Routing
Highlighted
Routing

Route is not getting installed in Routing-instance

[ Edited ]
‎02-22-2020 10:43 PM

Hi Team,

 

i'm facing an issue where juniper is connected with CISCO (PE router)  and receiving two routes( 7.7.7.7 and 77.77.77.77) with route-target 100:1. i have created a policy to match the route target and applied in the routing-instance but route is not available in routing-instance table (routinginstance.inet.0) but it is available in bgp.l3vpn.0

 

root@R1> show route table bgp.l3vpn.0 detail

bgp.l3vpn.0: 2 destinations, 2 routes (2 active, 0 holddown, 0 hidden)
100:1:7.7.7.7/32 (1 entry, 0 announced)
*BGP Preference: 170/-101
Route Distinguisher: 100:1
Next hop type: Indirect
Address: 0x93347f0
Next-hop reference count: 1
Source: 4.4.4.4
Next hop type: Router, Next hop index: 585
Next hop: 12.0.0.2 via em1.0, selected
Label operation: Push 405, Push 202(top)
Label TTL action: prop-ttl, prop-ttl(top)
Protocol next hop: 4.4.4.4
Push 405
Indirect next hop: 945c570 131070
State: <Active Int Ext>
Local AS: 12 Peer AS: 12
Age: 27:41 Metric: 1010 Metric2: 1
Task: BGP_12.4.4.4.4+27322
AS path: ?
Communities: target:100:1
Import Accepted
VPN Label: 405
Localpref: 100
Router ID: 4.4.4.4

 

routing-table of routing-instance:-

 

root@R1> show route table A.inet.0

A.inet.0: 4 destinations, 4 routes (4 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

6.6.6.6/32 *[OSPF/10] 00:43:50, metric 2
> to 61.0.0.6 via em2.0
61.0.0.0/24 *[Direct/0] 00:44:07
> via em2.0
61.0.0.1/32 *[Local/0] 00:44:09
Local via em2.0
224.0.0.5/32 *[OSPF/10] 00:44:11, metric 1
MultiRecv

root@R1>

 

 

 

 


root@R1> show configuration policy-options
policy-statement export_to_PE4 {
term a {
from protocol ospf2;
then {
community set export_to_PE4;
accept;
}
}
}
policy-statement import_to_A {
term a {
from community import_to_PE4;
then accept;
}
}
community export_to_PE4 members target:100:1;
community import_to_PE4 members [ target:200:1 target:100:1 ];

root@R1>

 

 

 

root@R1> show configuration routing-instances
A {
instance-type vrf;
interface em2.0;
route-distinguisher 100:1;
vrf-import import_to_A;
vrf-export export_to_PE4;
vrf-table-label;
protocols {
ospf {
inactive: traceoptions {
file ospf_A size 10k files 3;
flag hello;
flag event;
flag error detail;
flag packets detail;
}
area 0.0.0.0 {
interface em2.0 {
interface-type p2p;
}
}
}
}
}

root@R1>

 

 

 


root@R1> show bgp summary
Groups: 1 Peers: 1 Down peers: 0
Table Tot Paths Act Paths Suppressed History Damp State Pending
bgp.l3vpn.0 2 2 0 0 0 0
Peer AS InPkt OutPkt OutQ Flaps Last Up/Dwn State|#Active/Received/Accepted/Damped...
4.4.4.4 12 106 109 0 0 46:38 Establ
bgp.l3vpn.0: 2/2/2/0

root@R1>

13 REPLIES 13
Highlighted
Routing

Re: Route is not getting installed in Routing-instance

‎02-23-2020 12:47 AM

Hello,

 


@Sunil_Sandhu wrote:

 

policy-statement import_to_A {
term a {
from community import_to_PE4;
then accept;
}
}
community export_to_PE4 members target:100:1;
community import_to_PE4 members [ target:200:1 target:100:1 ];

 

You have configured VRF import policy with community expression to match on 2 communities using logical AND.

Which means Your policy will only positively match if both communities are attached to the route.

Please remove community target:200:1 from community "import_to_PE4" and You are golden.

HTH

Thx

Alex

 

 

_____________________________________________________________________

Please ask Your Juniper account team about Juniper Professional Services offerings.
Juniper PS can design, test & build the network/part of the network as per Your requirements

+++++++++++++++++++++++++++++++++++++++++++++

Accept as Solution = cool !
Accept as Solution+Kudo = You are a Star !
Highlighted
Routing

Re: Route is not getting installed in Routing-instance

[ Edited ]
‎02-23-2020 01:31 AM

Hi, 

 

Thanks for your responce. 

i have few questions:-

 

1. how to use OR expresion inside communities.

