Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

VPN not applying BGP export policy to routes advertised

0

0

Article ID: KB27326 KB Last Updated: 04 Mar 2017Version: 3.0
Summary:
This article contains documentation on how to apply BGP policies before advertising routes to a VPN routing table.
Symptoms:
BGP export is not tagging the community on L2VPN routes:

BGP export policy configuration, it should tag the routes with the community ORIG-IN-AMER:

policy-statement international-out {
     term dont-advertise-other-regions {
           from community [ ORIG-IN-EMEA ORIG-IN-AP ORIG-IN-INDIA ];
           then reject;
      }
      term add-origin {
          then {
                 community add ORIG-IN-AMER;
                  next term;
          }
      }
      term ss7-prefer-L3 {
            from community SVR_SIGTRAN_R001;
            then {
                   local-preference 125;
                  accept;
          }
      }
     term ss7-normal-tata {
          from community SVR_SIGTRAN_R002;
          then {
                local-preference 100;
                accept;
          }
      }
      term bgp {
           from protocol bgp;
           then accept;
      }
}


The routes are not getting tagged with the following community, and L2VPN traffic is not forwarding:
community ORIG-IN-AMER members 22870:65520;

BGP configuration, the export policy is international-out:
group Level3_VPLS {
     type internal;
     multihop {
          ttl 2;
     }
     local-address 172.31.191.250;
     log-updown;
     family inet {
           any;
     }
     family inet-vpn {
          any;
     }
     family l2vpn {
         signaling;
     }
     export [ next-hop-self-all international-out ];
     cluster 192.168.70.241;
     no-client-reflect;
     peer-as 22870;
     neighbor 172.31.191.212 {
         description r001-sng-ngn;
     }
     neighbor 172.31.191.215 {
     description r001-hnk-ngn;
     }
     neighbor 172.31.191.218 {
     description r001-lon-ngn;
     }
     neighbor 172.31.191.221 {
     description r001-ams-ngn;
     }
}

Cause:
When you apply a VRF export policy for the VRF Table on PE Routers in VPNs, routes from VPN routing instances are advertised to other PE routers based on this policy, whereas the BGP export policy is ignored.


Solution:
If you include the vpn-apply-export statement in the BGP configuration, both the VRF export and BGP group or neighbor export policies are applied (VRF first, then BGP) before routes are advertised in the VPN routing tables to other PE routers.

Add vpn-apply-export to the bgp group:

group Level3_VPLS {
     vpn-apply-export
     type internal;
     multihop {
          ttl 2;
     }
     local-address 172.31.191.250;
     log-updown;
     family inet {
         any;
     }
     family inet-vpn {
         any;
     }
     family l2vpn {
          signaling;
     }
     export [ next-hop-self-all international-out ];
     cluster 192.168.70.241;
     no-client-reflect;
     peer-as 22870;
     neighbor 172.31.191.212 {
          description r001-sng-ngn;
     }
     neighbor 172.31.191.215 {
          description r001-hnk-ngn;
     }
     neighbor 172.31.191.218 {
          description r001-lon-ngn;
     }
     neighbor 172.31.191.221 {
          description r001-ams-ngn;
    }
}


The route is now tagged with the community:


22870:65449:2:3/96 (2 entries, 1 announced)
*BGP Preference: 170/-101
Route Distinguisher: 22870:65449
Next hop type: Indirect
Address: 0x9ea39b8
Next-hop reference count: 25
Source: 172.31.191.248
Protocol next hop: 172.31.191.248
Indirect next hop: 2 no-forward
State: <Active Int Ext>
Local AS: 22870 Peer AS: 22870
Age: 8:10:44 Metric2: 1
Task: BGP_22870.172.31.191.248+60363
Announcement bits (1): 0-BGP_RT_Background
AS path: I (Originator) Cluster list: 192.168.70.241
AS path: Originator ID: 172.31.191.250
Communities: 22870:65520 target:65000:2 Layer2-info: encaps:ETHERNET, control flags:, mtu: 0, site preference: 100
Accepted
Label-base: 800008, range: 2, status-vector: 0x0
Localpref: 100
Router ID: 172.31.191.248
BGP Preference: 170/-101
Route Distinguisher: 22870:65449
Next hop type: Indirect
Address: 0xa7fc6d0
Next-hop reference count: 20
Source: 172.31.191.250
Protocol next hop: 172.31.191.250
Indirect next hop: 2 no-forward
State: <NotBest Int Ext>
Inactive reason: Not Best in its group - No difference
Local AS: 22870 Peer AS: 22870
Age: 8:10:45 Metric2: 1
Task: BGP_22870.172.31.191.250+179
AS path: I
Communities: 22870:65520 target:65000:2 Layer2-info: encaps:ETHERNET, control flags:, mtu: 0, site preference: 100
Accepted
Label-base: 800008, range: 2, status-vector: 0x0
Localpref: 100
Router ID: 172.31.191.250

Related Links

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search