Hi Stefan,
I had to implement a hub-and-spoke customer with some egress functionality at the hub. Before that I had only played with this feature in a lab.
What's interesting is that the hub PE does not allocate a label per VRF unless the vrf-table-label is configured under both routing instances. All juniper documents say it's needed only under the downstream VRF
With vrf-table-label only under the downstream VRF:
VPN_A_DOWN.inet.0: 4 destinations, 4 routes (4 active, 0 holddown, 0 hidden)
* 4.4.4.4/32 (1 entry, 1 announced)
BGP group ibgp type Internal
Route Distinguisher: 1:2
VPN Label: 299920
Nexthop: Self
Flags: Nexthop Change
Localpref: 100
AS path: [1] 65000 I
Communities: target:1:2
* 11.11.11.11/32 (1 entry, 1 announced)
BGP group ibgp type Internal
Route Distinguisher: 1:2
VPN Label: 299936
Nexthop: Self
Flags: Nexthop Change
Localpref: 100
AS path: [1] I
Communities: target:1:2
* 192.168.0.0/30 (1 entry, 1 announced)
BGP group ibgp type Internal
Route Distinguisher: 1:2
VPN Label: 299920
Nexthop: Self
Flags: Nexthop Change
Localpref: 100
AS path: [1] I
Communities: target:1:2
[edit]
r1:r1# run show route table mpls.0
mpls.0: 9 destinations, 9 routes (9 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
0 *[MPLS/0] 02:29:34, metric 1
Receive
1 *[MPLS/0] 02:29:34, metric 1
Receive
2 *[MPLS/0] 02:29:34, metric 1
Receive
19 *[VPN/0] 00:21:05
to table VPN_A_DOWN.inet.0, Pop
299776 *[LDP/9] 02:21:14, metric 1
> to 10.0.0.2 via ge-1/0/0.0, Pop
299776(S=0) *[LDP/9] 02:21:14, metric 1
> to 10.0.0.2 via ge-1/0/0.0, Pop
299792 *[LDP/9] 02:21:07, metric 1
> to 10.0.0.2 via ge-1/0/0.0, Swap 299792
299920 *[VPN/170] 00:00:26
> to 192.168.0.2 via ge-1/0/4.0, Pop
299936 *[VPN/170] 00:00:26
receive table VPN_A_DOWN.inet.0, Pop
The router seems to be doing the right thing (label 299936) only for interface lo0.11 which resides on the PE router itself.
With vrf-table-label under both VRFs
r1:r1# run show route advertising-protocol bgp 2.2.2.2 extensive
VPN_A_DOWN.inet.0: 4 destinations, 4 routes (4 active, 0 holddown, 0 hidden)
* 4.4.4.4/32 (1 entry, 1 announced)
BGP group ibgp type Internal
Route Distinguisher: 1:2
VPN Label: 19
Nexthop: Self
Flags: Nexthop Change
Localpref: 100
AS path: [1] 65000 I
Communities: target:1:2
* 11.11.11.11/32 (1 entry, 1 announced)
BGP group ibgp type Internal
Route Distinguisher: 1:2
VPN Label: 19
Nexthop: Self
Flags: Nexthop Change
Localpref: 100
AS path: [1] I
Communities: target:1:2
* 192.168.0.0/30 (1 entry, 1 announced)
BGP group ibgp type Internal
Route Distinguisher: 1:2
VPN Label: 19
Nexthop: Self
Flags: Nexthop Change
Localpref: 100
AS path: [1] I
Communities: target:1:2
[edit]
r1:r1# run show route table mpls.0
mpls.0: 8 destinations, 8 routes (8 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
0 *[MPLS/0] 02:32:25, metric 1
Receive
1 *[MPLS/0] 02:32:25, metric 1
Receive
2 *[MPLS/0] 02:32:25, metric 1
Receive
19 *[VPN/0] 00:23:56
to table VPN_A_DOWN.inet.0, Pop
22 *[VPN/0] 00:00:19
to table VPN_A.inet.0, Pop
299776 *[LDP/9] 02:24:05, metric 1
> to 10.0.0.2 via ge-1/0/0.0, Pop
299776(S=0) *[LDP/9] 02:24:05, metric 1
> to 10.0.0.2 via ge-1/0/0.0, Pop
299792 *[LDP/9] 02:23:58, metric 1
> to 10.0.0.2 via ge-1/0/0.0, Swap 299792
The router allocates label 22 for the routes in the primary table and label 19 for those in the secondary which are the only one that get sent due to the presence of no-vrf-advertise under the primary.
Best Regards,
Vladislav A. VASILEV