In the previous posts we discusses how to leak routes using
RIB Groups and Instance-Import statements. In our third tutorial, we’ll check
how we can do this in L3-VPN routing instances.
The major difference between the previous methods and this
one, is that RIB-Groups and Instance Import are only local route-leaking. Meaning,
the routes that you import or export are only the prefixes that are present on
the router. In L3-VPNs, Multi-Protocol BGP ( MP-BGP) is used to signal and exchange
prefix with remote routers using MPLS as a foundation. I highly suggest you
read a lot about MPLS before going through this tutorial.
JUNOS supports to route-leaking in L3-VPNs. External Route
Leaking and Internal Route Leaking. Let’s check what each one of them do.
External
Route Leaking
As mentioned Earlier, MP-BGP is used to import the routes
from a VRF present on a remote router using MP-BGP.
Check this topology
In L3-VPNs typical application, PE Routers connect customers in
different geographical locations. In our case here, PE1 and PE2 connect
Customer A Branches and Customer B Branches with each other.
Assuming that all VRF configurations is done, MP-BGP is
established and customer A branches are connected and customer B branches are
connected. Let’s see how Customer A routing table look like
On PE1
root@PE1> show route table
cust-a
CUST-A1.inet.0: 2 destinations,
2 routes (2 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last
Active, * = Both
10.1.1.1/32 *[Direct/0] 00:26:30
> via lo0.20
10.2.2.2/32 *[BGP/170] 00:26:30, localpref 100,
from 2.2.2.2
AS path: I
> to 10.0.13.3 via
ge-0/0/1.0, Push 299840, Push 299792(top)
On PE2
root@PE2> show route table
CUST-A2.inet.0
CUST-A2.inet.0: 2 destinations,
2 routes (2 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last
Active, * = Both
10.1.1.1/32 *[BGP/170] 00:28:26, localpref 100,
from 1.1.1.1
AS path: I
> to 10.0.23.3 via
ge-0/0/2.0, Push 299808, Push 299776(top)
10.2.2.2/32 *[Direct/0] 00:29:04
> via lo0.20
On PE1, you can see that the remote prefix 10.2.2.2/32 is
known via BGP and the outgoing interface is ge-0/0/1 towards P3
Let’s try to leak Customer B routes from PE2 to Customer
A present on PE1
root@PE1#
show policy-options policy-statement CUST-A1-IMPORT
term
1 {
from {
protocol bgp;
community CUSTA;
}
then accept;
}
term LEAK-FROM-PE2-CUSTB {
from {
community CUSTB;
}
then accept;
}
root@PE1#
show routing-instances CUST-A1
instance-type
vrf;
interface
lo0.20;
route-distinguisher
1:102;
vrf-import CUST-A1-IMPORT;
vrf-export
CUST-A1-EXPORT;
Let’s
check Customer A Routing Table on PE1
root@PE1> show route table cust-a
CUST-A1.inet.0: 3 destinations, 3 routes (3 active, 0 holddown,
0 hidden)
+ = Active Route, - = Last Active, * = Both
10.1.1.1/32
*[Direct/0] 00:39:22
>
via lo0.20
10.2.2.2/32
*[BGP/170] 00:39:22, localpref 100, from 2.2.2.2
AS path: I
>
to 10.0.13.3 via ge-0/0/1.0, Push 299840, Push 299792(top)
20.2.2.2/32
*[BGP/170] 00:02:59, localpref 100, from 2.2.2.2
AS path: I
> to 10.0.13.3 via ge-0/0/1.0, Push 299856, Push 299792(top)
You can
see now that Customer A can send Traffic to the remote branch of Customer B.
But what
about the Customer B local Branch on the same PE1 router, it has the exact same
Route Target Community like Customer B on PE2. Noting that I didn’t define a
certain protocol to import from which can be anything ( direct, bgp ..etc)
The
problem here is that Route Target Communities are put on the prefixes that are
being sent out to other routers, whilst they have no communities when they are
local, so the policy we applied earlier doesn’t apply to local prefixes of
Customer B. and that’s when the Auto-Export feature Kicks in. ( this is an
abstraction to avoid talking about how VRFs are being differentiated using RT
and RDs and how MPLS exchange them)
Internal
Route Leaking
JUNOS
has this wonderful feature called auto-export that can be used to exchange
prefixes between local VRFs. Let’s see how this works
This is
how it simply works, you configure auto-export under the routing-instance you
want to leak the routes FROM and then you import it on the routing instance you
want the leaked routes AT
root@PE1>
show configuration routing-instances CUST-B1
instance-type
vrf;
interface
lo0.30;
route-distinguisher
1:202;
vrf-import
CUST-B1-IMPORT;
vrf-export
CUST-B1-EXPORT;
routing-options {
auto-export;
}
policy-options
{
policy-statement CUST-A1-IMPORT {
term 1 {
from {
protocol bgp;
community CUSTA;
}
then accept;
}
term LEAK-FROM-PE2-CUSTB {
from {
protocol bgp;
community CUSTB;
}
then accept;
}
term
AUTOEXPORT-LOCAL-LEAKING {
from {
protocol
direct;
community
CUSTB;
}
then accept;
}
}
}
Now let’s
the routes of Customer A on PE1
root@PE1>
show route table cust-a
CUST-A1.inet.0:
4 destinations, 4 routes (4 active, 0 holddown, 0 hidden)
+
= Active Route, - = Last Active, * = Both
10.1.1.1/32 *[Direct/0] 01:01:46
> via lo0.20
10.2.2.2/32 *[BGP/170] 01:01:46, localpref 100,
from 2.2.2.2
AS path: I
> to 10.0.13.3 via
ge-0/0/1.0, Push 299840, Push 299792(top)
20.1.1.1/32 *[Direct/0]
00:07:00
> via lo0.30
20.2.2.2/32 *[BGP/170] 00:25:23, localpref 100,
from 2.2.2.2
AS path: I
> to 10.0.13.3 via
ge-0/0/1.0, Push 299856, Push 299792(top)
You can see now that Customer A1 can see Customer B1 routes
locally as a direct routes.
In the next and final part, we'll see how we can use Static Routes and Filter Based Forwarding to achieve route leaking
In the next and final part, we'll see how we can use Static Routes and Filter Based Forwarding to achieve route leaking
Another wonderful article.
ReplyDeleteThis is how Juniper wrote it:
https://www.juniper.net/documentation/en_US/release-independent/nce/topics/example/auto-export-configuring-verifying.html
But I manage to understand it only after reading your article.
Hi, i working on a project which requires to run two distinct BGP instants in a router(I am using Juniper SRX300 as router). Now i have created two distinct VRFs(ISP1 and ISP2). Now i want that my LAN network to be advertised on both ISPs network. But the challenge i am facing that I can only bind LAN interface on any one VRF at a time. Please suggest me some solution how I advertise my LAN routes to both ISPs.
ReplyDeletemaybe I'm not getting this right, but how many networks do you want to advertise to the ISP. By LAN interface you mean a single physical interface?
ReplyDeleteif that's the case, you can create a single VRF for internet ( ISPs ) and a single VRF for LAN then import/export route between these two tables as needed.
Very Good and Clear example. What I am missing here though, is do we nwws to configure "symmetrical" import/export policies for CUST-B? To have an end2end routing it will be nice to have the view from the other end as well.
ReplyDeleteGreat and I have a swell offer: House Renovation house renovation contractor
ReplyDelete