Hi, It seems the router is RR or ebgp for family inet-vpn. In this case routes in vrf tables are exported to global bgp.l3vpn.0 with respective vrf-export policies.
I'm pretty sure the problematic routes are being advertised to remote PEs but with missing communities. This can be checked: show route advertising-protocol bgp "remote PE ip" 61.217.192.0/18 detail In order to solve just add rt-premium community for desired routes in vrf-export policy applied to CT vrf. HTH, Krasi > -----Original Message----- > From: juniper-nsp-boun...@puck.nether.net [mailto:juniper-nsp- > boun...@puck.nether.net] On Behalf Of Jimmy Halim > Sent: 08.10.2009 4:35 AM > To: ntari...@juniper.net; juniper-nsp@puck.nether.net > Subject: Re: [j-nsp] Layer 3 VPN Routing and Forwarding (VRF) Tables Issue > > Hi Tarique, > > For your info, I have escalated this to JTAC as well. Waiting for their > update. > > Hi guys, > > Anyone has encountered the same issue before? > Bgp.l3vpn table is receiving routes from direct peering that is > provisioned > on the same PE. This shouldn't be the case. > And that PE only advertising routes to other PEs under bgp.l3vpn table, > and > they are not advertising any routes on any of VRF tables defined on that > PE. > > Thanks & Regards, > Jimmy > > -----Original Message----- > From: Jimmy Halim [mailto:ji...@pacnet.net] > Sent: Tuesday, October 06, 2009 11:13 AM > To: 'ntari...@juniper.net'; 'juniper-nsp@puck.nether.net' > Subject: RE: [j-nsp] Layer 3 VPN Routing and Forwarding (VRF) Tables Issue > > Hi Tarique, > > I have tried it. But it is still not being advertised :( > > Regarding my query, for strange reason bgp.l3vpn table in router A is > storing the routes that learned via direct BGP peering that being > provisioned in router A. I believe this shouldn't be the case. bgp.l3vpn > table only should store routes that are learned via other PEs. > > ================ > show route table bgp.l3vpn.0 20.139.160.0/20 > > bgp.l3vpn.0: 316660 destinations, 316660 routes (316660 active, 0 > holddown, > 0 hidden) > + = Active Route, - = Last Active, * = Both > > 1.1.1.1:9001:20.20.0.0/16 ---------> 1.1.1.1:9001 is RT of CT vrf > *[BGP/170] 5d 23:44:00, MED 100, localpref 250 > AS path: 123 321 I > > to 20.20.20.1 via ge-0/2/0.0 ================ > > So, router A is advertising those routes learned via direct BGP peering > under bgp.l3vpn table. There are no routes being advertised out to other > PEs > under CT vrf table or premium vrf table. > > Thanks & Regards, > Jimmy > > -----Original Message----- > From: Nalkhande Tarique Abbas [mailto:ntari...@juniper.net] > Sent: Monday, October 05, 2009 6:11 PM > To: Jimmy Halim; juniper-nsp@puck.nether.net > Subject: RE: [j-nsp] Layer 3 VPN Routing and Forwarding (VRF) Tables Issue > > > Hi Jimmy, > > How about adding another term in your premium-export policy .. > > term export-CT { > from community csr-CT-vrf; > then accept; > } > > ... before reject on both the sides. > > > Coming to your query on direct route in bgp.l3vpn table, do you mean this > is > a direct route from inet.0? Is this BGP peer not under any VRF & at a > global > level? > > > > Thanks & Regards, > Tarique A. Nalkhande > > -----Original Message----- > From: Jimmy Halim [mailto:ji...@pacnet.net] > Sent: Monday, October 05, 2009 2:52 PM > To: Nalkhande Tarique Abbas; juniper-nsp@puck.nether.net > Subject: RE: [j-nsp] Layer 3 VPN Routing and Forwarding (VRF) Tables Issue > > Hi Tarique, > > Yes, I am leaking CT crf routes into premium vrf on router A using the > community. > > policy-options policy-statement csr-rib-policy-from-CT-vrf-peer term aloha > { > from { > community csr-CT-vrf; > } > to rib vrf_premium.inet.0; > then { > accept; > } > } > > ========================== > Export policy on router A: > > routing-instances vrf_premium: > instance-type vrf; > route-distinguisher 1.1.1.1:9005; > vrf-export premium-export; > vrf-table-label; > > ==== > policy-options policy-statement premium-export: > term add-premium { > from protocol [ direct static bgp ]; > then { > community add rt-premium; > accept; > } > } > then reject; > > ==== > community rt-premium: > members target:10026:9005; > > =========================== > Import policy on router B: > > routing-instances vrf_premium: > instance-type vrf; > route-distinguisher 2:2:2:2:9005; > vrf-import premium-import; > vrf-table-label; > > ==== > policy-options policy-statement premium-import term add-premium { > from community rt-premium; > then accept; > } > then reject; > > ==== > community rt-premium: > members target:10026:9005 > ======================== > > By the way, what do you think of the route table bgp.l3vpn.0? > Is it correct to say that it shouldn't show the direct peering routes that > is provisioned on the same PE? > > route table bgp.l3vpn.0 61.217.192.0/18 > > bgp.l3vpn.0: 316803 destinations, 316803 routes (316803 active, 0 > holddown, > 0 hidden) > + = Active Route, - = Last Active, * = Both > > 122.122.122.1:9003:61.217.192.0/18 > *[BGP/170] 6w6d 21:34:02, MED 100, localpref 250, from > 122.5.5.1 > AS path: 1334 I > to 122.5.5.2 via so-1/2/0.0 ---------> Direct > peering > interface > > to 122.5.5.3 via so-1/3/0.0 ---------> Direct > peering > interface ========================== > > Cheers, > Jimmy > > > -----Original Message----- > From: Nalkhande Tarique Abbas [mailto:ntari...@juniper.net] > Sent: Monday, October 05, 2009 4:55 PM > To: Jimmy Halim; juniper-nsp@puck.nether.net > Subject: RE: [j-nsp] Layer 3 VPN Routing and Forwarding (VRF) Tables Issue > > > <You said> > > --I have confirmed that in router A, all the routes that are learned via > direct peering (CT vrf) are inside premium vrf route table. > > --I can confirm that direct connected, static, and customer's BGP routes > that are provisioned in router A under premium vrf are being seen under > router B under premium vrf. So the issue is only on those routes that > are > learned via direct peering under CT vrf. Those routes are not advertised > to > router B premium vrf. Any clue? > > > > <Tarique> > So how do you leak CT vrf routes into premium vrf on router A, by means > of > community? These routes certainly won't fall under static, direct or > customers bgp (of premium). > > With the available information, I would still doubt the export policy on > router A & import on router B of premium vrf. Though having a look at > outputs/config on both sides would help. > > > > Thanks & Regards, > Tarique A. Nalkhande > > > -----Original Message----- > From: juniper-nsp-boun...@puck.nether.net > [mailto:juniper-nsp-boun...@puck.nether.net] On Behalf Of Jimmy Halim > Sent: Monday, October 05, 2009 2:03 PM > To: juniper-nsp@puck.nether.net > Cc: ji...@pacnet.net > Subject: [j-nsp] Layer 3 VPN Routing and Forwarding (VRF) Tables Issue > > Hi guys, > > I have a situation where the PE (router A) is not advertising the routes > that they got from direct peering (for example under CT vrf) to other PE > (router B) under different vrf (for example premium vrf). > > I have confirmed that in router A, all the routes that are learned via > direct peering (CT vrf) are inside premium vrf route table. > It means the import policy is working. > > The strange thing, thouse routes are not being advertised to premium vrf > in > router B. I have confirmed there is no problem with export policy in > router > A and import policy in router B. > > In router A, under route table bgp.l3vpn.0, I am seeing the route that > is > learned via direct peering interface. This shouldn't be the case right? > > ============================== > route table bgp.l3vpn.0 61.217.192.0/18 > > bgp.l3vpn.0: 316803 destinations, 316803 routes (316803 active, 0 > holddown, > 0 hidden) > + = Active Route, - = Last Active, * = Both > > 122.122.122.1:9003:61.217.192.0/18 > *[BGP/170] 6w6d 21:34:02, MED 100, localpref 250, > from > 122.5.5.1 > AS path: 1334 I > to 122.5.5.2 via so-1/2/0.0 ---------> Direct > peering > interface > > to 122.5.5.3 via so-1/3/0.0 ---------> Direct > peering > interface ============================== > > I can confirm that direct connected, static, and customer's BGP routes > that > are provisioned in router A under premium vrf are being seen under > router B > under premium vrf. So the issue is only on those routes that are learned > via > direct peering under CT vrf. Those routes are not advertised to router B > premium vrf. > > Any clue? > > Cheers, > Jimmy > _______________________________________________ > juniper-nsp mailing list juniper-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/juniper-nsp > > _______________________________________________ > juniper-nsp mailing list juniper-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/juniper-nsp _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp