View Only
last person joined: 12 days ago 

Ask questions and share experiences about ACX Series, CTP Series, MX Series, PTX Series, SSR Series, JRR Series, and all things routing, including portfolios and protocols.
  • 1.  L3VPN via vRR

    Posted 04-15-2022 06:31

    Hello !

    I'm trying to build a MPLS L3VPN with vRR.

    Each PE gets routes in the right table (vrf-xxx-001.inet.0) but do not exchange routes between them.

    Each PE have a BGP session to vRR. ISIS is used as IGP and MPLS/LDP is activated. PE advertises routes to vRR. 

    Should I create vrf in vRR ? 

    I don't know where to start my debugging...

    Any idea ?

    Thanks in advance !


  • 2.  RE: L3VPN via vRR

    Posted 04-16-2022 12:59

    RR are like any other BGP router, it must be able to resolve BGP next-hop before considering the route usable. Now, most likely your RR is not running MPLS therefore its inet.3 table is empty and it considers all inet-vpn routes as unusable. Check with "show route table bgp.l3vpn.0 hidden". 

    To populate inet.3 on the RR, you have several ways more or less complex. 
    - You may use rib group to import IGP learned loopbacks from inet.0 to inet.3
    - Or very simple, just add a static default discard route in inet.3 (set routing-options rib inet.3 static route discard)

    The static discard route is not an issue, the RR must just think the next-hop is reachable to reflect a route, it doesn't need to be able to use it itself. 

    Hope this help... 



  • 3.  RE: L3VPN via vRR

    Posted 04-16-2022 12:59
    vRR does not need VRF config.  Interestingly, an "out-of-band" Route Reflector doesn't even need MPLS/LDP... vRR simply runs MP-iBGP to exchange VPNv4 NLRI with PE's.

    A Route Reflector is a control plane thing that simply programs the route tables of the PE's

    You mentioned PE's are getting routes, which seems to mean that they have proper Import Route Targets.  you also mentioned PE advertises routes to vRR so that seems to imply that Export Route Targets are in place also

    you may need to start with a simple 1:1 import AND export RT for all pe's to make sure it's working... later you can complicate it with different import and export rt's to fit your design.

    If PE's do not advertise routes between each other... so no PE to PE routes are seen, it may mean that the vRR is not properly configured to reflect routes to clients.  So, vRR doesn't see bgp neighbors to PE's as clients.

    Here are a couple videos I did on my YouTube channel may help with this (junos and ios-xr)

    L3VPN... jumps to the part

    dual route reflector hub

    Aaron Gould
    Senior Network Engineer

  • 4.  RE: L3VPN via vRR

    Posted 04-20-2022 15:49
    vrf is not needed in vRR. When you say that 'Each PE gets route in the right table', do you mean routes from the other PE router OR routes from the locally connected CE routers?
    Few things to check: -
    - Check for hidden routes on vRR and see if the routes advertised by the PE routers are hidden in the inet.0 and bgp.l3vpn.0 table.
    - Ensure that on the PE routers "next-hop self" is set on the export policy towards the vRR, so that the vRR sees the PE IPs as the next-hop )in case you have eBGP between PE-CE)
    - Populate the IP addresses of the PE routers in the inet.3 by : - a) leaking the PE loopbacks from inet.0 to inet.3 using rib-groups and applied on the protocol ISIS; OR b) configuring a static route in the inet.3 ( set routing-options rib inet.3 static route x.x.x.x/y (for the PE loopback summary subnet OR 0/0) receive)


    Sheetanshu Shekhar

  • 5.  RE: L3VPN via vRR

    Posted 04-20-2022 18:31

    also, good commands to see what is sent from router to another router are as follows...

    show route advertising-protocol bgp table one.inet.0

    show route receive-protocol bgp table bgp.l3vpn.0

    On the PE's is where the vrf (routing instance) is, so I think you can see what is advertise from the PE specifying the table as [vrf].inet.0

    On the RR I think you see what is received into bgp.l3vpn.0

    Aaron Gould
    Senior Network Engineer