Discussion:
[j-nsp] vRR/L3VPN/Unusable
Jason Lixfeld
2018-09-12 11:09:45 UTC
Permalink
Hi all,

Trying to learn more about JunOS, I’m playing around with a vRR instance (18.2R1-S1.5), and I haven’t been able to get something sorted.

This vRR instance is running as an out-of-band RR for a few LDP enabled PEs. vRR is not running LDP so inet.3 is empty, but as far as I understand, any one of the two routing-options knobs configured below should be enough to provide for the prefixes in bgp.l3vpn.0 to be able to resolve their respective next-hops and bring the routes in the table out of hidden to active. However that’s not happening.

***@rr01# show routing-options | display set | match rib
set routing-options rib inet.3 static route 0.0.0.0/0 discard
set routing-options resolution rib bgp.l3vpn.0 resolution-ribs inet.0

[edit]
***@rr01# run show route table bgp.l3vpn.0 9.9.9.9/32 detail hidden

bgp.l3vpn.0: 29 destinations, 49 routes (0 active, 0 holddown, 49 hidden)
12345:4:9.9.9.9/32 (1 entry, 0 announced)
BGP Preference: 170/-391
Route Distinguisher: 12345:4
Next hop type: Unusable, Next hop index: 0
Address: 0x27b17bc
Next-hop reference count: 53
State: <Hidden Int Ext ProtectionPath ProtectionCand>
Local AS: 12345 Peer AS: 12345
Age: 1:52:31 Metric: 0
Validation State: unverified
Task: BGP_12345.10.15.48.11+179
AS path: 11670 ?
Communities: 12345:2000 12345:2010 target:12345:4
Accepted
VPN Label: 217
Localpref: 390
Router ID: 10.15.48.11

[edit]
***@rr01# run show route table inet.0 10.15.48.11

inet.0: 10 destinations, 10 routes (10 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

10.15.48.11/32 *[IS-IS/18] 01:51:14, metric 30
to 10.15.49.67 via em1.0
[edit]
***@rr01#

Is there something less obvious that needs to happen before one of those two knobs above will work?

FWIW, I haven’t played around with enabling LDP here, or configuring RIB groups because I’m not really interested in exploring those as solutions if I can help it; they seem a little too heavy handed when the aforementioned two knobs should probably work fine?

Thanks in advance!
_______________________________________________
juniper-nsp mailing list juniper-***@puck.nether.net
https://puck.net
Ivan Ivanov
2018-09-12 11:22:19 UTC
Permalink
Hi Jason.

Do you have 'family mpls' configured for the vRR interfaces? Although the
RR is out of band you need that family configured on the RR interface.

Ivan,
Post by Jason Lixfeld
Hi all,
Trying to learn more about JunOS, I’m playing around with a vRR instance
(18.2R1-S1.5), and I haven’t been able to get something sorted.
This vRR instance is running as an out-of-band RR for a few LDP enabled
PEs. vRR is not running LDP so inet.3 is empty, but as far as I
understand, any one of the two routing-options knobs configured below
should be enough to provide for the prefixes in bgp.l3vpn.0 to be able to
resolve their respective next-hops and bring the routes in the table out of
hidden to active. However that’s not happening.
set routing-options rib inet.3 static route 0.0.0.0/0 discard
set routing-options resolution rib bgp.l3vpn.0 resolution-ribs inet.0
[edit]
bgp.l3vpn.0: 29 destinations, 49 routes (0 active, 0 holddown, 49 hidden)
12345:4:9.9.9.9/32 (1 entry, 0 announced)
BGP Preference: 170/-391
Route Distinguisher: 12345:4
Next hop type: Unusable, Next hop index: 0
Address: 0x27b17bc
Next-hop reference count: 53
State: <Hidden Int Ext ProtectionPath ProtectionCand>
Local AS: 12345 Peer AS: 12345
Age: 1:52:31 Metric: 0
Validation State: unverified
Task: BGP_12345.10.15.48.11+179
AS path: 11670 ?
Communities: 12345:2000 12345:2010 target:12345:4
Accepted
VPN Label: 217
Localpref: 390
Router ID: 10.15.48.11
[edit]
inet.0: 10 destinations, 10 routes (10 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
10.15.48.11/32 *[IS-IS/18] 01:51:14, metric 30
to 10.15.49.67 via em1.0
[edit]
Is there something less obvious that needs to happen before one of those
two knobs above will work?
FWIW, I haven’t played around with enabling LDP here, or configuring RIB
groups because I’m not really interested in exploring those as solutions if
I can help it; they seem a little too heavy handed when the aforementioned
two knobs should probably work fine?
Thanks in advance!
_______________________________________________
https://puck.nether.net/mailman/listinfo/juniper-nsp
--
Best Regards!

Ivan Ivanov
_______________________________________________
juniper-nsp mailing list juniper-***@puck.nether.net
https://puck.nether.net/mailman/listinfo
Jason Lixfeld
2018-09-12 11:50:17 UTC
Permalink
Hi Ivan,

I did not, and that did indeed fix it. I don’t understand why it’s necessary so that’ll be my next read.

Thanks!
Post by Ivan Ivanov
Hi Jason.
Do you have 'family mpls' configured for the vRR interfaces? Although the RR is out of band you need that family configured on the RR interface.
Ivan,
Hi all,
Trying to learn more about JunOS, I’m playing around with a vRR instance (18.2R1-S1.5), and I haven’t been able to get something sorted.
This vRR instance is running as an out-of-band RR for a few LDP enabled PEs. vRR is not running LDP so inet.3 is empty, but as far as I understand, any one of the two routing-options knobs configured below should be enough to provide for the prefixes in bgp.l3vpn.0 to be able to resolve their respective next-hops and bring the routes in the table out of hidden to active. However that’s not happening.
set routing-options rib inet.3 static route 0.0.0.0/0 <http://0.0.0.0/0> discard
set routing-options resolution rib bgp.l3vpn.0 resolution-ribs inet.0
[edit]
bgp.l3vpn.0: 29 destinations, 49 routes (0 active, 0 holddown, 49 hidden)
12345:4:9.9.9.9/32 <http://9.9.9.9/32> (1 entry, 0 announced)
BGP Preference: 170/-391
Route Distinguisher: 12345:4
Next hop type: Unusable, Next hop index: 0
Address: 0x27b17bc
Next-hop reference count: 53
State: <Hidden Int Ext ProtectionPath ProtectionCand>
Local AS: 12345 Peer AS: 12345
Age: 1:52:31 Metric: 0
Validation State: unverified
Task: BGP_12345.10.15.48.11+179
AS path: 11670 ?
Communities: 12345:2000 12345:2010 target:12345:4
Accepted
VPN Label: 217
Localpref: 390
Router ID: 10.15.48.11
[edit]
inet.0: 10 destinations, 10 routes (10 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
10.15.48.11/32 <http://10.15.48.11/32> *[IS-IS/18] 01:51:14, metric 30
to 10.15.49.67 via em1.0
[edit]
Is there something less obvious that needs to happen before one of those two knobs above will work?
FWIW, I haven’t played around with enabling LDP here, or configuring RIB groups because I’m not really interested in exploring those as solutions if I can help it; they seem a little too heavy handed when the aforementioned two knobs should probably work fine?
Thanks in advance!
_______________________________________________
https://puck.nether.net/mailman/listinfo/juniper-nsp <https://puck.nether.net/mailman/listinfo/juniper-nsp>
--
Best Regards!
Ivan Ivanov
_______________________________________________
juniper-nsp mailing list juniper-***@puck.nether.net
https://
Misak Khachatryan
2018-09-12 12:02:10 UTC
Permalink
Hi,

I run two out of band vRR with all vpn flavors and families, and don't need to have family mpls enabled on interfaces. It's version 17.4 but i don't think that matters.

This should be enough:

routing-options {
rib inet.3 {
static {
route 0.0.0.0/0<http://0.0.0.0/0> discard;
}
}
rib inet6.3 {
static {
route ::/0 discard;
}
}
resolution {
rib bgp.l3vpn.0 {
resolution-ribs [ inet.3 inet.0 ];
}
}
}


Best regards,
Misak Khachatryan,

On Wed, Sep 12, 2018 at 3:51 PM Jason Lixfeld <jason-***@lixfeld.ca<mailto:jason-***@lixfeld.ca>> wrote:
Hi Ivan,

I did not, and that did indeed fix it. I don’t understand why it’s necessary so that’ll be my next read.

Thanks!
Post by Ivan Ivanov
Hi Jason.
Do you have 'family mpls' configured for the vRR interfaces? Although the RR is out of band you need that family configured on the RR interface.
Ivan,
Hi all,
Trying to learn more about JunOS, I’m playing around with a vRR instance (18.2R1-S1.5), and I haven’t been able to get something sorted.
This vRR instance is running as an out-of-band RR for a few LDP enabled PEs. vRR is not running LDP so inet.3 is empty, but as far as I understand, any one of the two routing-options knobs configured below should be enough to provide for the prefixes in bgp.l3vpn.0 to be able to resolve their respective next-hops and bring the routes in the table out of hidden to active. However that’s not happening.
set routing-options rib inet.3 static route 0.0.0.0/0<http://0.0.0.0/0> <http://0.0.0.0/0> discard
set routing-options resolution rib bgp.l3vpn.0 resolution-ribs inet.0
[edit]
bgp.l3vpn.0: 29 destinations, 49 routes (0 active, 0 holddown, 49 hidden)
12345:4:9.9.9.9/32<http://9.9.9.9/32> <http://9.9.9.9/32> (1 entry, 0 announced)
BGP Preference: 170/-391
Route Distinguisher: 12345:4
Next hop type: Unusable, Next hop index: 0
Address: 0x27b17bc
Next-hop reference count: 53
State: <Hidden Int Ext ProtectionPath ProtectionCand>
Local AS: 12345 Peer AS: 12345
Age: 1:52:31 Metric: 0
Validation State: unverified
Task: BGP_12345.10.15.48.11+179
AS path: 11670 ?
Communities: 12345:2000 12345:2010 target:12345:4
Accepted
VPN Label: 217
Localpref: 390
Router ID: 10.15.48.11
[edit]
inet.0: 10 destinations, 10 routes (10 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
10.15.48.11/32<http://10.15.48.11/32> <http://10.15.48.11/32> *[IS-IS/18] 01:51:14, metric 30
to 10.15.49.67 via em1.0
[edit]
Is there something less obvious that needs to happen before one of those two knobs above will work?
FWIW, I haven’t played around with enabling LDP here, or configuring RIB groups because I’m not really interested in exploring those as solutions if I can help it; they seem a little too heavy handed when the aforementioned two knobs should probably work fine?
Thanks in advance!
_______________________________________________
https://puck.nether.net/mailman/listinfo/juniper-nsp <https://puck.nether.net/mailman/listinfo/juniper-nsp>
--
Best Regards!
Ivan Ivanov
_______________________________________________
juniper-nsp mailing list juniper-***@puck.nether.net<mailto:juniper-***@puck.nether.net>
https://puck.nether.net/mailman/listinfo/juniper-nsp
_______________________________________________
juniper-nsp mailing list juniper-***@puck.nether.net
https://puck.nether.net/mailman/listinfo/junipe
a***@netconsultings.com
2018-09-12 21:41:17 UTC
Permalink
Hmm, these things are nasty you set them once and forget how they work :)

Why to define the inet.3 table at all? I mean if you can have bgp.l3vpn.0 resolve directly from inet.0 (which I seem to remember it would do without any help anyways):
set routing-options resolution rib bgp.l3vpn.0 resolution-ribs inet.0

You can then do the same for v6, just need to leak all v4 routes to inet6.0 (well if you're not running v6 in IGP.

