 |
| Overlay MPLS VPN |
The different instance routing table need to learn routing of each others,
Therefore routing import must among there, and this could be realize by configure routing table group.
As the following, vpn-a.inet.0 and vpn-b.inet.0 routing table was imported into vpn-ab.inet.0
root@Olive# show r1 routing-options
rib-groups {
vpn-a-ab {
import-rib [ vpn-a.inet.0 vpn-ab.inet.0 ];
}
vpn-b-ab {
import-rib [ vpn-b.inet.0 vpn-ab.inet.0 ];
}
vpn-a-b-ab {
import-rib [ vpn-ab.inet.0 vpn-a.inet.0 vpn-b.inet.0 ];
}
}
autonomous-system 100;
rib-groups {
vpn-a-ab {
import-rib [ vpn-a.inet.0 vpn-ab.inet.0 ];
}
vpn-b-ab {
import-rib [ vpn-b.inet.0 vpn-ab.inet.0 ];
}
vpn-a-b-ab {
import-rib [ vpn-ab.inet.0 vpn-a.inet.0 vpn-b.inet.0 ];
}
}
autonomous-system 100;
Next apply different rib-group to related routing-instance, here's the static route is used as the routing
between PE-CE. Different with general, although in this simulation have applyed rib-groups for import the routes from another instance, but need to create static route to another instance.
root@Olive# show r1 routing-instances
vpn-a {
instance-type vrf;
interface em1.16;
route-distinguisher 100:1;
vrf-import vpn-a-import;
vrf-export vpn-a-export;
vrf-table-label;
routing-options {
interface-routes {
rib-group inet vpn-a-ab;
}
static {
route 6.6.6.6/32 next-hop 192.168.16.6;
route 7.7.7.7/32 next-hop 192.168.17.7;
}
}
}
vpn-ab {
instance-type vrf;
interface em1.17;
route-distinguisher 100:3;
vrf-import vpn-ab-import;
vrf-export vpn-ab-export;
vrf-table-label;
routing-options {
interface-routes {
rib-group inet vpn-a-b-ab;
}
static {
route 6.6.6.6/32 next-hop 192.168.16.6;
route 7.7.7.7/32 next-hop 192.168.17.7;
route 8.8.8.8/32 next-hop 192.168.18.8;
}
}
}
vpn-b {
instance-type vrf;
interface em1.18;
route-distinguisher 100:2;
vrf-import vpn-b-import;
vrf-export vpn-b-export;
vrf-table-label;
routing-options {
interface-routes {
rib-group inet vpn-b-ab;
}
static {
route 7.7.7.7/32 next-hop 192.168.17.7;
route 8.8.8.8/32 next-hop 192.168.18.8;
}
}
}
vpn-a {
instance-type vrf;
interface em1.16;
route-distinguisher 100:1;
vrf-import vpn-a-import;
vrf-export vpn-a-export;
vrf-table-label;
routing-options {
interface-routes {
rib-group inet vpn-a-ab;
}
static {
route 6.6.6.6/32 next-hop 192.168.16.6;
route 7.7.7.7/32 next-hop 192.168.17.7;
}
}
}
vpn-ab {
instance-type vrf;
interface em1.17;
route-distinguisher 100:3;
vrf-import vpn-ab-import;
vrf-export vpn-ab-export;
vrf-table-label;
routing-options {
interface-routes {
rib-group inet vpn-a-b-ab;
}
static {
route 6.6.6.6/32 next-hop 192.168.16.6;
route 7.7.7.7/32 next-hop 192.168.17.7;
route 8.8.8.8/32 next-hop 192.168.18.8;
}
}
}
vpn-b {
instance-type vrf;
interface em1.18;
route-distinguisher 100:2;
vrf-import vpn-b-import;
vrf-export vpn-b-export;
vrf-table-label;
routing-options {
interface-routes {
rib-group inet vpn-b-ab;
}
static {
route 7.7.7.7/32 next-hop 192.168.17.7;
route 8.8.8.8/32 next-hop 192.168.18.8;
}
}
}
Commit configuration, and then check the route in R1 routing instance
root@Olive# run show route table vpn-a.inet.0 logical-system r1
vpn-a.inet.0: 8 destinations, 8 routes (8 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
4.4.4.4/32 *[BGP/170] 00:05:53, MED 1, localpref 100, from 2.2.2.2
AS path: I
> to 192.168.12.2 via em1.12, Push 16
6.6.6.6/32 *[Static/5] 00:06:57
> to 192.168.16.6 via em1.16
7.7.7.7/32 *[Static/5] 00:06:57
> to 192.168.17.7 via em1.17
192.168.16.0/24 *[Direct/0] 00:06:57
> via em1.16
192.168.16.1/32 *[Local/0] 00:06:57
Local via em1.16
192.168.17.0/24 *[Direct/0] 00:06:57
> via em1.17
192.168.17.1/32 *[Local/0] 00:06:57
Local via em1.17
192.168.24.0/24 *[BGP/170] 00:05:52, localpref 100, from 2.2.2.2
AS path: I
> to 192.168.12.2 via em1.12, Push 16
vpn-a.inet.0: 8 destinations, 8 routes (8 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
4.4.4.4/32 *[BGP/170] 00:05:53, MED 1, localpref 100, from 2.2.2.2
AS path: I
> to 192.168.12.2 via em1.12, Push 16
6.6.6.6/32 *[Static/5] 00:06:57
> to 192.168.16.6 via em1.16
7.7.7.7/32 *[Static/5] 00:06:57
