Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

BGP not advertising the directly connected network to the remote PE router in L3VPN

0

0

Article ID: KB12430 KB Last Updated: 28 Sep 2015Version: 4.0
Summary:

BGP will not advertise the directly connected network to the remote PE router in L3VPN without vrf-table-label or some other route to advertise.

Symptoms:

In a VRF, when the directly connected interface towards the CE is a broadcast-type interface (i.e., Ethernet), BGP does not  advertise the directly connected interface network to the peer PE router.

This behavior can be verified with the following command and example:

lab# show routing-instances
L3VPN_TO_CE1 {
    instance-type vrf;
    interface fe-1/2/3.0;
    route-distinguisher 5555:1;
    vrf-target target:5555:1;
    }

lab# show interfaces fe-1/2/3
unit 0 {
    family inet {
        address 172.16.1.2/30;
    }
}

lab# show protocols bgp
group VPN-GROUP {
    type internal;
    local-address 2.2.2.2;
    family inet-vpn {
        unicast;
    }
    neighbor 4.4.4.4;
}
Note above that the routing instance is not configured with any protocol and the interface in this instance is fe-1/2/3.0, configured with 172.16.1.0/30. This /30 network should be advertised to the remote BGP PE peer.

lab@router> show route advertising-protocol bgp 4.4.4.4             
L3VPN_TO_CE1.inet.0: 4 destinations, 4 routes (4 active, 0 holddown, 0 hidden)
  Prefix                  Nexthop              MED     Lclpref    AS path
* 172.16.1.0/30           Not advertised               100        I
The output above shows that the network is not advertised to the remote PE.

The details show that it cannot assign the VPN label to this network since it can't find a next-hop address in the LAN (broadcast network), and hence the network is not advertised to the peer.
lab@router> show route advertising-protocol bgp 4.4.4.4 extensive
L3VPN_TO_CE1.inet.0: 4 destinations, 4 routes (4 active, 0 holddown, 0 hidden)
* 172.16.1.0/30 (1 entry, 1 announced)
 BGP group VPN-GROUP type Internal
     Route Distinguisher: 5555:1
     BGP label allocation failure: Need a nexthop address on LAN
     Nexthop: Not advertised
     Flags: Nexthop Change
     Localpref: 100
     AS path: I
     Communities: target:5555:1
Solution:

This is the default behavior, as BGP doesn't allocate a VPN label to a network for which it doesn't have a learned next hop via any means (statically or via any protocol). Hence for a  network of the broadcast type interface which  doesn't have a valid contributing route in the routing instance, the VPN label is not assigned.

There are three workarounds for this scenario:

  • Learn at least one prefix from the IGP protocol neighbor in the routing instance.

  • Configure the vrf-table-label command under the routing-instance stanza.

[edit routing-instances L3VPN_TO_CE1]
lab# show
instance-type vrf;
interface fe-1/2/3.0;
route-distinguisher 5555:1;
vrf-target target:5555:1;
vrf-table-label;

  • Configure a contributing route statically.
For example, a static route can be configured for the other end interface with the next hop as the same interface:
[edit routing-instances L3VPN_TO_CE1]
lab# show
instance-type vrf;
interface fe-1/2/3.0;
route-distinguisher 5555:1;
vrf-target target:5555:1;
routing-options {
    static {
        route 172.16.1.1/32 next-hop 172.16.1.1;
    }
}
lab@router> show route advertising-protocol bgp 4.4.4.4      
L3VPN_TO_CE1.inet.0: 5 destinations, 5 routes (5 active, 0 holddown, 0 hidden)
  Prefix                  Nexthop              MED     Lclpref    AS path
* 172.16.1.0/30           Self                         100        I
* 172.16.1.1/32           Self                         100        I
See that now the network is advertised.
Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search