 

2. i have read that "bgp.l3vpn.0—Stores routes learned from other PE routers. Routes in the bgp.l3vpn.0routing table are copied into a Layer 3 VRF when there is a matching VRF import policy in the PE router"

if it is not matching with the VRF import policy then why route is in bgp.l3vpn.o table.

 

Thanks in advance

 

Sunil 

Highlighted
Routing
Solution
Accepted by topic author Sunil_Sandhu
‎02-23-2020 04:21 AM

Re: Route is not getting installed in Routing-instance

‎02-23-2020 04:05 AM

Hello,

 


@Sunil_Sandhu wrote:

 

 

1. how to use OR expresion inside communities.

 

 

When You have 2 communities on separate lines inside policy-statement, this is OR expression:

 

policy-statement import_to_A {
term a {
from 
{
community import_to_PE4_100_1; community import_to_PE4_200_1;
} then accept; } } community import_to_PE4_100_1 members target:100:1; community import_to_PE4_200_1 members target:200:1;

 

 


@Sunil_Sandhu wrote:

 

2. i have read that "bgp.l3vpn.0—Stores routes learned from other PE routers. Routes in the bgp.l3vpn.0routing table are copied into a Layer 3 VRF when there is a matching VRF import policy in the PE router"

if it is not matching with the VRF import policy then why route is in bgp.l3vpn.o table.

 

 

Are You asking why a given PE receives L3VPN routes which have no matching VRF?

Well, short answer is that because You haven't enabled "family route-target" in Your BGP group.

Long answer is here https://www.juniper.net/documentation/en_US/junos/topics/topic-map/l3-vpns-route-target-filtering.ht... and in RFC 4684 https://tools.ietf.org/html/rfc4684

 

HTH

Thx

Alex

_____________________________________________________________________

Please ask Your Juniper account team about Juniper Professional Services offerings.
Juniper PS can design, test & build the network/part of the network as per Your requirements

+++++++++++++++++++++++++++++++++++++++++++++

Accept as Solution = cool !
Accept as Solution+Kudo = You are a Star !
Highlighted
Routing

Re: Route is not getting installed in Routing-instance

‎02-23-2020 10:23 PM

Hi , 

 

As per the documet JUNOS checks the vpnv4 routes against the vrf import policies.  If the vpnv4 route matches one of the policies, it is added to the bgp.l3vpn.0 routing table otherwise it will not show in the bgp.l3vpn.0 routing table.

 

bgp.l3vpn.0To determine whether to add a route to the bgp.l3vpn.0 routing table, the Junos OS checks it against the VRF instance import policies for all the VPNs configured on the PE router. If the VPN-IPv4 route matches one of the policies, it is added to the bgp.l3vpn.0routing table. To display the routes in the bgp.l3vpn.0 routing table, use the show route table bgp.l3vpn.0 command.

 

 

in my case i have configured route target with AND logic [ target:200:1 target:100:1 ]in the policy statement.  but actual route contains only one route target (target:100:1) so it will not match with import policy. then why it was showing in bgp.l3vpn.0 table ?

 

 

Sunil Kumar

 

Highlighted
Routing

Re: Route is not getting installed in Routing-instance

‎02-23-2020 10:33 PM

Hi Sunil,

 

By default, the router will be performing OR operation for the values present in the [ target:200:1 target:100:1 ] square bracket. 

Highlighted
Routing

Re: Route is not getting installed in Routing-instance

‎02-23-2020 10:44 PM

HI, 

 

thanks for your responce, can please go throught the conversation and respond. as per " " Junos was performing AND logic for the [ target:200:1 target:100:1 ] square bracket thats why route was not getting installed in the A.inet.0 table.

 

Sunil Kumar

Highlighted
Routing

Re: Route is not getting installed in Routing-instance

‎02-24-2020 12:05 AM

Hello,

 


@Sunil_Sandhu wrote:

Hi , 

 

As per the documet JUNOS checks the vpnv4 routes against the vrf import policies... 

 

I am not sure what "document" You are quoting from but this is NOT how JUNOS works.

HTH

Thx

Alex

 

_____________________________________________________________________

Please ask Your Juniper account team about Juniper Professional Services offerings.
Juniper PS can design, test & build the network/part of the network as per Your requirements

+++++++++++++++++++++++++++++++++++++++++++++

Accept as Solution = cool !
Accept as Solution+Kudo = You are a Star !
Highlighted
Routing

Re: Route is not getting installed in Routing-instance

[ Edited ]
‎02-24-2020 12:07 AM

Hello,

 


@imjoshva wrote:

By default, the router will be performing OR operation for the values present in the [ target:200:1 target:100:1 ] square bracket. 


