Re: [j-nsp] copy vpn routes to inet.0
Ok, I'll try to answer all your questions, but am in a rush, so if I miss
something, just let me know.
1. The default route is for jumping out of the VPN to inet.0. You don't need
this if you don't want to leave the VPN. In other words you can still advertise
your VPN routes to inet.0 just using auto-export and rib groups.
2. Yes, as I showed in the example, I am publishing the VRF-specific loopback
to inet.0 using auto-export. Same exact formula for physical interfaces as well.
3. As for the remote routes, it will not work. Basically, if the local PE
learns routes from other PEs, it will not readvertise them to inet.0 like it
will with the local PE routes. This really stinks for me as I can't use a
single PE as a gateway into the VRF (well, not easily anyway).
4. As for an explanation of auto-export, I am probably not the best person to
explain all of its details or differences with other junos knobs. I would
suggest getting with your SE and having them dig up the detailed info for you.
Take care,
-Jeff
From: snort bsd [snort...@yahoo.com.au]
Sent: Wednesday, December 24, 2008 10:12 PM
To: juniper-nsp; Richmond, Jeff
Subject: RE: [j-nsp] copy vpn routes to inet.0
thanks, jeff
but your primary table is inet.0 but the default route 0/0 point to next table
of inet.0. how does that work?
actually i am very interested in your old post:
"Just be aware that you can only do this with local routes in the VRF, not
remotely learned routes from other PEs. At one point I was wanting to make a
"gateway" PE using auto-export and RIB groups to enter/exit the VRF on a single
PE, which works great with local routes (interface, static, etc.), but will not
work with remotely learned VRF routes (via MBGP). I asked Juniper about this,
and was basically told it just won't work. So, I ended up having each PE do
auto-export... "
indeed i am trying to copy vpn routes learned from other PE routers into inet.0
and as you had pointed before, it would not work. now i am dying to know why
not...:)
also how could you get that vpn specific loopback into inet.0? via
"auto-export" statement?
what does that "auto-export" statement mean? automatically export all of routes
under that VRF to route tables of inet.0 and 300.inet.0? honestly i still can't
get clear meaning of this "auto-export" statement.
in fact, if that just for the lo0.300, i could just use "interface-routes"
statement under that vpn instance to achieve the same result.
--- On Wed, 24/12/08, Richmond, Jeff wrote:
From: Richmond, Jeff
Subject: RE: [j-nsp] copy vpn routes to inet.0
To: "snort bsd" , "juniper-nsp"
Received: Wednesday, 24 December, 2008, 6:20 PM
Here is a sample from one of my lab routers. I am just using a loopback IP
inside VRF 300, but as you can see, it is now seen in inet.0.
j...@r2> show configuration routing-instances 300
description "Customer 2 VRF";
instance-type vrf;
interface lo0.300;
vrf-target target:65100:300;
vrf-table-label;
routing-options {
static {
route 0.0.0.0/0 next-table inet.0;
}
auto-export {
family inet {
unicast {
rib-group CUST300-RIB;
}
}
}
}
j...@r2> show configuration routing-options rib-groups
CUST300-RIB {
import-rib [ inet.0 300.inet.0 ];
import-policy RESTRICT-VRF300;
}
j...@r2> show configuration interfaces lo0 unit 300
family inet {
address 10.99.99.1/32;
}
j...@r2> show route 10.99.99.1
inet.0: 152 destinations, 167 routes (104 active, 0 holddown, 48 hidden)
+ = Active Route, - = Last Active, * = Both
10.99.99.1/32 *[Direct/0] 14:18:57
> via lo0.300
300.inet.0: 2 destinations, 2 routes (2 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
10.99.99.1/32 *[Direct/0] 14:18:57
> via lo0.300
From:
juniper-nsp-boun...@puck.nether.net
[juniper-nsp-boun...@puck.nether.net]
On Behalf Of snort bsd
[snort...@yahoo.com.au]
Sent: Tuesday, December 23, 2008 3:27 PM
To: juniper-nsp
Subject: [j-nsp] copy vpn routes to inet.0
Hi all:
Could those routes in the L3VPN table be copied to inet.0? I tried to use
policy and it doesn't seem to be working:
term l3vpn->inet.0 {
from {
rib l3vpn.inet.0;
route-filter 100.100.0.0/16 orlonger;
}
to rib inet.0;
then {
accept;
}
}
_dave
Stay connected to the people that matter most with a smarter inbox. Take
a look http://au.docs.yahoo.com/mail/smarterinbox
___
juniper-nsp mailing list
juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
Stay connected to the people that matter most with a smarter inbox. Take a
look.
