.

    Please remove community target:200:1 from community "import_to_PE4" and You are golden.

    HTH

    Thx

    Alex

     

     



  • 3.  RE: Route is not getting installed in Routing-instance

    Posted 02-23-2020 01:31

    Hi, 

     

    Thanks for your responce. 

    i have few questions:-

     

    1. how to use OR expresion inside communities.

     

    2. i have read that "bgp.l3vpn.0—Stores routes learned from other PE routers. Routes in the bgp.l3vpn.0routing table are copied into a Layer 3 VRF when there is a matching VRF import policy in the PE router"

    if it is not matching with the VRF import policy then why route is in bgp.l3vpn.o table.

     

    Thanks in advance

     

    Sunil 


    #BGP
    #routing
    #MPLS
    #L3VPN


  • 4.  RE: Route is not getting installed in Routing-instance
    Best Answer

    Posted 02-23-2020 04:06

    Hello,

     


    @Sunil_Sandhu wrote:

     

     

    1. how to use OR expresion inside communities.

     

     

    When You have 2 communities on separate lines inside policy-statement, this is OR expression:

     

    policy-statement import_to_A {
    term a {
    from
    {
    community import_to_PE4_100_1; community import_to_PE4_200_1;
    } then accept; } } community import_to_PE4_100_1 members target:100:1; community import_to_PE4_200_1 members target:200:1;

     

     


    @Sunil_Sandhu wrote:

     

    2. i have read that "bgp.l3vpn.0—Stores routes learned from other PE routers. Routes in the bgp.l3vpn.0routing table are copied into a Layer 3 VRF when there is a matching VRF import policy in the PE router"

    if it is not matching with the VRF import policy then why route is in bgp.l3vpn.o table.

     

     

    Are You asking why a given PE receives L3VPN routes which have no matching VRF?

    Well, short answer is that because You haven't enabled "family route-target" in Your BGP group.

    Long answer is here https://www.juniper.net/documentation/en_US/junos/topics/topic-map/l3-vpns-route-target-filtering.html and in RFC 4684 https://tools.ietf.org/html/rfc4684

     

    HTH

    Thx

    Alex



  • 5.  RE: Route is not getting installed in Routing-instance

    Posted 02-23-2020 22:24

    Hi , 

     

    As per the documet JUNOS checks the vpnv4 routes against the vrf import policies.  If the vpnv4 route matches one of the policies, it is added to the bgp.l3vpn.0 routing table otherwise it will not show in the bgp.l3vpn.0 routing table.

     

    bgp.l3vpn.0To determine whether to add a route to the bgp.l3vpn.0 routing table, the Junos OS checks it against the VRF instance import policies for all the VPNs configured on the PE router. If the VPN-IPv4 route matches one of the policies, it is added to the bgp.l3vpn.0routing table. To display the routes in the bgp.l3vpn.0 routing table, use the show route table bgp.l3vpn.0 command.

     

     

    in my case i have configured route target with AND logic [ target:200:1 target:100:1 ]in the policy statement.  but actual route contains only one route target (target:100:1) so it will not match with import policy. then why it was showing in bgp.l3vpn.0 table ?

     

     

    Sunil Kumar

     


    #bgpmplsl3vpnroutingospf


  • 6.  RE: Route is not getting installed in Routing-instance

    Posted 02-23-2020 22:34

    Hi Sunil,

     

    By default, the router will be performing OR operation for the values present in the [ target:200:1 target:100:1 ] square bracket. 



  • 7.  RE: Route is not getting installed in Routing-instance

    Posted 02-23-2020 22:45

    HI, 

     

    thanks for your responce, can please go throught the conversation and respond. as per " " Junos was performing AND logic for the [ target:200:1 target:100:1 ] square bracket thats why route was not getting installed in the A.inet.0 table.

     

    Sunil Kumar



  • 8.  RE: Route is not getting installed in Routing-instance

    Posted 02-24-2020 00:08

    Hello,

     


    @imjoshva wrote:

    By default, the router will be performing OR operation for the values present in the [ target:200:1 target:100:1 ] square bracket. 


     

    Have You tested this Yourself, or are You quoting from some "document" as well? If the latter please supply the link and we get it corrected.