Oh and don't forget the FIB filter.

adam

netconsultings.com
-----Original Message-----
Of Misak Khachatryan
Sent: Wednesday, September 12, 2018 1:02 PM
Subject: Re: [j-nsp] vRR/L3VPN/Unusable
Hi,
I run two out of band vRR with all vpn flavors and families, and don't need to
have family mpls enabled on interfaces. It's version 17.4 but i don't think that
matters.
routing-options {
rib inet.3 {
static {
route 0.0.0.0/0<http://0.0.0.0/0> discard;
}
}
rib inet6.3 {
static {
route ::/0 discard;
}
}
resolution {
rib bgp.l3vpn.0 {
resolution-ribs [ inet.3 inet.0 ];
}
}
}
Best regards,
Misak Khachatryan,
On Wed, Sep 12, 2018 at 3:51 PM Jason Lixfeld <jason-
Hi Ivan,
I did not, and that did indeed fix it. I don’t understand why it’s necessary so
that’ll be my next read.
Thanks!
On Sep 12, 2018, at 7:22 AM, Ivan Ivanov
Hi Jason.
Do you have 'family mpls' configured for the vRR interfaces? Although the
RR is out of band you need that family configured on the RR interface.
Ivan,
On Wed, Sep 12, 2018 at 12:10 PM Jason Lixfeld <jason-
Hi all,
Trying to learn more about JunOS, I’m playing around with a vRR instance
(18.2R1-S1.5), and I haven’t been able to get something sorted.
This vRR instance is running as an out-of-band RR for a few LDP enabled
PEs. vRR is not running LDP so inet.3 is empty, but as far as I understand, any
one of the two routing-options knobs configured below should be enough to
provide for the prefixes in bgp.l3vpn.0 to be able to resolve their respective
next-hops and bring the routes in the table out of hidden to active. However
that’s not happening.
routing-options rib inet.3 static route 0.0.0.0/0<http://0.0.0.0/0>
<http://0.0.0.0/0> discard set routing-options resolution rib
bgp.l3vpn.0 resolution-ribs inet.0
[edit]
9.9.9.9/32<http://9.9.9.9/32> <http://9.9.9.9/32> detail hidden
bgp.l3vpn.0: 29 destinations, 49 routes (0 active, 0 holddown, 49
hidden) 12345:4:9.9.9.9/32<http://9.9.9.9/32> <http://9.9.9.9/32> (1 entry,
0 announced)
BGP Preference: 170/-391
Route Distinguisher: 12345:4
Next hop type: Unusable, Next hop index: 0
Address: 0x27b17bc
Next-hop reference count: 53
State: <Hidden Int Ext ProtectionPath ProtectionCand>
Local AS: 12345 Peer AS: 12345
Age: 1:52:31 Metric: 0
Validation State: unverified
Task: BGP_12345.10.15.48.11+179
AS path: 11670 ?
Communities: 12345:2000 12345:2010 target:12345:4
Accepted
VPN Label: 217
Localpref: 390
Router ID: 10.15.48.11
[edit]
inet.0: 10 destinations, 10 routes (10 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
10.15.48.11/32<http://10.15.48.11/32> <http://10.15.48.11/32> *[IS-
IS/18] 01:51:14, metric 30
to 10.15.49.67 via em1.0
[edit]
Is there something less obvious that needs to happen before one of those
two knobs above will work?
FWIW, I haven’t played around with enabling LDP here, or configuring RIB
groups because I’m not really interested in exploring those as solutions if I
can help it; they seem a little too heavy handed when the aforementioned
two knobs should probably work fine?
Thanks in advance!
_______________________________________________
juniper-nsp mailing list
Post by Jason Lixfeld
https://puck.nether.net/mailman/listinfo/juniper-nsp
<https://puck.nether.net/mailman/listinfo/juniper-nsp>
--
Best Regards!
Ivan Ivanov
_______________________________________________
https://puck.nether.net/mailman/listinfo/juniper-nsp
_______________________________________________
https://puck.nether.net/mailman/listinfo/juniper-nsp
_______________________________________________
juniper-nsp mailing list juniper-***@puck.nether.net
https://pu
Misak Khachatryan
2018-09-13 09:27:48 UTC
Permalink
Well i think that also a problem of copy/pasting :)

Previously we had RR on a PE router and it seems i did simple copy/paste of relevant config.
Can't remember any other reason to do that.

But Jason has a problem having only

set routing-options resolution rib bgp.l3vpn.0 resolution-ribs inet.0

on his VRR

Best regards,
Misak Khachatryan,

On Thu, Sep 13, 2018 at 1:41 AM ***@netconsultings.com<mailto:***@netconsultings.com> <***@netconsultings.com<mailto:***@netconsultings.com>> wrote:
Hmm, these things are nasty you set them once and forget how they work :)

Why to define the inet.3 table at all? I mean if you can have bgp.l3vpn.0 resolve directly from inet.0 (which I seem to remember it would do without any help anyways):
set routing-options resolution rib bgp.l3vpn.0 resolution-ribs inet.0

You can then do the same for v6, just need to leak all v4 routes to inet6.0 (well if you're not running v6 in IGP.

Oh and don't forget the FIB filter.

