Support Support Downloads Knowledge Base Juniper Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

Device hides BGP routes received on VRF when it has the same 'local-as' number as its peer-as on another VRF

0

0

Article ID: KB37513 KB Last Updated: 17 Nov 2021Version: 1.0
Summary:

This article provides a solution and explanation for why BGP routes received from one VRF would be hidden with the reason “AS path loop” when it has the same “local-as” number as its peer-as number on another VRF.

Symptoms:
Topology:
                               VRF-A                  VRF-A
                               VRF-B                  VRF-B
    +-----------+            +----------+         +----------+          +-----------+
    |  AS65194  +------------+  AS64515 +---------+  AS64515 +----------+  AS65195  |
    |   A-CE1   |            |   PE1    |         |   PE2    |          |   A-CE2   |
    +-----------+            +--+-------+         +----------+          +-----------+
                                | local-as                              192.168.1.0/24
                                |  65195
                                |
                                |
                                |
                                |
                            +---+-------+
                            |  AS65196  |
                            |   B-CE1   |
                            +-----------+

 
Example:
  • PE1 and PE2 has 2 VRF routing instance. 
  • PE1 has local-as 65195 configurations on bgp peering to B-CE1 under routing-instance VRF-B.
When PE1 received 192.168.1.0/24 from PE2 through VRF-A.inet.0 table, it would hide this route and reported “AS path Loop” reason.
user@PE1> show route table VRF-A.inet.0 192.168.1.0 hidden detail
 
VRF-A.inet.0: 4 destinations, 4 routes (3 active, 0 holddown, 1 hidden)
192.168.1.0/24 (1 entry, 0 announced)
         BGP                 /-101
                Route Distinguisher: 64515:68062
                Next hop type: Indirect, Next hop index: 0
                Address: 0xb63d650
                Next-hop reference count: 5
                Source: 10.10.0.7
                Next hop type: Router, Next hop index: 1477
                Next hop: 20.20.69.254 via lt-0/0/0.0, selected
                Label operation: Push 16
                Label TTL action: prop-ttl
                Load balance label: Label 16: None;
                Label element ptr: 0xb63d580
                Label parent element ptr: 0xb63d3a0
                Label element references: 1
                Label element child references: 0
                Label element lsp id: 0
                Session Id: 0x229
                Protocol next hop: 30.30.112.76
                Label operation: Push 16
                Label TTL action: prop-ttl
                Load balance label: Label 16: None;
                Indirect next hop: 0xd288100 1048575 INH Session ID: 0x230
                State: <Secondary Hidden Int Ext ProtectionCand>
                Local AS:  64515 Peer AS:  64515
                Age: 40:43      Metric2: 1
                Validation State: unverified
                Task: BGP_64515.10.10.0.7+63859
                AS path: 65195 I  (Originator) (Looped: 65195) 
                Cluster list:  10.10.0.7
                Originator ID: 30.30.112.76
                Communities: target:64515:1040
                Import
                VPN Label: 16
                Localpref: 100
                Router ID: 10.10.0.7
                Hidden reason: AS path loop        <<<<<< Hidden reason
                Primary Routing Table bgp.l3vpn.0
 
Cause:

By default, BGP in all routing instances (including primary/global routing-instance) uses a single local AS-path domain for its Loop Detection Mechanism.  AS numbers configured under “routing-option” and “local-as” hierarchy are uniquely stored in this single local AS-path domain on each device.  For example, if a device has local-as 65195 number configured under a different VRF routing-instance, it will show only one in AS domain.