 

Have You tested this Yourself, or are You quoting from some "document" as well? If the latter please supply the link and we get it corrected.

HTH

Thx

Alex

 

_____________________________________________________________________

Please ask Your Juniper account team about Juniper Professional Services offerings.
Juniper PS can design, test & build the network/part of the network as per Your requirements

+++++++++++++++++++++++++++++++++++++++++++++

Accept as Solution = cool !
Accept as Solution+Kudo = You are a Star !
Highlighted
Routing

Re: Route is not getting installed in Routing-instance

‎02-24-2020 12:15 AM

Hi ,

 

i have tested in LAB, i think JUNOS was performing AND logic for target mentioned in Sequare bracket  [ target:200:1 target:100:1]. after creating two seperate communities i got the expected results (OR logic). but why route was showing in bgp.inet.0 table if it was not matching with any vrf import polices.

 

Sunil Kumar

Highlighted
Routing

Re: Route is not getting installed in Routing-instance

‎02-24-2020 12:29 AM

Hi Sunil/Alex,

Apologies!! I took the other way. Yes, it is AND operation being performed when the communities are in square bracket. Please ignore the previous post.

Highlighted
Routing

Re: Route is not getting installed in Routing-instance

‎02-24-2020 01:29 AM

Hi , 

 

please help to answer below query:-

 

As per the documet JUNOS checks the vpnv4 routes against the vrf import policies.  If the vpnv4 route matches one of the policies, it is added to the bgp.l3vpn.0 routing table otherwise it will not show in the bgp.l3vpn.0 routing table.

 

bgp.l3vpn.0To determine whether to add a route to the bgp.l3vpn.0 routing table, the Junos OS checks it against the VRF instance import policies for all the VPNs configured on the PE router. If the VPN-IPv4 route matches one of the policies, it is added to the bgp.l3vpn.0routing table. To display the routes in the bgp.l3vpn.0 routing table, use the show route table bgp.l3vpn.0 command.

 

 

in my case i have configured route target with AND logic [ target:200:1 target:100:1 ]in the policy statement.  but actual route contains only one route target (target:100:1) so it will not match with import policy. then why it was showing in bgp.l3vpn.0 table ?

 

 

Sunil Kumar

Highlighted
Routing

Re: Route is not getting installed in Routing-instance

[ Edited ]
‎02-24-2020 02:19 AM

Hello,

I see You are very insistent :-] to get to the root of Your little issue.

 

 


@Sunil_Sandhu wrote:

Hi , 

 

please help to answer below query:-

 

As per the documet JUNOS checks the vpnv4 routes against the vrf import policies.  If the vpnv4 route matches one of the policies, it is added to the bgp.l3vpn.0 routing table otherwise it will not show in the bgp.l3vpn.0 routing table.

 

bgp.l3vpn.0To determine whether to add a route to the bgp.l3vpn.0 routing table, the Junos OS checks it against the VRF instance import policies for all the VPNs configured on the PE router. If the VPN-IPv4 route matches one of the policies, it is added to the bgp.l3vpn.0routing table. To display the routes in the bgp.l3vpn.0 routing table, use the show route table bgp.l3vpn.0 command.

 

 

 

Looks like the above text is from here https://www.juniper.net/documentation/en_US/junos/topics/topic-map/l3-vpns-routes-vrf-tables.html

 

The bold text is extreme simplification of what actually happens in JUNOS on receipt of L3VPN route. 

Specifically, JUNOS does NOT match EVERY L3VPN route against ALL VRF policies.

What JUNOS does it checks if each L3VPN route has at least 1 RT community attached that is referenced either in VRF policy or in "vrf-target" line under [edit routing-istance BLAH] stanza. If a given L3VPN route has such community, it is admitted into bgp.l3vpn.0 table.

You can lab it up Yourself by adding a line into Your VRF policy that matches on RT community and rejects the route. Despite the route being rejected by VRF policy, it will be admitted into bgp.l3vpn.0 table nevertheless.

In Your OP the route had 1 RT community attached and that community was referenced in the VRF policy. That was enough for admission into bgp.l3vpn.0.

HTH

Thx

Alex

  

_____________________________________________________________________

Please ask Your Juniper account team about Juniper Professional Services offerings.
Juniper PS can design, test & build the network/part of the network as per Your requirements

+++++++++++++++++++++++++++++++++++++++++++++

Accept as Solution = cool !
Accept as Solution+Kudo = You are a Star !
Highlighted
Routing

Re: Route is not getting installed in Routing-instance

‎02-24-2020 02:45 AM

Thanks aarseniev :-)Smiley Very Happy

Feedback