adam

netconsultings.com<http://netconsultings.com>
-----Original Message-----
Of Misak Khachatryan
Sent: Wednesday, September 12, 2018 1:02 PM
Subject: Re: [j-nsp] vRR/L3VPN/Unusable
Hi,
I run two out of band vRR with all vpn flavors and families, and don't need to
have family mpls enabled on interfaces. It's version 17.4 but i don't think that
matters.
routing-options {
rib inet.3 {
static {
route 0.0.0.0/0<http://0.0.0.0/0><http://0.0.0.0/0> discard;
}
}
rib inet6.3 {
static {
route ::/0 discard;
}
}
resolution {
rib bgp.l3vpn.0 {
resolution-ribs [ inet.3 inet.0 ];
}
}
}
Best regards,
Misak Khachatryan,
On Wed, Sep 12, 2018 at 3:51 PM Jason Lixfeld <jason-
Hi Ivan,
I did not, and that did indeed fix it. I don’t understand why it’s necessary so
that’ll be my next read.
Thanks!
On Sep 12, 2018, at 7:22 AM, Ivan Ivanov
Hi Jason.
Do you have 'family mpls' configured for the vRR interfaces? Although the
RR is out of band you need that family configured on the RR interface.
Ivan,
On Wed, Sep 12, 2018 at 12:10 PM Jason Lixfeld <jason-
Hi all,
Trying to learn more about JunOS, I’m playing around with a vRR instance
(18.2R1-S1.5), and I haven’t been able to get something sorted.
This vRR instance is running as an out-of-band RR for a few LDP enabled
PEs. vRR is not running LDP so inet.3 is empty, but as far as I understand, any
one of the two routing-options knobs configured below should be enough to
provide for the prefixes in bgp.l3vpn.0 to be able to resolve their respective
next-hops and bring the routes in the table out of hidden to active. However
that’s not happening.
routing-options rib inet.3 static route 0.0.0.0/0<http://0.0.0.0/0><http://0.0.0.0/0>
<http://0.0.0.0/0> discard set routing-options resolution rib
bgp.l3vpn.0 resolution-ribs inet.0
[edit]
9.9.9.9/32<http://9.9.9.9/32><http://9.9.9.9/32> <http://9.9.9.9/32> detail hidden
bgp.l3vpn.0: 29 destinations, 49 routes (0 active, 0 holddown, 49
hidden) 12345:4:9.9.9.9/32<http://9.9.9.9/32><http://9.9.9.9/32> <http://9.9.9.9/32> (1 entry,
0 announced)
BGP Preference: 170/-391
Route Distinguisher: 12345:4
Next hop type: Unusable, Next hop index: 0
Address: 0x27b17bc
Next-hop reference count: 53
State: <Hidden Int Ext ProtectionPath ProtectionCand>
Local AS: 12345 Peer AS: 12345
Age: 1:52:31 Metric: 0
Validation State: unverified
Task: BGP_12345.10.15.48.11+179
AS path: 11670 ?
Communities: 12345:2000 12345:2010 target:12345:4
Accepted
VPN Label: 217
Localpref: 390
Router ID: 10.15.48.11
[edit]
inet.0: 10 destinations, 10 routes (10 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
10.15.48.11/32<http://10.15.48.11/32><http://10.15.48.11/32> <http://10.15.48.11/32> *[IS-
IS/18] 01:51:14, metric 30
to 10.15.49.67 via em1.0
[edit]
Is there something less obvious that needs to happen before one of those
two knobs above will work?
FWIW, I haven’t played around with enabling LDP here, or configuring RIB
groups because I’m not really interested in exploring those as solutions if I
can help it; they seem a little too heavy handed when the aforementioned
two knobs should probably work fine?
Thanks in advance!
_______________________________________________
juniper-nsp mailing list
Post by Jason Lixfeld
https://puck.nether.net/mailman/listinfo/juniper-nsp
<https://puck.nether.net/mailman/listinfo/juniper-nsp>
--
Best Regards!
Ivan Ivanov
_______________________________________________
https://puck.nether.net/mailman/listinfo/juniper-nsp
_______________________________________________
https://puck.nether.net/mailman/listinfo/juniper-nsp
_______________________________________________
juniper-nsp mailing list juniper-***@puck.nether.net
https://puck.ne
Ivan Ivanov
2018-09-13 09:57:50 UTC
Permalink
Hi,

There are a few different ways to resolve the MP-BGP routes on out of band
Juniper RR. Depends on how flexible you want to be, one can use static
route in inet.3, change of the resolution or rib-groups copying the routes
form inet.0 to inet.3.

Using the static route will work even without family mpls enabled on the
interfaces. However the other two ways require that family to be enabled on
the RR interfaces.

Ivan,
Post by Misak Khachatryan
Well i think that also a problem of copy/pasting :)
Previously we had RR on a PE router and it seems i did simple copy/paste
of relevant config.
Can't remember any other reason to do that.
But Jason has a problem having only
set routing-options resolution rib bgp.l3vpn.0 resolution-ribs inet.0
on his VRR
Best regards,
Misak Khachatryan,
Hmm, these things are nasty you set them once and forget how they work :)
Why to define the inet.3 table at all? I mean if you can have bgp.l3vpn.0
resolve directly from inet.0 (which I seem to remember it would do without
set routing-options resolution rib bgp.l3vpn.0 resolution-ribs inet.0
You can then do the same for v6, just need to leak all v4 routes to
inet6.0 (well if you're not running v6 in IGP.
Oh and don't forget the FIB filter.
adam
netconsultings.com<http://netconsultings.com>
-----Original Message-----
Of Misak Khachatryan
Sent: Wednesday, September 12, 2018 1:02 PM
Subject: Re: [j-nsp] vRR/L3VPN/Unusable
Hi,
I run two out of band vRR with all vpn flavors and families, and don't
need to
have family mpls enabled on interfaces. It's version 17.4 but i don't
think that
matters.
routing-options {
rib inet.3 {
static {
route 0.0.0.0/0<http://0.0.0.0/0><http://0.0.0.0/0> discard;
}
}
rib inet6.3 {
static {
route ::/0 discard;
}
}
resolution {
rib bgp.l3vpn.0 {
resolution-ribs [ inet.3 inet.0 ];
}
}
}
Best regards,
Misak Khachatryan,
On Wed, Sep 12, 2018 at 3:51 PM Jason Lixfeld <jason-
Hi Ivan,
I did not, and that did indeed fix it. I don’t understand why it’s
necessary so
that’ll be my next read.
Thanks!
On Sep 12, 2018, at 7:22 AM, Ivan Ivanov
Hi Jason.
Do you have 'family mpls' configured for the vRR interfaces? Although
the
RR is out of band you need that family configured on the RR interface.
Ivan,
On Wed, Sep 12, 2018 at 12:10 PM Jason Lixfeld <jason-
Hi all,
Trying to learn more about JunOS, I’m playing around with a vRR
instance
(18.2R1-S1.5), and I haven’t been able to get something sorted.
This vRR instance is running as an out-of-band RR for a few LDP enabled
PEs. vRR is not running LDP so inet.3 is empty, but as far as I
understand, any
one of the two routing-options knobs configured below should be enough to
provide for the prefixes in bgp.l3vpn.0 to be able to resolve their
respective
next-hops and bring the routes in the table out of hidden to active.
However
that’s not happening.
routing-options rib inet.3 static route 0.0.0.0/0<http://0.0.0.0/0><
http://0.0.0.0/0>
<http://0.0.0.0/0> discard set routing-options resolution rib
bgp.l3vpn.0 resolution-ribs inet.0
[edit]
9.9.9.9/32<http://9.9.9.9/32><http://9.9.9.9/32> <http://9.9.9.9/32>
detail hidden
bgp.l3vpn.0: 29 destinations, 49 routes (0 active, 0 holddown, 49
hidden) 12345:4:9.9.9.9/32<http://9.9.9.9/32><http://9.9.9.9/32> <
http://9.9.9.9/32> (1 entry,
0 announced)
BGP Preference: 170/-391
Route Distinguisher: 12345:4
Next hop type: Unusable, Next hop index: 0
Address: 0x27b17bc
Next-hop reference count: 53
State: <Hidden Int Ext ProtectionPath ProtectionCand>
Local AS: 12345 Peer AS: 12345
Age: 1:52:31 Metric: 0
Validation State: unverified
Task: BGP_12345.10.15.48.11+179
AS path: 11670 ?
Communities: 12345:2000 12345:2010 target:12345:4
Accepted
VPN Label: 217
Localpref: 390
Router ID: 10.15.48.11
[edit]
inet.0: 10 destinations, 10 routes (10 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
10.15.48.11/32<http://10.15.48.11/32><http://10.15.48.11/32> <
http://10.15.48.11/32> *[IS-
IS/18] 01:51:14, metric 30
to 10.15.49.67 via em1.0
[edit]
Is there something less obvious that needs to happen before one of
those
two knobs above will work?
FWIW, I haven’t played around with enabling LDP here, or configuring
RIB
groups because I’m not really interested in exploring those as solutions
if I
can help it; they seem a little too heavy handed when the aforementioned
two knobs should probably work fine?
Thanks in advance!
_______________________________________________
juniper-nsp mailing list
<mailto:juniper-<mailto:juniper->
Post by Jason Lixfeld
https://puck.nether.net/mailman/listinfo/juniper-nsp
<https://puck.nether.net/mailman/listinfo/juniper-nsp>
--
Best Regards!
Ivan Ivanov
_______________________________________________
https://puck.nether.net/mailman/listinfo/juniper-nsp
_______________________________________________
https://puck.nether.net/mailman/listinfo/juniper-nsp
_______________________________________________
https://puck.nether.net/mailman/listinfo/juniper-nsp
--
Best Regards!