PE1 configuration:

set routing-options autonomous-system 64515
set routing-instances VPN-B routing-options autonomous-system 65000
set routing-instances VPN-B protocols bgp group VPN-B-CE neighbor 192.168.0.229 local-as 65195
 
user@PE1> show as-path domain
Domain: 3        Primary: 64515
    References:          6 Paths:          9
    Flags: Master         
    Local AS: 64515  Loops: 1    
    Local AS: 65000  Loops: 1    
    Local AS: 65195  Loops: 1
 
With PE1 configuration, when PE1 received route 192.168.1.0/24 from A-CE2(AS65195), it would check in its local AS-path domain and find that this route contains its local-as 65195. Hence, PE1 reports AS path loop and will hide this route.
Solution:

 Add “independent-domain” to maintain the independence of local ASs in the routing-instance and perform BGP loop detection only for the specified local ASs in the routing instance.

It is recommended to add “no-attrset” configuration to not use "attr 128" message to tunnel it.  For more information about undesired cases, refer to RFC-4271 and JSA10458 - BGP UPDATE with malformed Path Attribute tears down BGP session

PE1 configuration:

set routing-options autonomous-system 64515
set routing-instances VPN-B routing-options autonomous-system 65000 independent-domain no-attrset
set routing-instances VPN-B protocols bgp group VPN-B-CE neighbor 192.168.0.229 local-as 65195
 
user@PE1> show as-path domain
Domain: 1        Primary: 64515
    References:          5 Paths:          6
    Flags: Master         
    Local AS: 64515   Loops: 1    
Domain: 2        Primary: 65000
    References:          1 Paths:          4
    Local AS: 65000  Loops: 1    
    Local AS: 65195  Loops: 1    

Result :

 user@PE1> show route table VRF-A.inet.0 192.168.1.0 detail
 
VRF-A.inet.0: 4 destinations, 4 routes (4 active, 0 holddown, 0 hidden)    <<< this route is no longer hidden.
192.168.1.0/24 (1 entry, 1 announced)
        *BGP    Preference: 170/-101
                Route Distinguisher: 64515:68062
                Next hop type: Indirect, Next hop index: 0
                Address: 0xc8ed5b0
                Next-hop reference count: 6
                Source: 10.10.0.7
                Next hop type: Router, Next hop index: 1598
                Next hop: 20.20.69.254 via lt-0/0/0.0, selected
                Label operation: Push 16
                Label TTL action: prop-ttl
                Load balance label: Label 16: None;
                Label element ptr: 0xc8ed4e0
                Label parent element ptr: 0xc8ed000
                Label element references: 1
                Label element child references: 0
                Label element lsp id: 0
                Session Id: 0x149
                Protocol next hop: 30.30.112.76
                Label operation: Push 16
                Label TTL action: prop-ttl
                Load balance label: Label 16: None;
                Indirect next hop: 0xf08fd40 1048575 INH Session ID: 0x14d
                State: <Secondary Active Int Ext ProtectionCand>
                Local AS:  64515 Peer AS:  64515
                Age: 2:19:41    Metric2: 1
                Validation State: unverified
                Task: BGP_64515.10.10.0.7
                Announcement bits (1): 0-KRT
                AS path: 65195 I  (Originator)
                Cluster list:  10.10.0.7
                Originator ID: 30.30.112.76
                Communities: target: 64515:1040
                Import Accepted
                VPN Label: 16
                Localpref: 100
                Router ID: 201.125.0.7
                Primary Routing Table bgp.l3vpn.0


Additionally, the same ASN of VRF routing-instance as ASN of the primary routing-instance can be used.  The “alias” configuration needs to be added in this case. 

PE1 configuration:

set routing-options autonomous-system 64515
set routing-instances VPN-B routing-options autonomous-system 64515 independent-domain no-attrset
set routing-instances VPN-B protocols bgp group VPN-B-CE neighbor 192.168.0.229 local-as 65195 alias
 
user@PE1> show as-path domain
Domain: 1        Primary: 64515
    References:          5 Paths:          3
    Flags: Master         
    Local AS: 64515   Loops: 1    
Domain: 2        Primary: 64515
    References:          1 Paths:          0
    Local AS: 64515  Loops: 1    
    Local AS: 65195  Loops: 1    
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search