Routing

 View Only

IMPORTANT MODERATION NOTICE

This community is currently under full moderation, meaning  all posts will be reviewed before appearing in the community. Please expect a brief delay—there is no need to post multiple times. If your post is rejected, you'll receive an email outlining the reason(s). We've implemented full moderation to control spam. Thank you for your patience and participation.



  • 1.  VRF policy questions

    Posted 12-24-2021 15:38
    I have the following:
    set policy-options policy-statement C2-H-import term 1 then reject
    set routing-instances C2-H instance-type vrf
    set routing-instances C2-H interface ge-0/0/7.311
    set routing-instances C2-H interface lo0.1
    set routing-instances C2-H vrf-import C2-H-import
    set routing-instances C2-H vrf-export C2-H-export
    set routing-instances C2-H protocols bgp group ce peer-as 64600
    set routing-instances C2-H protocols bgp group ce neighbor 192.168.0.42
    
    root@R1# run show route 172.31.76.0/24
    
    C2-H.inet.0: 7 destinations, 7 routes (7 active, 0 holddown, 0 hidden)
    + = Active Route, - = Last Active, * = Both
    
    172.31.76.0/24     *[BGP/170] 00:01:28, localpref 100
                          AS path: 64600 54591 54591 I, validation-state: unverified
                        > to 192.168.0.42 via ge-0/0/7.311
    
    bgp.l3vpn.0: 4 destinations, 4 routes (4 active, 0 holddown, 0 hidden)
    + = Active Route, - = Last Active, * = Both
    
    172.30.5.7:6:172.31.76.0/24
                       *[BGP/170] 08:40:57, localpref 100, from 172.30.5.41
                          AS path: 64600 I, validation-state: unverified
                          to 172.30.0.2 via ae0.0, Push 299936, Push 299888(top)
                        > to 172.30.0.10 via ge-0/0/2.118, Push 299936, Push 299840(top)
    ​

    The import rejects everything, does that mean no routes learnt from l3vpn should not go to VRF route table ?  I do not understand why 172.31.76.0/24 shows in the vrf route table.

    thanks !!



  • 2.  RE: VRF policy questions

    Posted 12-26-2021 05:52
    Your assumption is correct, the "C2-H-import" policy should reject import of any routes from far end PEs, however the active your for the /24 in  C2-H.inet.0  table is learnt from your direct bgp peer, 192.168.0.42, not remote PE.
    I believe this is the PE-CE portion, you can reject this route as well by adding another import policy under BGP.


  • 3.  RE: VRF policy questions

    Posted 12-26-2021 14:41
    thanks so much !  I will look more closely.


  • 4.  RE: VRF policy questions

    Posted 12-26-2021 05:54
    It may be because your configuration is making use ofvrf-import which controls what BGP VPNv4 prefixes get imported into the VRF's Routing Table by matching Route-Targets.
    The BGP route displayed in C2-H.inet.0 seems not to be there via BGP VPNv4 (received from within the MPLS) but most likely is coming from the BGP session with the CPE via ge-0/0/7.311.
    If you wish not to see any BGP entry in C2-H.inet.0, can you give a try with the regular import [ policy-names ]; in your BGP configuration?

    ------------------------------
    Hector Gustavo Serrano Gutierrez
    ------------------------------



  • 5.  RE: VRF policy questions

    Posted 12-26-2021 14:41
    thanks so much. I will look more closely.