Routing
Highlighted
Routing

PE-CE iBGP in MPLS VPN

[ Edited ]
‎05-29-2018 07:57 AM

Hello,

 

We are setting up a new network, migrating from a baremetal network to an MPLS EVPN enabled network on QFX5200 and 5110.

 

We decided to preserve the internal AS across the whole infrastructure to ease our migration and avoid using aditionnal AS numbers.

 

The whole IS-IS/LDP/RSVP/BGP setup is in place and works great with routing-instances direct routes, however we are using BGP with one CE, namely our Firewall. 

 

We've followed the following doc: https://www.juniper.net/documentation/en_US/junos/topics/usage-guidelines/vpns-configuring-layer-3-v...

 

Routes received from the firewall do not propagate in the MPLS domain, the remote PE shows the following:

 

State: <Secondary Hidden Int Ext ProtectionCand>
Inactive reason: Unusable path

 

 

we have configured the "routing-options autonomous-system independent-domain" under the routing instance with no change.  We've also tried the AS-override on top of it but still no luck

 

The PE have a policy-statement of "next-hop self" between them.

 

Am I forgetting something?

3 REPLIES 3
Highlighted
Routing

Re: PE-CE iBGP in MPLS VPN

‎06-04-2018 08:57 PM

Hi!

 

It is difficult to answer without completly understanding your network but lets give it a try...  You mentioned:

 

=======

Routes received from the firewall do not propagate in the MPLS domain, the "remote" PE shows the following:

 

State: <Secondary Hidden Int Ext ProtectionCand>
Inactive reason: Unusable path

======

 

This means that route is being advertized by local PE (connecting to CE) and routes are being received on remote end. But not installed in routing table.

 

====== 

The PE have a policy-statement of "next-hop self" between them.

======

 

You also have NHS policy... I would suggest to cross check the protocol next-hop on the routes received on remote end (should be loopback of local PE) and ensure that protocol next-hop is reachable via inet.3.

 

There may be other reasons for it, but this seems to be most probable.

--------------------------------------------------------------------------------------------------------
If this post was helpful, please mark this post as an "Accepted Solution".
Kudos are always appreciated!
--------------------------------------------------------------------------------------------------------

Thanks
Amit
Highlighted
Routing
Solution
Accepted by topic author flq06
‎06-05-2018 05:40 AM

Re: PE-CE iBGP in MPLS VPN

‎06-05-2018 05:40 AM

Hi Amit,

 

In the end the problem was with traffic engineering (deploying so many new things at the same time)... we had traffic engineering set to bgp-igp, removing the routes from inet.3.  We changed it to bgp-igp-both-rib and we are good to go.

 

I'll mark you answer as accepted as you did pin point the inet.3 Smiley Wink

Highlighted
Routing

Re: PE-CE iBGP in MPLS VPN

‎06-05-2018 06:09 AM
Hi!

That's great. Good to hear problem was resolved. 😊

Seems by mistake you marked your own post as solution. Could you please change it to my post, so that anyone following this thread gets to look at correct answer.

Thanks
Amit

--------------------------------------------------------------------------------------------------------
If this post was helpful, please mark this post as an "Accepted Solution".
Kudos are always appreciated!
--------------------------------------------------------------------------------------------------------

Thanks
Amit