Ivan Ivanov
_______________________________________________
juniper-nsp mailing list juniper-***@puck.nether.net
https://puck.nether.net/mailman/listinfo/junipe
a***@netconsultings.com
2018-09-13 12:08:01 UTC
Permalink
Sent: Thursday, September 13, 2018 10:58 AM
Hi,
There are a few different ways to resolve the MP-BGP routes on out of band
Juniper RR. Depends on how flexible you want to be, one can use static route
in inet.3, change of the resolution or rib-groups copying the routes form
inet.0 to inet.3.
Using the static route will work even without family mpls enabled on the
interfaces. However the other two ways require that family to be enabled on
the RR interfaces.
Hmm that’s interesting, cause on code version 12 and 15 the “set routing-options resolution rib bgp.l3vpn.0 resolution-ribs inet.0” is the only thing that’s needed, i.e. no need for family mpls on RR interfaces.
So I have a theory that once you enable inet.3 (in any shape or form) then you need "family mpls" on RR interfaces?

adam

netconsultings.com
::carrier-class solutions for the telecommunications industry::

_______________________________________________
juniper-nsp mailing list juniper-***@puck.nether.net
https://puck.
Jason Lixfeld
2018-09-13 12:12:05 UTC
Permalink
Hi,

I’ve been doing some more testing with the following results:

The following configurations work:

1. family mpls is deactivated on em1 with routing-options rib inet.3 static route 0.0.0.0/0 discard configured
2. family mpls is enabled on em1 with routing-options rib inet.3 static route 0.0.0.0/0 discard and routing-options resolution rib bgp.l3vpn.0 resolution-ribs inet.0 configured simultaneously
3. family mpls is enabled on em1 with routing-options resolution rib bgp.l3vpn.0 resolution-ribs inet.0 configured

The following configurations do not work:

4. If family mpls is enabled on em1 with routing-options rib inet.3 static route 0.0.0.0/0 discard configured
5. If family mpls is deactivated on em1 with routing-options rib inet.3 static route 0.0.0.0/0 discard and routing-options resolution rib bgp.l3vpn.0 resolution-ribs inet.0 configured simultaneously
6. If family mpls is deactivated on em1 with routing-options resolution rib bgp.l3vpn.0 resolution-ribs inet.0 configured

So it seems based on Masik’s statement that case 5 work in 17.4, then there may be a behaviour change between 17.4 and 18.2

It seems logical to me that if case 2 works, case 5 should work as well.