> to 192.168.17.7 via em1.17
192.168.16.0/24 *[Direct/0] 00:06:57
> via em1.16
192.168.16.1/32 *[Local/0] 00:06:57
Local via em1.16
192.168.17.0/24 *[Direct/0] 00:06:57
> via em1.17
192.168.17.1/32 *[Local/0] 00:06:57
Local via em1.17
192.168.24.0/24 *[BGP/170] 00:05:52, localpref 100, from 2.2.2.2
AS path: I
> to 192.168.12.2 via em1.12, Push 16
root@Olive# run show route table vpn-ab.inet.0 logical-system r1
vpn-ab.inet.0: 13 destinations, 13 routes (13 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
4.4.4.4/32 *[BGP/170] 00:06:13, MED 1, localpref 100, from 2.2.2.2
AS path: I
> to 192.168.12.2 via em1.12, Push 16
5.5.5.5/32 *[BGP/170] 00:06:12, MED 1, localpref 100, from 3.3.3.3
AS path: I
> to 192.168.13.3 via em1.13, Push 16
6.6.6.6/32 *[Static/5] 00:07:17
> to 192.168.16.6 via em1.16
7.7.7.7/32 *[Static/5] 00:07:17
> to 192.168.17.7 via em1.17
8.8.8.8/32 *[Static/5] 00:07:17
> to 192.168.18.8 via em1.18
192.168.16.0/24 *[Direct/0] 00:07:17
> via em1.16
192.168.16.1/32 *[Local/0] 00:07:17
Local via em1.16
192.168.17.0/24 *[Direct/0] 00:07:17
> via em1.17
192.168.17.1/32 *[Local/0] 00:07:17
Local via em1.17
192.168.18.0/24 *[Direct/0] 00:07:17
> via em1.18
192.168.18.1/32 *[Local/0] 00:07:17
Local via em1.18
192.168.24.0/24 *[BGP/170] 00:06:12, localpref 100, from 2.2.2.2
AS path: I
> to 192.168.12.2 via em1.12, Push 16
192.168.35.0/24 *[BGP/170] 00:06:12, localpref 100, from 3.3.3.3
AS path: I
> to 192.168.13.3 via em1.13, Push 16
vpn-ab.inet.0: 13 destinations, 13 routes (13 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
4.4.4.4/32 *[BGP/170] 00:06:13, MED 1, localpref 100, from 2.2.2.2
AS path: I
> to 192.168.12.2 via em1.12, Push 16
5.5.5.5/32 *[BGP/170] 00:06:12, MED 1, localpref 100, from 3.3.3.3
AS path: I
> to 192.168.13.3 via em1.13, Push 16
6.6.6.6/32 *[Static/5] 00:07:17
> to 192.168.16.6 via em1.16
7.7.7.7/32 *[Static/5] 00:07:17
> to 192.168.17.7 via em1.17
8.8.8.8/32 *[Static/5] 00:07:17
> to 192.168.18.8 via em1.18
192.168.16.0/24 *[Direct/0] 00:07:17
> via em1.16
192.168.16.1/32 *[Local/0] 00:07:17
Local via em1.16
192.168.17.0/24 *[Direct/0] 00:07:17
> via em1.17
192.168.17.1/32 *[Local/0] 00:07:17
Local via em1.17
192.168.18.0/24 *[Direct/0] 00:07:17
> via em1.18
192.168.18.1/32 *[Local/0] 00:07:17
Local via em1.18
192.168.24.0/24 *[BGP/170] 00:06:12, localpref 100, from 2.2.2.2
AS path: I
> to 192.168.12.2 via em1.12, Push 16
192.168.35.0/24 *[BGP/170] 00:06:12, localpref 100, from 3.3.3.3
AS path: I
> to 192.168.13.3 via em1.13, Push 16
root@Olive# run show route table vpn-b.inet.0 logical-system r1
vpn-b.inet.0: 8 destinations, 8 routes (8 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
5.5.5.5/32 *[BGP/170] 00:06:23, MED 1, localpref 100, from 3.3.3.3
AS path: I
> to 192.168.13.3 via em1.13, Push 16
7.7.7.7/32 *[Static/5] 00:07:28
> to 192.168.17.7 via em1.17
8.8.8.8/32 *[Static/5] 00:07:28
> to 192.168.18.8 via em1.18
192.168.17.0/24 *[Direct/0] 00:07:28
> via em1.17
192.168.17.1/32 *[Local/0] 00:07:28
Local via em1.17
192.168.18.0/24 *[Direct/0] 00:07:28
> via em1.18
192.168.18.1/32 *[Local/0] 00:07:28
Local via em1.18
192.168.35.0/24 *[BGP/170] 00:06:23, localpref 100, from 3.3.3.3
AS path: I
> to 192.168.13.3 via em1.13, Push 16
vpn-b.inet.0: 8 destinations, 8 routes (8 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
5.5.5.5/32 *[BGP/170] 00:06:23, MED 1, localpref 100, from 3.3.3.3
AS path: I
> to 192.168.13.3 via em1.13, Push 16
7.7.7.7/32 *[Static/5] 00:07:28
> to 192.168.17.7 via em1.17
8.8.8.8/32 *[Static/5] 00:07:28
> to 192.168.18.8 via em1.18
192.168.17.0/24 *[Direct/0] 00:07:28
> via em1.17
192.168.17.1/32 *[Local/0] 00:07:28
Local via em1.17
192.168.18.0/24 *[Direct/0] 00:07:28
> via em1.18
192.168.18.1/32 *[Local/0] 00:07:28
Local via em1.18
192.168.35.0/24 *[BGP/170] 00:06:23, localpref 100, from 3.3.3.3
AS path: I
> to 192.168.13.3 via em1.13, Push 16
From above results, vpn-a and vpn-b has learnd the routing of 7.7.7.7/32, and vpn-ab also has learn the routing item of 6.6.6.6/32 of vpn-a and 8.8.8.8/32 of vpn-b.
