Routing

last person joined: 23 hours ago 

Ask questions and share experiences about ACX Series, CTP Series, MX Series, PTX Series, SSR Series, JRR Series, and all things routing, including portfolios and protocols.
  • 1.  VPN Multihoming CPE + Site of Origin

    Posted 11-18-2010 06:59

    Hi,

     

    Topology are 4x VPN sites using PE-CPE eBGP + same private AS number and as-override functionality.

    2x sites are multihomed and routing loops should be prevented. I see two options:

     

    1) Using Site of Origin Community under following link:

    http://www.juniper.net/techpubs/software/junos/junos95/swconfig-vpns/id-10296579.html

    but still not clear how to use soo only on PEs....

     

    2) Using Tags but how ?

     

    Any help would be appreciated and configurations are wellcome...

     

    Cheers,

    Jose



  • 2.  RE: VPN Multihoming CPE + Site of Origin

    Posted 11-24-2010 07:31

    Let's say PE1 & PE2 are multihomed to SiteA, and PE3 & PE4 are multihomed to SiteB.

     

    Create your origin communities - these will be used in addition to the vrf "target" communities.  I would configure these communities on all PE routers.

     

     

    [edit]
    jparks# show policy-options 
    /*-----snip-----*/
    community site-a-origin members origin:65000:100; community site-b-origin members origin:65000:200;
    community vpn-cust-a members target:65000:555;

     Create your VRF-export policies on PE1 and PE2 to advertise SiteA prefixes into the MPLS cloud (bgp.l3vpn.0) tagging the prefixes with the VRF target community and the SiteA origin community.

     

     

    [edit]
    jparks# show policy-options policy-statement vrf-cust-a-export 
    term 1 {
        from protocol bgp;
        then {
            community add vpn-cust-a;
            community add site-a-origin;
            accept;
        }
    }

    Create the VRF import policy to accept routes back into the VRF.  This is the configuration on the PE1 and PE2. (There are a couple of ways to do this - I'm illustrating one)

     

     

    [edit]
    jparks# show policy-options policy-statement vrf-cust-a-import 
    term reject-site-a {
        from {
            protocol bgp;
            community site-a-origin;
        }
        then reject;
    }
    term accept-other-sites {
        from {
            protocol bgp;
            community vpn-cust-a;
        }
        then accept;
    }

    You could reject the "origin" community on the PE-CE eBGP session too.

     

    Change the relevant information on PE3 & PE4 to achieve the same results.

     

     

    As far as using Tags, that would be more for IGP on the PE to CE link.  At that point, I think I would use Domain-ID for OSPF.  Check out the Sybex JNCIE-M Book/PDF at page 727.  The book is available on the Juniper Web site in the books section.

     



  • 3.  RE: VPN Multihoming CPE + Site of Origin
    Best Answer

    Posted 12-07-2010 04:50

    Hi,

     

    thanks, configuration is working fine after having setup on my lab....

     

    Cheers,

    Jose