All that being said, I can’t seem to find any documentation on what exactly enabling family mpls on the interface does. It seems to me that it would configure the interface to accept labelled packets, but since there are no labelled packets here, family mpls does something else?
Post by Ivan Ivanov
Hi,
There are a few different ways to resolve the MP-BGP routes on out of band
Juniper RR. Depends on how flexible you want to be, one can use static
route in inet.3, change of the resolution or rib-groups copying the routes
form inet.0 to inet.3.
Using the static route will work even without family mpls enabled on the
interfaces. However the other two ways require that family to be enabled on
the RR interfaces.
Ivan,
Post by Misak Khachatryan
Well i think that also a problem of copy/pasting :)
Previously we had RR on a PE router and it seems i did simple copy/paste
of relevant config.
Can't remember any other reason to do that.
But Jason has a problem having only
set routing-options resolution rib bgp.l3vpn.0 resolution-ribs inet.0
on his VRR
Best regards,
Misak Khachatryan,
Hmm, these things are nasty you set them once and forget how they work :)
Why to define the inet.3 table at all? I mean if you can have bgp.l3vpn.0
resolve directly from inet.0 (which I seem to remember it would do without
set routing-options resolution rib bgp.l3vpn.0 resolution-ribs inet.0
You can then do the same for v6, just need to leak all v4 routes to
inet6.0 (well if you're not running v6 in IGP.
Oh and don't forget the FIB filter.
adam
netconsultings.com<http://netconsultings.com>
-----Original Message-----
Of Misak Khachatryan
Sent: Wednesday, September 12, 2018 1:02 PM
Subject: Re: [j-nsp] vRR/L3VPN/Unusable
Hi,
I run two out of band vRR with all vpn flavors and families, and don't
need to
have family mpls enabled on interfaces. It's version 17.4 but i don't
think that
matters.
routing-options {
rib inet.3 {
static {
route 0.0.0.0/0<http://0.0.0.0/0><http://0.0.0.0/0> discard;
}
}
rib inet6.3 {
static {
route ::/0 discard;
}
}
resolution {
rib bgp.l3vpn.0 {
resolution-ribs [ inet.3 inet.0 ];
}
}
}
Best regards,
Misak Khachatryan,
On Wed, Sep 12, 2018 at 3:51 PM Jason Lixfeld <jason-
Hi Ivan,
I did not, and that did indeed fix it. I don’t understand why it’s
necessary so
that’ll be my next read.
Thanks!
On Sep 12, 2018, at 7:22 AM, Ivan Ivanov
Hi Jason.
Do you have 'family mpls' configured for the vRR interfaces? Although
the
RR is out of band you need that family configured on the RR interface.
Ivan,
On Wed, Sep 12, 2018 at 12:10 PM Jason Lixfeld <jason-
Hi all,
Trying to learn more about JunOS, I’m playing around with a vRR
instance
(18.2R1-S1.5), and I haven’t been able to get something sorted.
This vRR instance is running as an out-of-band RR for a few LDP enabled
PEs. vRR is not running LDP so inet.3 is empty, but as far as I
understand, any
one of the two routing-options knobs configured below should be enough to
provide for the prefixes in bgp.l3vpn.0 to be able to resolve their
respective
next-hops and bring the routes in the table out of hidden to active.
However
that’s not happening.
routing-options rib inet.3 static route 0.0.0.0/0<http://0.0.0.0/0><
http://0.0.0.0/0>
<http://0.0.0.0/0> discard set routing-options resolution rib
bgp.l3vpn.0 resolution-ribs inet.0
[edit]
9.9.9.9/32<http://9.9.9.9/32><http://9.9.9.9/32> <http://9.9.9.9/32>
detail hidden
bgp.l3vpn.0: 29 destinations, 49 routes (0 active, 0 holddown, 49
hidden) 12345:4:9.9.9.9/32<http://9.9.9.9/32><http://9.9.9.9/32> <
http://9.9.9.9/32> (1 entry,
0 announced)
BGP Preference: 170/-391
Route Distinguisher: 12345:4
Next hop type: Unusable, Next hop index: 0
Address: 0x27b17bc
Next-hop reference count: 53
State: <Hidden Int Ext ProtectionPath ProtectionCand>
Local AS: 12345 Peer AS: 12345
Age: 1:52:31 Metric: 0
Validation State: unverified
Task: BGP_12345.10.15.48.11+179
AS path: 11670 ?
Communities: 12345:2000 12345:2010 target:12345:4
Accepted
VPN Label: 217
Localpref: 390
Router ID: 10.15.48.11
[edit]
inet.0: 10 destinations, 10 routes (10 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
10.15.48.11/32<http://10.15.48.11/32><http://10.15.48.11/32> <
http://10.15.48.11/32> *[IS-
IS/18] 01:51:14, metric 30
to 10.15.49.67 via em1.0
[edit]
Is there something less obvious that needs to happen before one of
those
two knobs above will work?
FWIW, I haven’t played around with enabling LDP here, or configuring
RIB
groups because I’m not really interested in exploring those as solutions
if I
can help it; they seem a little too heavy handed when the aforementioned
two knobs should probably work fine?
Thanks in advance!
_______________________________________________
juniper-nsp mailing list
<mailto:juniper-<mailto:juniper->
Post by Jason Lixfeld
https://puck.nether.net/mailman/listinfo/juniper-nsp
<https://puck.nether.net/mailman/listinfo/juniper-nsp>
--
Best Regards!
Ivan Ivanov
_______________________________________________
https://puck.nether.net/mailman/listinfo/juniper-nsp
_______________________________________________
https://puck.nether.net/mailman/listinfo/juniper-nsp
_______________________________________________
https://puck.nether.net/mailman/listinfo/juniper-nsp
--
Best Regards!
Ivan Ivanov
_______________________________________________
https://puck.nether.net/mailman/listinfo/juniper-nsp
_______________________________________________
juniper-nsp mailing list juniper-***@puck.nether.net
https://puck.nether.net/mailman/listin
Misak Khachatryan
2018-09-13 12:16:22 UTC
Permalink
show configuration protocols bgp
mtu-discovery;
family inet-vpn {
unicast {
no-install;
output-queue-priority priority 3;
}
}
family inet6-vpn {
unicast {
no-install;
output-queue-priority priority 3;
}
}
family l2vpn {
auto-discovery-only {
no-install;
output-queue-priority priority 10;
}
signaling {
no-install;
output-queue-priority priority 10;
}
}
family evpn {
signaling {
no-install;
output-queue-priority priority 10;
}
}
family inet-mvpn {
signaling {
no-install;
output-queue-priority priority 10;
}
}
family inet6-mvpn {
signaling {
no-install;
output-queue-priority priority 9;
}
}
family route-target {
advertise-default;
output-queue-priority priority 12;
}
show configuration routing-options
resolution {
rib bgp.rtarget.0 {
resolution-ribs inet.0;
}
}

The only family that still needs resolution is route-target.


