i need your help please to understand this behavior, i have PE1/PE2/PE3 routers configured with routing instances, i configured bgp peering with inet-vpn unicast family and inet, now i have saparate export policies, one for BGP inet configured directly under the neighbor, and other export is vrf export policy with from bgp/static/direct add community!
the problem when i add next-hop-self export policy under BGP neighbor, the VRF export routes he learned from other PE within the same VRF and advertise them making himself the next hop! i want only the regular ipv4 routes to have next-hop-self option only, but it didnt work with me at all..when i remove next-hop-self from bgp, vrf exports as it should! i'm sure that i'm missing something here! can someone guide me please to understand this behavior.
also i found this on Juniper site regarding vpn-apply-export command! it really confused me, can someone help me to understand it on other words..
I am not sure how you have configured the next hop self policy, but it sounds like you are mathcing all bgp routes, both internal and external. When you apply nhs you do not want to match internal bgp learnt routes, you can use something like this to match external bgp routes only.
set policy-options policy-statement nhs term 1 from protocol bgp
set policy-options policy-statement nhs term 1 from route-type external
set policy-options policy-statement nhs term 1 then next-hop-self
Attach your configuration if you need further help.
- the normal BGP export policy bound under the BGP neighbor deals with all non-VPN routes (inet, inet6, ...)
- the export policies bound under vrf-export within the routing-instance are only applied to VRF-specific routes (inet-vpn, inet6-vpn) and bypasses the neighbor-based export policy
By configuring the option "vpn-apply-export", you force that the VPN-specific routes are also handled by the neighbor-based export policies. So, by removing "vpn-apply-export" statement, you will get the behaviour you expect.