Hi everyone,
Some questions for the experts on PIC Edge and PIC Core:
Looking at the Juniper tech-doc for PIC Edge for L3 VPNs (https://www.juniper.net/documentation/en_US/junos/topics/task/configuration/layer3-vpn-bgp-pic-edge-configuring.html) it shows that enabling 'protect core' is required in the vrf-instance, it also shows that a load-balancing policy is required for the forwarding-table ...
Questions:
(1) the 'protect core' command looks like it's for 'PIC Core' given the wording in the command ... but the tech-doc states it's to allow a second (backup) BGP next-hop to exist in the forwarding-table for VPN routes in the event that a PE router (which is the primary/best BGP next-hop for VPN routes) fails - so my question is: does the 'protect core' command behave similarly to configuring 'multipath vpn-unequal-cost' under the routing-options of a vrf-instance? - i.e. it allows additional BGP next-hops to exist for VPN prefixes received from 2 (or more) PE's?
(2) Would 'protect core' require 'indirect-next-hop' to be configured in the forwarding-table too? I assumed it would but I couldn't see the requirement stated in any tech-docs ...
(3) With respect to the requirement for load-balancing policy to be configured in the forwarding-table: when enabling 'protect core' the tech-doc states that this is a requirement - but does 'protect core' in conjunction with the LB policy actually load-balance traffic between the 2 (or more) BGP next-hops which are present in the forwarding-table? The tech-doc states that one path is primary and the other(s) are for back up in the event of the primary BGP next-hop (i.e. a PE router) being withdrawn in the event of the primary PE router failing - so is the LB policy purely there to place additional next-hops into the forwarding-table but no actual load-balancing of traffic occurs? (i.e. only the primary next-hop is used for traffic until it is withdrawn, and only then is the back-up next-hop(s) used?)
(4) My understanding of PIC Core is that it is used for IGP protection to a single BGP next-hop - i.e. the IGP converges much faster than BGP in a core network failure event (e.g. a P router failure and/or core link failure) so PIC Core allows a PE to have an alternative direct next-hop to a BGP next-hop stored in the forwarding-table (i.e. the BGP next-hop stays the same but there is an alternative/back-up IGP route to that BGP next-hop)
(5) Does Juniper actually 'do' PIC Core ... or just PIC Edge? Or does PIC Edge actually include PIC Core??
Lots of questions - I hope they make sense and that some gurus can provide the answers ..!
TIA