Hey Rati, I'd suggest to check out independent-domain <https://www.juniper.net/documentation/en_US/junos/topics/topic-map/l3-vpns-as-configuration.html#id-configuring-layer-3-vpns-to-carry-ibgp-traffic> feature, with or without the "no-attrset" knob. We've used it in the past for similar use-cases.
Best, Guillermo On Fri, Feb 21, 2020 at 4:06 PM Saku Ytti <s...@ytti.fi> wrote: > Hey Rati, > > > > As soon I apply as-override feature on FW to hide originating AS and > > rewrite it to 20, then everything works as expected. > > Is there a special knob in Junos to Advertise "looped" routes over the > > iBGP L3VPN? I've reproduced the same setup in Cisco XR/XE and works fine > > without as-override to hide/rewrite originating-as. > > IOS does not check AS_PATH in iBGP sessions, JunOS does. Neither is > wrong or right, standard is unopinionated here. I like IOS behaviour > better. > > I hope the implication is clear here, to allow loops, in IOS it's > enough to allow it once on incoming eBGP session, on JunOS you need to > allow also on all the iBGP sessions. Basically no one runs multivendor > network with normalised BGP settings, there are all kind of small > different behaviours and standard people use is 'what ever vendor > does'. If you want JunOS to behave same as IOS, just allow arbitrary > loops in all iBGP sessions. > > I would discourage setup where you need to do this. But I admit > network-based-FW is the one place where this really does make things > whole lot easier. I consider network-based-firewall mandatory feature > AS_PATH manipulation. So rewrite the AS_PATH, entirely, on the FW, to > remove the loops. Many FW support this. > > -- > ++ytti > _______________________________________________ > juniper-nsp mailing list juniper-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/juniper-nsp > _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp