Re: [j-nsp] Does a L3VPN RR require routing-instance for each VRF?
> -Original Message- > From: juniper-nsp-boun...@puck.nether.net [mailto:juniper-nsp- > boun...@puck.nether.net] On Behalf Of Phil Mayers > Sent: Tuesday, November 29, 2011 7:38 AM > To: juniper-nsp@puck.nether.net > Subject: [j-nsp] Does a L3VPN RR require routing-instance for each > VRF? > > As per subject line: if we want to use a JunOS box (M7i, running > 10.4) > as a route-reflector, it seems to reject inet-vpn routes with: > > bgp_rcv_nlri: 129.x.x.0:4:193.x.x.0/92 rejected due to the lack of a > valid target community > > I was hoping we could avoid the hassle of defining the VRF on the RRs > if > possible, but I guess that is required - am I missing some obvious / > subtle point why that is the case, or some way of making it work? Basic question - I'm assuming that you have "cluster x.x.x.x" configured under the BGP group or individual BGP neighbor? This is the only reason I could see this occurring, is if you were missing the cluster statement, or it was being overridden by something else. -evt ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Does a L3VPN RR require routing-instance for each VRF?
Including the bgp config would help too. ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Does a L3VPN RR require routing-instance for each VRF?
On 29/11/11 14:46, Per Granath wrote: If you are doing route target filtering (family route-target), then you may need to add the default target on the RRs: set ... protocols bgp ... family route-target advertise-default We are not doing route target filtering. I think I need to re-state my problem. I'm getting a lot of questions (unicast, off-list) which indicate I have not explained myself correctly. ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Does a L3VPN RR require routing-instance for each VRF?
If you are doing route target filtering (family route-target), then you may need to add the default target on the RRs: set ... protocols bgp ... family route-target advertise-default Cheers. ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Does a L3VPN RR require routing-instance for each VRF?
You don't need to define any VRFs. I'll post a config later. You don't need static routes for each PE either, you can just have a default route to discard in inet.3 and it'll work. Derick Winkworth CCIE #15672 (RS, SP), JNCIE-M #721 http://packetpushers.net/author/dwinkworth/ From: Phil Mayers To: Keegan Holley Cc: "juniper-nsp@puck.nether.net" Sent: Tuesday, November 29, 2011 7:06 AM Subject: Re: [j-nsp] Does a L3VPN RR require routing-instance for each VRF? On 29/11/11 12:55, Keegan Holley wrote: > Do you have family inet-VPN configured in the group stanza? All the Yes. I also have routes in the "inet.3" table matching the next-hops (to reply to the many people who unicasted me off-list). I have tried both a static and LDP. > routes are reflected from the bgp.l3vpn.0 table. You don't have to This does not occur unless I define a routing-instance. In fact, with no routing-instance defined, the "bgp.l3vpn.0" table is simply absent. > define each vrf. If you already configured the address family it > sounds like it doesn't like your ext. communities for some reason. Where would the ext. communities come from if I haven't defined a routing-instance? ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Does a L3VPN RR require routing-instance for each VRF?
On 29/11/11 12:55, Keegan Holley wrote: Do you have family inet-VPN configured in the group stanza? All the Yes. I also have routes in the "inet.3" table matching the next-hops (to reply to the many people who unicasted me off-list). I have tried both a static and LDP. routes are reflected from the bgp.l3vpn.0 table. You don't have to This does not occur unless I define a routing-instance. In fact, with no routing-instance defined, the "bgp.l3vpn.0" table is simply absent. define each vrf. If you already configured the address family it sounds like it doesn't like your ext. communities for some reason. Where would the ext. communities come from if I haven't defined a routing-instance? ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Does a L3VPN RR require routing-instance for each VRF?
Do you have family inet-VPN configured in the group stanza? All the routes are reflected from the bgp.l3vpn.0 table. You don't have to define each vrf. If you already configured the address family it sounds like it doesn't like your ext. communities for some reason. Sent from my iPhone On Nov 29, 2011, at 7:37 AM, Phil Mayers wrote: > As per subject line: if we want to use a JunOS box (M7i, running 10.4) as a > route-reflector, it seems to reject inet-vpn routes with: > > bgp_rcv_nlri: 129.x.x.0:4:193.x.x.0/92 rejected due to the lack of a valid > target community > > I was hoping we could avoid the hassle of defining the VRF on the RRs if > possible, but I guess that is required - am I missing some obvious / subtle > point why that is the case, or some way of making it work? > > Cheers, > Phil > ___ > juniper-nsp mailing list juniper-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/juniper-nsp > ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