Best regards,
Misak Khachatryan,
Sent: Thursday, September 13, 2018 10:58 AM
Hi,
There are a few different ways to resolve the MP-BGP routes on out of band
Juniper RR. Depends on how flexible you want to be, one can use static route
in inet.3, change of the resolution or rib-groups copying the routes form
inet.0 to inet.3.
Using the static route will work even without family mpls enabled on the
interfaces. However the other two ways require that family to be enabled on
the RR interfaces.
Hmm that’s interesting, cause on code version 12 and 15 the “set routing-options resolution rib bgp.l3vpn.0 resolution-ribs inet.0” is the only thing that’s needed, i.e. no need for family mpls on RR interfaces.
So I have a theory that once you enable inet.3 (in any shape or form) then you need "family mpls" on RR interfaces?

adam

netconsultings.com<http://netconsultings.com>
::carrier-class solutions for the telecommunications industry::

_______________________________________________
juniper-nsp mailing list juniper-***@puck.nether.net
https://pu
a***@netconsultings.com
2018-09-13 12:32:48 UTC
Permalink
Yes I thought the FIB filter is a given on a RR,



But didn’t know about the “no-install” knob so using:

“set routing-options forwarding-table export <policy-name>” –where the policy is just ”from protocol bgp; then reject”



-so I guess then it’s the FIB filter –that does the trick and allows us to use just the simple:

“resolution rib bgp.rtarget.0 resolution-ribs inet.0”



-well now just need to recall to search nsp archives when I need this couple years later :)



adam



netconsultings.com

::carrier-class solutions for the telecommunications industry::



From: Misak Khachatryan [mailto:***@gnc.am]
Sent: Thursday, September 13, 2018 1:16 PM
To: ***@netconsultings.com
Cc: Ivan Ivanov; juniper-***@puck.nether.net
Subject: Re: [j-nsp] vRR/L3VPN/Unusable
show configuration protocols bgp
mtu-discovery;
family inet-vpn {
unicast {
no-install;
output-queue-priority priority 3;
}
}
family inet6-vpn {
unicast {
no-install;
output-queue-priority priority 3;
}
}
family l2vpn {
auto-discovery-only {
no-install;
output-queue-priority priority 10;
}
signaling {
no-install;
output-queue-priority priority 10;
}
}
family evpn {
signaling {
no-install;
output-queue-priority priority 10;
}
}
family inet-mvpn {
signaling {
no-install;
output-queue-priority priority 10;
}
}
family inet6-mvpn {
signaling {
no-install;
output-queue-priority priority 9;
}
}
family route-target {
advertise-default;
output-queue-priority priority 12;
}
show configuration routing-options
resolution {
rib bgp.rtarget.0 {
resolution-ribs inet.0;
}
}

The only family that still needs resolution is route-target.





Best regards,
Misak Khachatryan,
Sent: Thursday, September 13, 2018 10:58 AM
Hi,
There are a few different ways to resolve the MP-BGP routes on out of band
Juniper RR. Depends on how flexible you want to be, one can use static route
in inet.3, change of the resolution or rib-groups copying the routes form
inet.0 to inet.3.
Using the static route will work even without family mpls enabled on the
interfaces. However the other two ways require that family to be enabled on
the RR interfaces.
Hmm that’s interesting, cause on code version 12 and 15 the “set routing-options resolution rib bgp.l3vpn.0 resolution-ribs inet.0” is the only thing that’s needed, i.e. no need for family mpls on RR interfaces.
So I have a theory that once you enable inet.3 (in any shape or form) then you need "family mpls" on RR interfaces?

adam

netconsultings.com <http://netconsultings.com>
::carrier-class solutions for the telecommunications industry::

_______________________________________________
juniper-nsp mailing list juniper-***@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper
Mark Tinka
2018-09-15 16:55:59 UTC
Permalink
So back when I ran RR's on an M120 (anyone remember Junos 10.4), this is
how we did it on out-of-path RR's:

*****

routing-options {
<snip>
...
    rib-groups {
        IGP-RIB {
            import-rib [ inet.0 inet.3 inet6.3 ];
        }
    }
<snip>
...
    }
}

protocols {
<snip>
...
    isis {
         rib-group inet IGP-RIB;
<snip>
...
            }
        }
    }
}

*****

With the above, no LDP is required on the RR. You also don't need
"family mpls" on the core interfaces.

Mark.
Post by a***@netconsultings.com
Yes I thought the FIB filter is a given on a RR,
“set routing-options forwarding-table export <policy-name>” –where the policy is just ”from protocol bgp; then reject”
“resolution rib bgp.rtarget.0 resolution-ribs inet.0”
-well now just need to recall to search nsp archives when I need this couple years later :)
adam
netconsultings.com
Sent: Thursday, September 13, 2018 1:16 PM
Subject: Re: [j-nsp] vRR/L3VPN/Unusable
show configuration protocols bgp
mtu-discovery;
family inet-vpn {
unicast {
no-install;
output-queue-priority priority 3;
}
}
family inet6-vpn {
unicast {
no-install;
output-queue-priority priority 3;
}
}
family l2vpn {
auto-discovery-only {
no-install;
output-queue-priority priority 10;
}
signaling {
no-install;
output-queue-priority priority 10;
}
}
family evpn {
signaling {
no-install;
output-queue-priority priority 10;
}
}
family inet-mvpn {
signaling {
no-install;
output-queue-priority priority 10;
}
}
family inet6-mvpn {
signaling {
no-install;
output-queue-priority priority 9;
}
}
family route-target {
advertise-default;
output-queue-priority priority 12;
}
show configuration routing-options
resolution {
rib bgp.rtarget.0 {
resolution-ribs inet.0;
}
}
The only family that still needs resolution is route-target.
Best regards,
Misak Khachatryan,
Sent: Thursday, September 13, 2018 10:58 AM
Hi,
There are a few different ways to resolve the MP-BGP routes on out of band
Juniper RR. Depends on how flexible you want to be, one can use static route
in inet.3, change of the resolution or rib-groups copying the routes form
inet.0 to inet.3.
Using the static route will work even without family mpls enabled on the
interfaces. However the other two ways require that family to be enabled on
the RR interfaces.
Hmm that’s interesting, cause on code version 12 and 15 the “set routing-options resolution rib bgp.l3vpn.0 resolution-ribs inet.0” is the only thing that’s needed, i.e. no need for family mpls on RR interfaces.
So I have a theory that once you enable inet.3 (in any shape or form) then you need "family mpls" on RR interfaces?
adam
netconsultings.com <http://netconsultings.com>
_______________________________________________
https://puck.nether.net/mailman/listinfo/juniper-nsp
_______________________________________________
juniper-nsp mailing list juniper-***@puck.nether.net
https://puck.nether.net/ma

Misak Khachatryan
2018-09-13 09:52:01 UTC
Permalink
OK,

so this seems also perfectly OK in my vRR:

resolution {
rib bgp.l3vpn.0 {
resolution-ribs inet.0;
}
rib bgp.rtarget.0 {
resolution-ribs inet.0;
}
}

Thanks Adam for help!

