Routing

 View Only
last person joined: 23 hours ago 

Ask questions and share experiences about ACX Series, CTP Series, MX Series, PTX Series, SSR Series, JRR Series, and all things routing, including portfolios and protocols.
  • 1.  VRF policy questions

    Posted 12-24-2021 15:38
    I have the following:
    set policy-options policy-statement C2-H-import term 1 then reject
    set routing-instances C2-H instance-type vrf
    set routing-instances C2-H interface ge-0/0/7.311
    set routing-instances C2-H interface lo0.1
    set routing-instances C2-H vrf-import C2-H-import
    set routing-instances C2-H vrf-export C2-H-export
    set routing-instances C2-H protocols bgp group ce peer-as 64600
    set routing-instances C2-H protocols bgp group ce neighbor 192.168.0.42
    
    root@R1# run show route 172.31.76.0/24
    
    C2-H.inet.0: 7 destinations, 7 routes (7 active, 0 holddown, 0 hidden)
    + = Active Route, - = Last Active, * = Both
    
    172.31.76.0/24     *[BGP/170] 00:01:28, localpref 100
                          AS path: 64600 54591 54591 I, validation-state: unverified
                        > to 192.168.0.42 via ge-0/0/7.311
    
    bgp.l3vpn.0: 4 destinations, 4 routes (4 active, 0 holddown, 0 hidden)
    + = Active Route, - = Last Active, * = Both
    
    172.30.5.7:6:172.31.76.0/24
                       *[BGP/170] 08:40:57, localpref 100, from 172.30.5.41
                          AS path: 64600 I, validation-state: unverified
                          to 172.30.0.2 via ae0.0, Push 299936, Push 299888(top)
                        > to 172.30.0.10 via ge-0/0/2.118, Push 299936, Push 299840(top)
    ​

    The import rejects everything, does that mean no routes learnt from l3vpn should not go to VRF route table ?  I do not understand why 172.31.76.0/24 shows in the vrf route table.

    thanks !!



  • 2.  RE: VRF policy questions

    Posted 12-26-2021 05:52
    Your assumption is correct, the "C2-H-import" policy should reject import of any routes from far end PEs, however the active your for the /24 in  C2-H.inet.0  table is learnt from your direct bgp peer, 192.168.0.42, not remote PE.
    I believe this is the PE-CE portion, you can reject this route as well by adding another import policy under BGP.


  • 3.  RE: VRF policy questions

    Posted 12-26-2021 14:41
    thanks so much !  I will look more closely.


  • 4.  RE: VRF policy questions

    Posted 12-26-2021 05:54
    It may be because your configuration is making use ofvrf-import which controls what BGP VPNv4 prefixes get imported into the VRF's Routing Table by matching Route-Targets.
    The BGP route displayed in C2-H.inet.0 seems not to be there via BGP VPNv4 (received from within the MPLS) but most likely is coming from the BGP session with the CPE via ge-0/0/7.311.
    If you wish not to see any BGP entry in C2-H.inet.0, can you give a try with the regular import [ policy-names ]; in your BGP configuration?

    ------------------------------
    Hector Gustavo Serrano Gutierrez
    ------------------------------



  • 5.  RE: VRF policy questions

    Posted 12-26-2021 14:41
    thanks so much. I will look more closely.