In the same way, the instance of r2 and r3 can learn the 7.7.7.7/32 routing items that was belong to
instance vpn-ab.
root@Olive# run show route table vpn-a.inet.0 logical-system r2
vpn-a.inet.0: 8 destinations, 8 routes (8 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
4.4.4.4/32 *[OSPF/10] 00:09:51, metric 1
> to 192.168.24.4 via em2.24
6.6.6.6/32 *[BGP/170] 00:09:32, localpref 100, from 1.1.1.1
AS path: I
> to 192.168.12.1 via em2.12, Push 16
7.7.7.7/32 *[BGP/170] 00:09:31, localpref 100, from 1.1.1.1
AS path: I
> to 192.168.12.1 via em2.12, Push 17
192.168.16.0/24 *[BGP/170] 00:09:32, localpref 100, from 1.1.1.1
AS path: I
> to 192.168.12.1 via em2.12, Push 16
192.168.17.0/24 *[BGP/170] 00:09:31, localpref 100, from 1.1.1.1
AS path: I
> to 192.168.12.1 via em2.12, Push 17
192.168.24.0/24 *[Direct/0] 00:10:36
> via em2.24
192.168.24.2/32 *[Local/0] 00:10:36
Local via em2.24
224.0.0.5/32 *[OSPF/10] 00:10:44, metric 1
MultiRecv
vpn-a.inet.0: 8 destinations, 8 routes (8 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
4.4.4.4/32 *[OSPF/10] 00:09:51, metric 1
> to 192.168.24.4 via em2.24
6.6.6.6/32 *[BGP/170] 00:09:32, localpref 100, from 1.1.1.1
AS path: I
> to 192.168.12.1 via em2.12, Push 16
7.7.7.7/32 *[BGP/170] 00:09:31, localpref 100, from 1.1.1.1
AS path: I
> to 192.168.12.1 via em2.12, Push 17
192.168.16.0/24 *[BGP/170] 00:09:32, localpref 100, from 1.1.1.1
AS path: I
> to 192.168.12.1 via em2.12, Push 16
192.168.17.0/24 *[BGP/170] 00:09:31, localpref 100, from 1.1.1.1
AS path: I
> to 192.168.12.1 via em2.12, Push 17
192.168.24.0/24 *[Direct/0] 00:10:36
> via em2.24
192.168.24.2/32 *[Local/0] 00:10:36
Local via em2.24
224.0.0.5/32 *[OSPF/10] 00:10:44, metric 1
MultiRecv
root@Olive# run show route table vpn-b.inet.0 logical-system r3
vpn-b.inet.0: 8 destinations, 8 routes (8 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
5.5.5.5/32 *[OSPF/10] 00:11:27, metric 1
> to 192.168.35.5 via em2.35
7.7.7.7/32 *[BGP/170] 00:11:07, localpref 100, from 1.1.1.1
AS path: I
> to 192.168.13.1 via em2.13, Push 17
8.8.8.8/32 *[BGP/170] 00:11:07, localpref 100, from 1.1.1.1
AS path: I
> to 192.168.13.1 via em2.13, Push 18
192.168.17.0/24 *[BGP/170] 00:11:07, localpref 100, from 1.1.1.1
AS path: I
> to 192.168.13.1 via em2.13, Push 17
192.168.18.0/24 *[BGP/170] 00:11:07, localpref 100, from 1.1.1.1
AS path: I
> to 192.168.13.1 via em2.13, Push 18
192.168.35.0/24 *[Direct/0] 00:12:12
> via em2.35
192.168.35.3/32 *[Local/0] 00:12:12
Local via em2.35
224.0.0.5/32 *[OSPF/10] 00:12:20, metric 1
MultiRecv
vpn-b.inet.0: 8 destinations, 8 routes (8 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
5.5.5.5/32 *[OSPF/10] 00:11:27, metric 1
> to 192.168.35.5 via em2.35
7.7.7.7/32 *[BGP/170] 00:11:07, localpref 100, from 1.1.1.1
AS path: I
> to 192.168.13.1 via em2.13, Push 17
8.8.8.8/32 *[BGP/170] 00:11:07, localpref 100, from 1.1.1.1
AS path: I
> to 192.168.13.1 via em2.13, Push 18
192.168.17.0/24 *[BGP/170] 00:11:07, localpref 100, from 1.1.1.1
AS path: I
> to 192.168.13.1 via em2.13, Push 17
192.168.18.0/24 *[BGP/170] 00:11:07, localpref 100, from 1.1.1.1
AS path: I
> to 192.168.13.1 via em2.13, Push 18
192.168.35.0/24 *[Direct/0] 00:12:12
> via em2.35
192.168.35.3/32 *[Local/0] 00:12:12
Local via em2.35
224.0.0.5/32 *[OSPF/10] 00:12:20, metric 1
MultiRecv
The CE customer of r2 also can learn the routing of vpn-ab. Because it’s OSPF external route, so it
has the tag.
root@Olive# run show route protocol ospf logical-system r4
inet.0: 8 destinations, 8 routes (8 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
6.6.6.6/32 *[OSPF/150] 00:12:06, metric 0, tag 3489661028
> to 192.168.24.2 via em1.24
7.7.7.7/32 *[OSPF/150] 00:12:06, metric 0, tag 3489661028
> to 192.168.24.2 via em1.24
192.168.16.0/24 *[OSPF/150] 00:12:06, metric 0, tag 3489661028
> to 192.168.24.2 via em1.24
192.168.17.0/24 *[OSPF/150] 00:12:06, metric 0, tag 3489661028
> to 192.168.24.2 via em1.24
224.0.0.5/32 *[OSPF/10] 00:13:23, metric 1
MultiRecv
inet.0: 8 destinations, 8 routes (8 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
6.6.6.6/32 *[OSPF/150] 00:12:06, metric 0, tag 3489661028
> to 192.168.24.2 via em1.24
7.7.7.7/32 *[OSPF/150] 00:12:06, metric 0, tag 3489661028
> to 192.168.24.2 via em1.24
192.168.16.0/24 *[OSPF/150] 00:12:06, metric 0, tag 3489661028
> to 192.168.24.2 via em1.24
192.168.17.0/24 *[OSPF/150] 00:12:06, metric 0, tag 3489661028
> to 192.168.24.2 via em1.24
224.0.0.5/32 *[OSPF/10] 00:13:23, metric 1
MultiRecv
root@Olive# run show route protocol ospf logical-system r5
inet.0: 8 destinations, 8 routes (8 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
7.7.7.7/32 *[OSPF/150] 00:12:48, metric 0, tag 3489661028
> to 192.168.35.3 via em1.35
8.8.8.8/32 *[OSPF/150] 00:12:48, metric 0, tag 3489661028
> to 192.168.35.3 via em1.35
192.168.17.0/24 *[OSPF/150] 00:12:48, metric 0, tag 3489661028
> to 192.168.35.3 via em1.35
192.168.18.0/24 *[OSPF/150] 00:12:48, metric 0, tag 3489661028
> to 192.168.35.3 via em1.35
224.0.0.5/32 *[OSPF/10] 00:14:06, metric 1
MultiRecv
inet.0: 8 destinations, 8 routes (8 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
7.7.7.7/32 *[OSPF/150] 00:12:48, metric 0, tag 3489661028
> to 192.168.35.3 via em1.35
8.8.8.8/32 *[OSPF/150] 00:12:48, metric 0, tag 3489661028
> to 192.168.35.3 via em1.35
192.168.17.0/24 *[OSPF/150] 00:12:48, metric 0, tag 3489661028
> to 192.168.35.3 via em1.35
192.168.18.0/24 *[OSPF/150] 00:12:48, metric 0, tag 3489661028
> to 192.168.35.3 via em1.35
224.0.0.5/32 *[OSPF/10] 00:14:06, metric 1
MultiRecv
Check R2 label and next-hop to 7.7.7.7/32
root@Olive# run show route 7.7.7.7/32 logical-system r2 detail | match "label|Protocol next hop"
Label operation: Push 17
Label TTL action: prop-ttl
Protocol next hop: 1.1.1.1
VPN Label: 17
Label operation: Push 17
Label TTL action: prop-ttl
Protocol next hop: 1.1.1.1
VPN Label: 17
Label operation: Push 17
Label TTL action: prop-ttl
Protocol next hop: 1.1.1.1
VPN Label: 17
Label operation: Push 17
Label TTL action: prop-ttl
Protocol next hop: 1.1.1.1
VPN Label: 17
From above, can see that r2 forward label l7 to next hop r1 directly as r2 and r1 is connected
directly. There is just one VPN label here and the out-lable was poped as its destination is 1.1.1.1.
R1 will pop the label and forward into vpn-ab.inet.0 once it received VPN label
root@Olive# run show route label 17 logical-system r1
mpls.0: 10 destinations, 10 routes (10 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
17 *[VPN/0] 00:17:26
to table vpn-ab.inet.0, Pop
mpls.0: 10 destinations, 10 routes (10 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
17 *[VPN/0] 00:17:26
to table vpn-ab.inet.0, Pop
So R4 and R5 can reach to 7.7.7.7
root@Olive# run ping 7.7.7.7 logical-system r4 source 4.4.4.4 rapid
PING 7.7.7.7 (7.7.7.7): 56 data bytes
!!!!!
--- 7.7.7.7 ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max/stddev = 2.031/5.524/15.461/5.169 ms
root@Olive# run ping 7.7.7.7 logical-system r5 source 5.5.5.5 rapid
PING 7.7.7.7 (7.7.7.7): 56 data bytes
!!!!!
--- 7.7.7.7 ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max/stddev = 2.598/3.563/4.043/0.502 ms
PING 7.7.7.7 (7.7.7.7): 56 data bytes
!!!!!
--- 7.7.7.7 ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max/stddev = 2.031/5.524/15.461/5.169 ms
root@Olive# run ping 7.7.7.7 logical-system r5 source 5.5.5.5 rapid
PING 7.7.7.7 (7.7.7.7): 56 data bytes
!!!!!
--- 7.7.7.7 ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max/stddev = 2.598/3.563/4.043/0.502 ms
So R6 and R8 can reach to 7.7.7.7
root@Olive# run ping 7.7.7.7 logical-system r6 source 6.6.6.6 rapid
PING 7.7.7.7 (7.7.7.7): 56 data bytes
!!!!!
--- 7.7.7.7 ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max/stddev = 1.872/2.576/3.148/0.468 ms
root@Olive# run ping 7.7.7.7 logical-system r8 source 8.8.8.8 rapid
PING 7.7.7.7 (7.7.7.7): 56 data bytes
!!!!!
--- 7.7.7.7 ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max/stddev = 1.459/2.442/3.564/0.706 ms
PING 7.7.7.7 (7.7.7.7): 56 data bytes
!!!!!
--- 7.7.7.7 ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max/stddev = 1.872/2.576/3.148/0.468 ms
root@Olive# run ping 7.7.7.7 logical-system r8 source 8.8.8.8 rapid
PING 7.7.7.7 (7.7.7.7): 56 data bytes
!!!!!
--- 7.7.7.7 ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max/stddev = 1.459/2.442/3.564/0.706 ms
Next test the BGP protocol between PE-CE. As the following, The static key wards of the policy that
defined before should be replaced by bgp.
defined before should be replaced by bgp.
root@Olive# show r1 policy-options
policy-statement vpn-a-export {
term 1 {
from {
protocol [ static direct ];
interface em1.16;
}
then {
community add vpn-a;
accept;
}
}
term 2 {
then reject;
}
}
policy-statement vpn-a-import {
term 1 {
from {
protocol bgp;
community vpn-a;
}
then accept;
}
term 2 {
then reject;
}
}
policy-statement vpn-ab-export {
term 1 {
from {
protocol [ static direct ];
interface em1.17;
}
then {
community add vpn-a;
community add vpn-b;
accept;
}
}
term 2 {
then reject;
}
}
policy-statement vpn-ab-import {
term 1 {
from {
protocol bgp;
community [ vpn-a vpn-b ];
}
then accept;
}
term 2 {
then reject;
}
}
policy-statement vpn-b-export {
term 1 {
from {
protocol [ static direct ];
interface em1.18;
}
then {
community add vpn-b;
accept;
}
}
term 2 {
then reject;
}
}
policy-statement vpn-b-import {
term 1 {
from {
protocol bgp;
community vpn-b;
}
then accept;
}
term 2 {
then reject;
}
}
community vpn-a members target:100:1;
community vpn-b members target:100:2;
policy-statement vpn-a-export {
term 1 {
from {
protocol [ static direct ];
interface em1.16;
}
then {
community add vpn-a;
accept;
}
}
term 2 {
then reject;
}
}
policy-statement vpn-a-import {
term 1 {
from {
protocol bgp;
community vpn-a;
}
then accept;
}
term 2 {
then reject;
}
}
policy-statement vpn-ab-export {
term 1 {
from {
protocol [ static direct ];
interface em1.17;
}
then {
community add vpn-a;
community add vpn-b;
accept;
}
}
term 2 {
then reject;
}
}
policy-statement vpn-ab-import {
term 1 {
from {
protocol bgp;
community [ vpn-a vpn-b ];
}
then accept;
}
term 2 {
then reject;
}
}
policy-statement vpn-b-export {
term 1 {
from {
protocol [ static direct ];
interface em1.18;
}
then {
community add vpn-b;
accept;
}
}
term 2 {
then reject;
}
}
policy-statement vpn-b-import {
term 1 {
from {
protocol bgp;
community vpn-b;
}
then accept;
}
term 2 {
then reject;
}
}
community vpn-a members target:100:1;
community vpn-b members target:100:2;
Meanwhile, the default routing configured before should be deleted too. Then configure BGP routing
protocol, redistribute routes into BGP.
root@Olive# show r6 protocols bgp
group ebgp {
type external;
export to-ebgp;
neighbor 192.168.16.1 {
peer-as 100;
}
}
root@Olive# show r7 protocols bgp
group ebgp {
type external;
export to-ebgp;
neighbor 192.168.17.1 {
peer-as 100;
}
}
root@Olive# show r8 protocols bgp
group ebgp {
type external;
export to-ebgp;
neighbor 192.168.18.1 {
peer-as 100;
}
}
group ebgp {
type external;
export to-ebgp;
neighbor 192.168.16.1 {
peer-as 100;
}
}
root@Olive# show r7 protocols bgp
group ebgp {
type external;
export to-ebgp;
neighbor 192.168.17.1 {
peer-as 100;
}
}
root@Olive# show r8 protocols bgp
group ebgp {
type external;
export to-ebgp;
neighbor 192.168.18.1 {
peer-as 100;
}
}
Change R1 routing-instance protocol to BGP
root@Olive# show r1 routing-instances
vpn-a {
instance-type vrf;
interface em1.16;
route-distinguisher 100:1;
vrf-import vpn-a-import;
vrf-export vpn-a-export;
vrf-table-label;
protocols {
bgp {
group ebgp-r6 {
type external;
family inet {
unicast {
rib-group vpn-a-ab;
}
}
neighbor 192.168.16.6 {
peer-as 600;
}
}
}
}
}
vpn-ab {
instance-type vrf;
interface em1.17;
route-distinguisher 100:3;
vrf-import vpn-ab-import;
vrf-export vpn-ab-export;
vrf-table-label;
protocols {
bgp {
group ebgp-r7 {
type external;
family inet {
unicast {
rib-group vpn-a-b-ab;
}
}
neighbor 192.168.17.7 {
peer-as 700;
}
}
}
}
}
vpn-b {
instance-type vrf;
interface em1.18;
route-distinguisher 100:2;
vrf-import vpn-b-import;
vrf-export vpn-b-export;
vrf-table-label;
protocols {
bgp {
group ebgp-r8 {
type external;
family inet {
unicast {
rib-group vpn-b-ab;
}
}
neighbor 192.168.18.8 {
peer-as 800;
}
}
}
}
}
vpn-a {
instance-type vrf;
interface em1.16;
route-distinguisher 100:1;
vrf-import vpn-a-import;
vrf-export vpn-a-export;
vrf-table-label;
protocols {
bgp {
group ebgp-r6 {
type external;
family inet {
unicast {
rib-group vpn-a-ab;
}
}
neighbor 192.168.16.6 {
peer-as 600;
}
}
}
}
}
vpn-ab {
instance-type vrf;
interface em1.17;
route-distinguisher 100:3;
vrf-import vpn-ab-import;
vrf-export vpn-ab-export;
vrf-table-label;
protocols {
bgp {
group ebgp-r7 {
type external;
family inet {
unicast {
rib-group vpn-a-b-ab;
}
}
neighbor 192.168.17.7 {
peer-as 700;
}
}
}
}
}
vpn-b {
instance-type vrf;
interface em1.18;
route-distinguisher 100:2;
vrf-import vpn-b-import;
vrf-export vpn-b-export;
vrf-table-label;
protocols {
bgp {
group ebgp-r8 {
type external;
family inet {
unicast {
rib-group vpn-b-ab;
}
}
neighbor 192.168.18.8 {
peer-as 800;
}
}
}
}
}
Commit configuration and then ping 7.7.7.7 in CE R4
root@Olive# run ping 7.7.7.7 logical-system r4 source 4.4.4.4 rapid
PING 7.7.7.7 (7.7.7.7): 56 data bytes
!!!!!
--- 7.7.7.7 ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max/stddev = 1.417/5.784/19.674/7.045 ms
root@Olive# run ping 7.7.7.7 logical-system r6 source 6.6.6.6 rapid
PING 7.7.7.7 (7.7.7.7): 56 data bytes
!!!!!
--- 7.7.7.7 ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max/stddev = 1.439/1.820/2.330/0.340 ms
root@Olive# run ping 7.7.7.7 logical-system r5 source 5.5.5.5 rapid
PING 7.7.7.7 (7.7.7.7): 56 data bytes
!!!!!
--- 7.7.7.7 ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max/stddev = 1.256/1.506/1.734/0.157 ms
root@Olive# run ping 7.7.7.7 logical-system r8 source 8.8.8.8 rapid
PING 7.7.7.7 (7.7.7.7): 56 data bytes
!!!!!
--- 7.7.7.7 ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max/stddev = 1.562/2.183/2.874/0.452 ms
PING 7.7.7.7 (7.7.7.7): 56 data bytes
!!!!!
--- 7.7.7.7 ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max/stddev = 1.417/5.784/19.674/7.045 ms
root@Olive# run ping 7.7.7.7 logical-system r6 source 6.6.6.6 rapid
PING 7.7.7.7 (7.7.7.7): 56 data bytes
!!!!!
--- 7.7.7.7 ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max/stddev = 1.439/1.820/2.330/0.340 ms
root@Olive# run ping 7.7.7.7 logical-system r5 source 5.5.5.5 rapid
PING 7.7.7.7 (7.7.7.7): 56 data bytes
!!!!!
--- 7.7.7.7 ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max/stddev = 1.256/1.506/1.734/0.157 ms
root@Olive# run ping 7.7.7.7 logical-system r8 source 8.8.8.8 rapid
PING 7.7.7.7 (7.7.7.7): 56 data bytes
!!!!!
--- 7.7.7.7 ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max/stddev = 1.562/2.183/2.874/0.452 ms
Below is the limit when use the routing table group.
Complicated configuration. There should define one routing table group for per routing-instance in order to import route conveniently. (In above simulation, there defined a rib-group for per instance )
There should define one routing table group for per protocol in order to import routing. (In above simulation, there configured rib-group under static and BGP in routing instance.)
In order to breakthrough above limit, the JUNOS routing auto-export feature can be used.
It will check the exsitent policy and determine which routing table will import or export routing.
And import or export routing according to the specified value of RT community.
There is no need to define rib-groups after enable auto export. So the rib-groups should be deleted on r1 and delete the rib-group under the routing-instance protocol as well.
root@Olive# show r1 routing-options
rib-groups {
vpn-a-ab {
import-rib [ vpn-a.inet.0 vpn-ab.inet.0 ];
}
vpn-b-ab {
import-rib [ vpn-b.inet.0 vpn-ab.inet.0 ];
}
vpn-a-b-ab {
import-rib [ vpn-ab.inet.0 vpn-a.inet.0 vpn-b.inet.0 ];
}
}
root@Olive# delete r1 routing-options rib-groups
Next just enable auto-export under instance, and there is just need the basic configuration under protocols.
root@Olive# show r1 routing-instances
vpn-a {
instance-type vrf;
interface em1.16;
route-distinguisher 100:1;
vrf-import vpn-a-import;
vrf-export vpn-a-export;
vrf-table-label;
routing-options {
auto-export;
}
protocols {
bgp {
group ebgp-r6 {
type external;
neighbor 192.168.16.6 {
peer-as 600;
}
}
}
}
}
vpn-ab {
instance-type vrf;
interface em1.17;
route-distinguisher 100:3;
vrf-import vpn-ab-import;
vrf-export vpn-ab-export;
vrf-table-label;
routing-options {
auto-export;
}
protocols {
bgp {
group ebgp-r7 {
type external;
neighbor 192.168.17.7 {
peer-as 700;
}
}
}
}
}
vpn-b {
instance-type vrf;
interface em1.18;
route-distinguisher 100:2;
vrf-import vpn-b-import;
vrf-export vpn-b-export;
vrf-table-label;
routing-options {
auto-export;
}
protocols {
bgp {
group ebgp-r8 {
type external;
neighbor 192.168.18.8 {
peer-as 800;
}
}
}
}
}
vpn-a {
instance-type vrf;
interface em1.16;
route-distinguisher 100:1;
vrf-import vpn-a-import;
vrf-export vpn-a-export;
vrf-table-label;
routing-options {
auto-export;
}
protocols {
bgp {
group ebgp-r6 {
type external;
neighbor 192.168.16.6 {
peer-as 600;
}
}
}
}
}
vpn-ab {
instance-type vrf;
interface em1.17;
route-distinguisher 100:3;
vrf-import vpn-ab-import;
vrf-export vpn-ab-export;
vrf-table-label;
routing-options {
auto-export;
}
protocols {
bgp {
group ebgp-r7 {
type external;
neighbor 192.168.17.7 {
peer-as 700;
}
}
}
}
}
vpn-b {
instance-type vrf;
interface em1.18;
route-distinguisher 100:2;
vrf-import vpn-b-import;
vrf-export vpn-b-export;
vrf-table-label;
routing-options {
auto-export;
}
protocols {
bgp {
group ebgp-r8 {
type external;
neighbor 192.168.18.8 {
peer-as 800;
}
}
}
}
}
After running that configuration, the route will be exchange in each instance. So CE of vpn-a and vpn-b will learn the routing item 7.7.7.7/32 in vpn-ab.
root@Olive# run show route protocol bgp logical-system r6
inet.0: 6 destinations, 6 routes (6 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
4.4.4.4/32 *[BGP/170] 00:00:20, localpref 100
AS path: 100 I
> to 192.168.16.1 via em2.16
7.7.7.7/32 *[BGP/170] 00:00:57, localpref 100
AS path: 100 700 I
> to 192.168.16.1 via em2.16
192.168.24.0/24 *[BGP/170] 00:00:20, localpref 100
AS path: 100 I
> to 192.168.16.1 via em2.16
root@Olive# run show route protocol bgp logical-system r8
inet.0: 6 destinations, 6 routes (6 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
5.5.5.5/32 *[BGP/170] 00:00:24, localpref 100
AS path: 100 I
> to 192.168.18.1 via em2.18
7.7.7.7/32 *[BGP/170] 00:01:05, localpref 100
AS path: 100 700 I
> to 192.168.18.1 via em2.18
192.168.35.0/24 *[BGP/170] 00:00:24, localpref 100
AS path: 100 I
> to 192.168.18.1 via em2.18
inet.0: 6 destinations, 6 routes (6 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
4.4.4.4/32 *[BGP/170] 00:00:20, localpref 100
AS path: 100 I
> to 192.168.16.1 via em2.16
7.7.7.7/32 *[BGP/170] 00:00:57, localpref 100
AS path: 100 700 I
> to 192.168.16.1 via em2.16
192.168.24.0/24 *[BGP/170] 00:00:20, localpref 100
AS path: 100 I
> to 192.168.16.1 via em2.16
root@Olive# run show route protocol bgp logical-system r8
inet.0: 6 destinations, 6 routes (6 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
5.5.5.5/32 *[BGP/170] 00:00:24, localpref 100
AS path: 100 I
> to 192.168.18.1 via em2.18
7.7.7.7/32 *[BGP/170] 00:01:05, localpref 100
AS path: 100 700 I
> to 192.168.18.1 via em2.18
192.168.35.0/24 *[BGP/170] 00:00:24, localpref 100
AS path: 100 I
> to 192.168.18.1 via em2.18
root@Olive# run ping 7.7.7.7 logical-system r4 source 4.4.4.4 rapid
PING 7.7.7.7 (7.7.7.7): 56 data bytes
!!!!!
--- 7.7.7.7 ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max/stddev = 2.265/4.622/8.157/1.996 ms
root@Olive# run ping 7.7.7.7 logical-system r5 source 5.5.5.5 rapid
PING 7.7.7.7 (7.7.7.7): 56 data bytes
!!!!!
--- 7.7.7.7 ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max/stddev = 2.424/3.051/3.609/0.492 ms
root@Olive# run ping 7.7.7.7 logical-system r6 source 6.6.6.6 rapid
PING 7.7.7.7 (7.7.7.7): 56 data bytes
!!!!!
--- 7.7.7.7 ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max/stddev = 1.390/1.667/2.008/0.253 ms
root@Olive# run ping 7.7.7.7 logical-system r8 source 8.8.8.8 rapid
PING 7.7.7.7 (7.7.7.7): 56 data bytes
!!!!!
--- 7.7.7.7 ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max/stddev = 1.252/3.330/7.172/2.064 ms
PING 7.7.7.7 (7.7.7.7): 56 data bytes
!!!!!
--- 7.7.7.7 ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max/stddev = 2.265/4.622/8.157/1.996 ms
root@Olive# run ping 7.7.7.7 logical-system r5 source 5.5.5.5 rapid
PING 7.7.7.7 (7.7.7.7): 56 data bytes
!!!!!
--- 7.7.7.7 ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max/stddev = 2.424/3.051/3.609/0.492 ms
root@Olive# run ping 7.7.7.7 logical-system r6 source 6.6.6.6 rapid
PING 7.7.7.7 (7.7.7.7): 56 data bytes
!!!!!
--- 7.7.7.7 ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max/stddev = 1.390/1.667/2.008/0.253 ms
root@Olive# run ping 7.7.7.7 logical-system r8 source 8.8.8.8 rapid
PING 7.7.7.7 (7.7.7.7): 56 data bytes
!!!!!
--- 7.7.7.7 ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max/stddev = 1.252/3.330/7.172/2.064 ms
auto-export also can be configured for all the VRF instance, in this way all the auto-export
command under routing-instance could be deleted
[edit logical-systems r1 routing-instances]
root@Olive# delete vpn-a routing-options auto-export
root@Olive# delete vpn-a routing-options auto-export
[edit logical-systems r1 routing-instances]
root@Olive# delete vpn-ab routing-options auto-export
[edit logical-systems r1 routing-instances]
root@Olive# delete vpn-b routing-options auto-export
[edit]
root@Olive# show groups
vrf-export-all {
logical-systems {
<*> {
routing-instances {
<*> {
routing-options {
auto-export;
}
}
}
}
}
}
root@Olive# show groups
vrf-export-all {
logical-systems {
<*> {
routing-instances {
<*> {
routing-options {
auto-export;
}
}
}
}
}
}
[edit]
root@Olive# set apply-groups vrf-export-all
root@Olive# set apply-groups vrf-export-all
root@Olive# run show configuration logical-systems r1 routing-instances | display inheritance
vpn-a {
instance-type vrf;
interface em1.16;
route-distinguisher 100:1;
vrf-import vpn-a-import;
vrf-export vpn-a-export;
vrf-table-label;
##
## 'routing-options' was inherited from group 'vrf-export-all'
##
routing-options {
##
## 'auto-export' was inherited from group 'vrf-export-all'
##
auto-export;
}
protocols {
bgp {
group ebgp-r6 {
type external;
neighbor 192.168.16.6 {
peer-as 600;
}
}
}
}
}
vpn-ab {
instance-type vrf;
interface em1.17;
route-distinguisher 100:3;
vrf-import vpn-ab-import;
vrf-export vpn-ab-export;
vrf-table-label;
##
## 'routing-options' was inherited from group 'vrf-export-all'
##
routing-options {
##
## 'auto-export' was inherited from group 'vrf-export-all'
##
auto-export;
}
protocols {
bgp {
group ebgp-r7 {
type external;
neighbor 192.168.17.7 {
peer-as 700;
}
}
}
}
}
vpn-b {
instance-type vrf;
interface em1.18;
route-distinguisher 100:2;
vrf-import vpn-b-import;
vrf-export vpn-b-export;
vrf-table-label;
##
## 'routing-options' was inherited from group 'vrf-export-all'
##
routing-options {
##
## 'auto-export' was inherited from group 'vrf-export-all'
##
auto-export;
}
protocols {
bgp {
group ebgp-r8 {
type external;
neighbor 192.168.18.8 {
peer-as 800;
}
}
}
}
}
vpn-a {
instance-type vrf;
interface em1.16;
route-distinguisher 100:1;
vrf-import vpn-a-import;
vrf-export vpn-a-export;
vrf-table-label;
##
## 'routing-options' was inherited from group 'vrf-export-all'
##
routing-options {
##
## 'auto-export' was inherited from group 'vrf-export-all'
##
auto-export;
}
protocols {
bgp {
group ebgp-r6 {
type external;
neighbor 192.168.16.6 {
peer-as 600;
}
}
}
}
}
vpn-ab {
instance-type vrf;
interface em1.17;
route-distinguisher 100:3;
vrf-import vpn-ab-import;
vrf-export vpn-ab-export;
vrf-table-label;
##
## 'routing-options' was inherited from group 'vrf-export-all'
##
routing-options {
##
## 'auto-export' was inherited from group 'vrf-export-all'
##
auto-export;
}
protocols {
bgp {
group ebgp-r7 {
type external;
neighbor 192.168.17.7 {
peer-as 700;
}
}
}
}
}
vpn-b {
instance-type vrf;
interface em1.18;
route-distinguisher 100:2;
vrf-import vpn-b-import;
vrf-export vpn-b-export;
vrf-table-label;
##
## 'routing-options' was inherited from group 'vrf-export-all'
##
routing-options {
##
## 'auto-export' was inherited from group 'vrf-export-all'
##
auto-export;
}
protocols {
bgp {
group ebgp-r8 {
type external;
neighbor 192.168.18.8 {
peer-as 800;
}
}
}
}
}