Best regards,
Misak Khachatryan,


On Thu, Sep 13, 2018 at 1:28 PM Misak Khachatryan <***@gnc.am<mailto:***@gnc.am>> wrote:
Well i think that also a problem of copy/pasting :)

Previously we had RR on a PE router and it seems i did simple copy/paste of relevant config.
Can't remember any other reason to do that.

But Jason has a problem having only

set routing-options resolution rib bgp.l3vpn.0 resolution-ribs inet.0

on his VRR

Best regards,
Misak Khachatryan,

On Thu, Sep 13, 2018 at 1:41 AM ***@netconsultings.com<mailto:***@netconsultings.com><mailto:***@netconsultings.com<mailto:***@netconsultings.com>> <***@netconsultings.com<mailto:***@netconsultings.com><mailto:***@netconsultings.com<mailto:***@netconsultings.com>>> wrote:
Hmm, these things are nasty you set them once and forget how they work :)

Why to define the inet.3 table at all? I mean if you can have bgp.l3vpn.0 resolve directly from inet.0 (which I seem to remember it would do without any help anyways):
set routing-options resolution rib bgp.l3vpn.0 resolution-ribs inet.0

You can then do the same for v6, just need to leak all v4 routes to inet6.0 (well if you're not running v6 in IGP.

Oh and don't forget the FIB filter.

adam

netconsultings.com<http://netconsultings.com><http://netconsultings.com>
-----Original Message-----
Of Misak Khachatryan
Sent: Wednesday, September 12, 2018 1:02 PM
Subject: Re: [j-nsp] vRR/L3VPN/Unusable
Hi,
I run two out of band vRR with all vpn flavors and families, and don't need to
have family mpls enabled on interfaces. It's version 17.4 but i don't think that
matters.
routing-options {
rib inet.3 {
static {
route 0.0.0.0/0<http://0.0.0.0/0><http://0.0.0.0/0><http://0.0.0.0/0> discard;
}
}
rib inet6.3 {
static {
route ::/0 discard;
}
}
resolution {
rib bgp.l3vpn.0 {
resolution-ribs [ inet.3 inet.0 ];
}
}
}
Best regards,
Misak Khachatryan,
On Wed, Sep 12, 2018 at 3:51 PM Jason Lixfeld <jason-
Hi Ivan,
I did not, and that did indeed fix it. I don’t understand why it’s necessary so
that’ll be my next read.
Thanks!
On Sep 12, 2018, at 7:22 AM, Ivan Ivanov
Hi Jason.
Do you have 'family mpls' configured for the vRR interfaces? Although the
RR is out of band you need that family configured on the RR interface.
Ivan,
On Wed, Sep 12, 2018 at 12:10 PM Jason Lixfeld <jason-
Hi all,
Trying to learn more about JunOS, I’m playing around with a vRR instance
(18.2R1-S1.5), and I haven’t been able to get something sorted.
This vRR instance is running as an out-of-band RR for a few LDP enabled
PEs. vRR is not running LDP so inet.3 is empty, but as far as I understand, any
one of the two routing-options knobs configured below should be enough to
provide for the prefixes in bgp.l3vpn.0 to be able to resolve their respective
next-hops and bring the routes in the table out of hidden to active. However
that’s not happening.
routing-options rib inet.3 static route 0.0.0.0/0<http://0.0.0.0/0><http://0.0.0.0/0><http://0.0.0.0/0>
<http://0.0.0.0/0> discard set routing-options resolution rib
bgp.l3vpn.0 resolution-ribs inet.0
[edit]
9.9.9.9/32<http://9.9.9.9/32><http://9.9.9.9/32><http://9.9.9.9/32> <http://9.9.9.9/32> detail hidden
bgp.l3vpn.0: 29 destinations, 49 routes (0 active, 0 holddown, 49
hidden) 12345:4:9.9.9.9/32<http://9.9.9.9/32><http://9.9.9.9/32><http://9.9.9.9/32> <http://9.9.9.9/32> (1 entry,
0 announced)
BGP Preference: 170/-391
Route Distinguisher: 12345:4
Next hop type: Unusable, Next hop index: 0
Address: 0x27b17bc
Next-hop reference count: 53
State: <Hidden Int Ext ProtectionPath ProtectionCand>
Local AS: 12345 Peer AS: 12345
Age: 1:52:31 Metric: 0
Validation State: unverified
Task: BGP_12345.10.15.48.11+179
AS path: 11670 ?
Communities: 12345:2000 12345:2010 target:12345:4
Accepted
VPN Label: 217
Localpref: 390
Router ID: 10.15.48.11
[edit]
inet.0: 10 destinations, 10 routes (10 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
10.15.48.11/32<http://10.15.48.11/32><http://10.15.48.11/32><http://10.15.48.11/32> <http://10.15.48.11/32> *[IS-
IS/18] 01:51:14, metric 30
to 10.15.49.67 via em1.0
[edit]
Is there something less obvious that needs to happen before one of those
two knobs above will work?
FWIW, I haven’t played around with enabling LDP here, or configuring RIB
groups because I’m not really interested in exploring those as solutions if I
can help it; they seem a little too heavy handed when the aforementioned
two knobs should probably work fine?
Thanks in advance!
_______________________________________________
juniper-nsp mailing list
Post by Jason Lixfeld
https://puck.nether.net/mailman/listinfo/juniper-nsp
<https://puck.nether.net/mailman/listinfo/juniper-nsp>
--
Best Regards!
Ivan Ivanov
_______________________________________________
https://puck.nether.net/mailman/listinfo/juniper-nsp
_______________________________________________
https://puck.nether.net/mailman/listinfo/juniper-nsp
_______________________________________________
juniper-nsp mailing list juniper-***@puck.nether.net<mailto:juniper-***@puck.nether.net>
https://puck.nether.net/mailman/listinfo/juniper-nsp
_______________________________________________
juniper-nsp mailing list juniper-***@puck.nether.net
Loading...