_
Re: [j-nsp] copy vpn routes to inet.0
thanks, jeff
but your primary table is inet.0 but the default route 0/0 point to next table
of inet.0. how does that work?
actually i am very interested in your old post:
"Just be aware that you can only do this with local routes in the VRF, not
remotely learned routes from other PEs. At one point I was wanting to make a
"gateway" PE using auto-export and RIB groups to enter/exit the VRF on a single
PE, which works great with local routes (interface, static, etc.), but will not
work with remotely learned VRF routes (via MBGP). I asked Juniper about this,
and was basically told it just won't work. So, I ended up having each PE do
auto-export...
"
indeed i am trying to copy vpn routes learned from other PE routers into inet.0
and as you had pointed before, it would not work. now i am dying to know why
not...:)
also how could you get that vpn specific loopback into inet.0? via
"auto-export" statement?
what does that "auto-export" statement mean? automatically export all of routes
under that VRF to route tables of inet.0 and 300.inet.0? honestly i still can't
get clear meaning of this "auto-export" statement.
in fact, if that just for the lo0.300, i could just use "interface-routes"
statement under that vpn instance to achieve the same result.
--- On Wed, 24/12/08, Richmond, Jeff wrote:
From: Richmond, Jeff
Subject: RE: [j-nsp] copy vpn routes to inet.0
To: "snort bsd" , "juniper-nsp"
Received: Wednesday, 24 December, 2008, 6:20 PM
Here is a sample from one of my lab routers. I am just using a loopback IP
inside VRF 300, but as you can see, it is now seen in inet.0.
j...@r2> show configuration routing-instances 300
description "Customer 2 VRF";
instance-type vrf;
interface lo0.300;
vrf-target target:65100:300;
vrf-table-label;
routing-options {
static {
route 0.0.0.0/0 next-table inet.0;
}
auto-export {
family inet {
unicast {
rib-group CUST300-RIB;
}
}
}
}
j...@r2> show configuration routing-options rib-groups
CUST300-RIB {
import-rib [ inet.0 300.inet.0 ];
import-policy RESTRICT-VRF300;
}
j...@r2> show configuration interfaces lo0 unit 300
family inet {
address 10.99.99.1/32;
}
j...@r2> show route 10.99.99.1
inet.0: 152 destinations, 167 routes (104 active, 0 holddown, 48 hidden)
+ = Active Route, - = Last Active, * = Both
10.99.99.1/32 *[Direct/0] 14:18:57
> via lo0.300
300.inet.0: 2 destinations, 2 routes (2 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
10.99.99.1/32 *[Direct/0] 14:18:57
> via lo0.300
From: juniper-nsp-boun...@puck.nether.net [juniper-nsp-boun...@puck.nether.net]
On Behalf Of snort bsd [snort...@yahoo.com.au]
Sent: Tuesday, December 23, 2008 3:27 PM
To: juniper-nsp
Subject: [j-nsp] copy vpn routes to inet.0
Hi all:
Could those routes in the L3VPN table be copied to inet.0? I tried to use
policy and it doesn't seem to be working:
term l3vpn->inet.0 {
from {
rib l3vpn.inet.0;
route-filter 100.100.0.0/16 orlonger;
}
to rib inet.0;
then {
accept;
}
}
_dave
Stay connected to the people that matter most with a smarter inbox. Take
a look http://au.docs.yahoo.com/mail/smarterinbox
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
Stay connected to the people that matter most with a smarter inbox. Take
a look http://au.docs.yahoo.com/mail/smarterinbox
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] VPLS support on Fast Ethernet
> > Does VPLS supported on Juniper Fast Ethernet PB-4FE-TX/PE-4FE-TX? > > No. I stand corrected here. VPLS is possible on FE ports using LSI interfaces (no-tunnel-services configured under the VPLS instance). This carries some restrictions compared to using IQ interfaces and tunnel PICs. Steinar Haug, Nethelp consulting, sth...@nethelp.no ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] DSL Aggregation - ATM vs. ATM2
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Dec 23, 2008, at 11:46 PM, Charles Sprickman wrote:
interface ATM3/0.1163 point-to-point
ip unnumbered Loopback1
atm route-bridged ip SECRET SAUCE HERE
pvc 0/1163
encapsulation aal5snap
!
The above is what Cisco calls "route bridged encapsulation" or some
such thing. It is a very cool feature that replaced the old model
using BVI interfaces which had a whole slew of problems including
sending broadcasts where they shouldn't, letting customers grab as
many IPs as they could, and letting them steal each other's IPs if
you didn't do static ARP entries for everyone.
So given the above, are those configs possible in JunOS? And if
they are, can I get away with the non-ATM2 card? What interesting
stuff does ATM2 add that might be useful for our very narrow
application?
I've not tried to see if it works, but at least the client DSL
interface for a J-series will let you set a unnumbered-address:
ds...@jrtr# set interfaces at-3/0/0.0 family inet unnumbered-address ?
Possible completions:
<[Enter]>Execute this command
Interface from which to take local address
destination Destination address
destination-profile Profile to use for destination address
|Pipe through a command
Similarly the encap method you need is 'ether-over-atm-llc':
ds...@jrtr> show configuration interfaces at-3/0/0
atm-options {
vpi 0;
}
dsl-options {
operating-mode auto;
}
unit 0 {
encapsulation ether-over-atm-llc;
vci 0.35;
family inet {
address x.x.x.x/24;
}
}
David
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (Darwin)
iEYEARECAAYFAklSU/wACgkQLa9jIE3ZamPXkQCgpdTzm7mArz1BRJW9E05Bl6Vn
qXcAoLUQCnERxmZag2LZCcdlUwnh6ci4
=5kRX
-END PGP SIGNATURE-
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] VPLS support on Fast Ethernet
> Does VPLS supported on Juniper Fast Ethernet PB-4FE-TX/PE-4FE-TX? No. > If above Fast-Ethernet doest support VPLS; Can someone recommend any of > Fast-Ethernet module which support VPLS. They don't exist. You need IQ or IQ2 Ethernet cards (or MX Ethernet ports) for VPLS. > What's the difference between PB or PE cards? Form factor. PE is for M7i/M10i, PB is for M320 and several discontinued models. See http://juniper.cluepon.net/index.php/PB-Style_PIC http://juniper.cluepon.net/index.php/PE-Style_PIC for a good overview. Steinar Haug, Nethelp consulting, sth...@nethelp.no ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] VPLS support on Fast Ethernet
Does VPLS supported on Juniper Fast Ethernet PB-4FE-TX/PE-4FE-TX? If above Fast-Ethernet doest support VPLS; Can someone recommend any of Fast-Ethernet module which support VPLS. What's the difference between PB or PE cards? ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] policy map two routing protocol,
Hi Ahmad.
This cannot be done with the given policy because there will be AND
operation between aggregate and ospf protocol. In your policy 10.10/16 and
192.168/16 routes must be matched with aggregate and ospf protocol. which
will not heppen if both routes cannot be learned from both protocols.
Following policy may be used to get desired results.
policy-statement example {
term 1 {
from {
protocol aggregate;
route-filter 10.10.0.0/16 exact;
}
then accept;
}
term 2 {
from {
protocol ospf;
route-filter 192.168.0.0/16 exact;
}
then accept;
}
}
Regards.
Aamir
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] dymanic interfaces junose
Hi, Try shutting down the vlan-range with something like the following statement: (config-if)#vlan bulk-config test shutdown vlan-range 567 667 also see: http://www.juniper.net/techpubs/software/erx/junose73/swconfig-link/html/dynamic-interfaces-bulk-config6.html Regards, Junaid On Fri, Jan 18, 2008 at 5:10 PM, SunnyDay wrote: > Hello > In junose ihave this configuration on an interface: > > i/nterface gigabitEthernet 1/0/1 > shutdown > mtu 1522 > encapsulation vlan > vlan bulk-config "test" > profile vlan bulk-config "test" "test pro" > vlan bulk-config "test" vlan-range 567 667 > > /my problem is that the interface is shutdown but i still have vlan > subinterface,pppoe interface and ppp in down state > and i cannot remove the "/vlan bulk-config "test" vlan-range 567 667" /from > the interface because it says:/dynamic interface exists > > any ideas? > / > ___ > juniper-nsp mailing list juniper-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/juniper-nsp > ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] dymanic interfaces junose
Hello, I agree with Motoki. If you have a few interfaces, you can switch to configure mode and shutdown your dormant subinterfaces just like configuring a static subinterface. Otherwise, you need to shutdown your major interface. Regards. Fatih --- On Mon, 12/22/08, Motoki Seta wrote: From: Motoki Seta Subject: Re: [j-nsp] dymanic interfaces junose To: juniper-nsp@puck.nether.net Date: Monday, December 22, 2008, 5:19 AM Hello Maybe... The reason why the interface cannot be deleted is that "Dormant" interface remains. >#show vlan subinterface > Svlan Vlan Ether > Interface Status MTU IdId type Type > --- - - --- >lag 16/0.11 Dormant 1522 11 Dynamic >lag 16/0.13 Dormant 1522 13 Dynamic >2 vlan subinterfaces found It is possible to delete it according to the following procedures. >#conf t >Enter configuration commands, one per line. End with ^Z. >#int lag16/0.11 >#shutdown >#int lag16/0.13 >#shutdown >#end >#show vlan subinterface >Svlan Vlan Ether > Interface Status MTU IdId type Type > -- - - -- >0 vlan subinterfaces found > >#conf t >#interface lag 16/0 >#no vlan bulk-config "TEST-RANGE" vlan-range 10 19 --- Motoki Seta ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