    HTH

    Thx

    Alex

     



  • 9.  RE: Route is not getting installed in Routing-instance

    Posted 02-24-2020 00:15

    Hi ,

     

    i have tested in LAB, i think JUNOS was performing AND logic for target mentioned in Sequare bracket  [ target:200:1 target:100:1]. after creating two seperate communities i got the expected results (OR logic). but why route was showing in bgp.inet.0 table if it was not matching with any vrf import polices.

     

    Sunil Kumar



  • 10.  RE: Route is not getting installed in Routing-instance

    Posted 02-24-2020 00:30

    Hi Sunil/Alex,

    Apologies!! I took the other way. Yes, it is AND operation being performed when the communities are in square bracket. Please ignore the previous post.



  • 11.  RE: Route is not getting installed in Routing-instance

    Posted 02-24-2020 01:29

    Hi , 

     

    please help to answer below query:-

     

    As per the documet JUNOS checks the vpnv4 routes against the vrf import policies.  If the vpnv4 route matches one of the policies, it is added to the bgp.l3vpn.0 routing table otherwise it will not show in the bgp.l3vpn.0 routing table.

     

    bgp.l3vpn.0To determine whether to add a route to the bgp.l3vpn.0 routing table, the Junos OS checks it against the VRF instance import policies for all the VPNs configured on the PE router. If the VPN-IPv4 route matches one of the policies, it is added to the bgp.l3vpn.0routing table. To display the routes in the bgp.l3vpn.0 routing table, use the show route table bgp.l3vpn.0 command.

     

     

    in my case i have configured route target with AND logic [ target:200:1 target:100:1 ]in the policy statement.  but actual route contains only one route target (target:100:1) so it will not match with import policy. then why it was showing in bgp.l3vpn.0 table ?

     

     

    Sunil Kumar



  • 12.  RE: Route is not getting installed in Routing-instance

    Posted 02-24-2020 02:20

    Hello,

    I see You are very insistent :-] to get to the root of Your little issue.

     

     


    @Sunil_Sandhu wrote:

    Hi , 

     

    please help to answer below query:-

     

    As per the documet JUNOS checks the vpnv4 routes against the vrf import policies.  If the vpnv4 route matches one of the policies, it is added to the bgp.l3vpn.0 routing table otherwise it will not show in the bgp.l3vpn.0 routing table.

     

    bgp.l3vpn.0To determine whether to add a route to the bgp.l3vpn.0 routing table, the Junos OS checks it against the VRF instance import policies for all the VPNs configured on the PE router. If the VPN-IPv4 route matches one of the policies, it is added to the bgp.l3vpn.0routing table. To display the routes in the bgp.l3vpn.0 routing table, use the show route table bgp.l3vpn.0 command.

     

     

     

    Looks like the above text is from here https://www.juniper.net/documentation/en_US/junos/topics/topic-map/l3-vpns-routes-vrf-tables.html

     

    The bold text is extreme simplification of what actually happens in JUNOS on receipt of L3VPN route. 

    Specifically, JUNOS does NOT match EVERY L3VPN route against ALL VRF policies.

    What JUNOS does it checks if each L3VPN route has at least 1 RT community attached that is referenced either in VRF policy or in "vrf-target" line under [edit routing-istance BLAH] stanza. If a given L3VPN route has such community, it is admitted into bgp.l3vpn.0 table.

    You can lab it up Yourself by adding a line into Your VRF policy that matches on RT community and rejects the route. Despite the route being rejected by VRF policy, it will be admitted into bgp.l3vpn.0 table nevertheless.

    In Your OP the route had 1 RT community attached and that community was referenced in the VRF policy. That was enough for admission into bgp.l3vpn.0.

    HTH

    Thx

    Alex

      



  • 13.  RE: Route is not getting installed in Routing-instance

    Posted 02-24-2020 02:46

    Thanks aarseniev :-)Smiley Very Happy



  • 14.  RE: Route is not getting installed in Routing-instance

    Posted 02-24-2020 00:06

    Hello,

     


    @Sunil_Sandhu wrote:

    Hi , 

     

    As per the documet JUNOS checks the vpnv4 routes against the vrf import policies... 

     

    I am not sure what "document" You are quoting from but this is NOT how JUNOS works.

    HTH

    Thx

    Alex