L3vpn hub & spoke ques
Using case study topology.
P1 (CE1)---R2(HUB)
SPOKES--R4/R3 (CE2/CE3)
NO connection between R4/R3. They all going through HUB site.
full mesh LSP
HUB Config
[edit routing-instances vpnb]
root@R2# show
instance-type vrf;
interface fxp0.0;
route-distinguisher 10.0.6.2:1;
vrf-target {
target:200:100;
import target:200:101;
}
vrf-table-label;
protocols {
bgp {
group peer {
import peer-in;
neighbor 10.0.5.253 {
peer-as 1492;
}
}
}
}
[edit routing-instances vpnb]
root@R2#
SPOKE
[edit routing-instances vpnb]
root@R3# show
instance-type vrf;
interface fxp3.0;
interface lo0.1;
route-distinguisher 10.0.3.3:1;
vrf-import vpnb-import;
vrf-export vpnb-export;
vrf-table-label;
protocols {
bgp {
group t1 {
import trans-in;
neighbor 172.16.0.14 {
peer-as 65222;
}
}
}
}
[edit routing-instances vpnb]
root@R3#
[edit policy-options policy-statement vpnb-export]
root@R3# show
term 1 {
from protocol bgp;
then {
community add vpnbtarget;
accept;
}
}
term 2 {
from protocol direct;
then {
community add vpnbtarget;
accept;
}
}
term others {
then reject;
}
[edit policy-options policy-statement vpnb-export]
root@R3# up
[edit policy-options]
root@R3# edit policy-statement vpnb-import
[edit policy-options policy-statement vpnb-import]
root@R3# show
term 1 {
from {
protocol bgp;
community [ hub vpnbtarget ];
}
then accept;
}
term others {
then reject;
}
[edit policy-options policy-statement vpnb-import]
root@R3#
all working, routing and connection b/w hub spoke and even b/w spokes.
trying to figure out how to use vrf-target on spoke to get the same result instead of using policy and there's no luck.
This is what i have tried.
[edit routing-instances vpnb]
root@R4# show
instance-type vrf;
interface fxp3.0;
route-distinguisher 10.0.3.4:1;
vrf-target {
target:200:100;
import target:200:101;
}
vrf-table-label;
protocols {
bgp {
group c1 {
import cust1-in;
neighbor 172.16.0.6 {
peer-as 65010;
}
}
}
}
[edit routing-instances vpnb]
any idea to get it working on spokes without using policy, just with import/export target.
i can get it working only spoke to Hub access but not with spoke to spoke access.
Thanks
P1 (CE1)---R2(HUB)
SPOKES--R4/R3 (CE2/CE3)
NO connection between R4/R3. They all going through HUB site.
full mesh LSP
HUB Config
[edit routing-instances vpnb]
root@R2# show
instance-type vrf;
interface fxp0.0;
route-distinguisher 10.0.6.2:1;
vrf-target {
target:200:100;
import target:200:101;
}
vrf-table-label;
protocols {
bgp {
group peer {
import peer-in;
neighbor 10.0.5.253 {
peer-as 1492;
}
}
}
}
[edit routing-instances vpnb]
root@R2#
SPOKE
[edit routing-instances vpnb]
root@R3# show
instance-type vrf;
interface fxp3.0;
interface lo0.1;
route-distinguisher 10.0.3.3:1;
vrf-import vpnb-import;
vrf-export vpnb-export;
vrf-table-label;
protocols {
bgp {
group t1 {
import trans-in;
neighbor 172.16.0.14 {
peer-as 65222;
}
}
}
}
[edit routing-instances vpnb]
root@R3#
[edit policy-options policy-statement vpnb-export]
root@R3# show
term 1 {
from protocol bgp;
then {
community add vpnbtarget;
accept;
}
}
term 2 {
from protocol direct;
then {
community add vpnbtarget;
accept;
}
}
term others {
then reject;
}
[edit policy-options policy-statement vpnb-export]
root@R3# up
[edit policy-options]
root@R3# edit policy-statement vpnb-import
[edit policy-options policy-statement vpnb-import]
root@R3# show
term 1 {
from {
protocol bgp;
community [ hub vpnbtarget ];
}
then accept;
}
term others {
then reject;
}
[edit policy-options policy-statement vpnb-import]
root@R3#
all working, routing and connection b/w hub spoke and even b/w spokes.
trying to figure out how to use vrf-target on spoke to get the same result instead of using policy and there's no luck.
This is what i have tried.
[edit routing-instances vpnb]
root@R4# show
instance-type vrf;
interface fxp3.0;
route-distinguisher 10.0.3.4:1;
vrf-target {
target:200:100;
import target:200:101;
}
vrf-table-label;
protocols {
bgp {
group c1 {
import cust1-in;
neighbor 172.16.0.6 {
peer-as 65010;
}
}
}
}
[edit routing-instances vpnb]
any idea to get it working on spokes without using policy, just with import/export target.
i can get it working only spoke to Hub access but not with spoke to spoke access.
Thanks
Comments
-
Aldur Member Posts: 1,460I think that the only way possible to do a hub and spoke l3vpn is with vrf-import/vrf-export policies. The reason behind this is that with the vrf-target command will only export/import on the one target community and so it's really not possible to rely on it alone.
However, one thing you can do is use the vrf-target in combination with vrf-import/export. For example you could use the vrf-target with the vrf-import command and the routing-instance would export routes using the vrf-target and import them via the community in the vrf-import policy.
You can do some mixing and matching but you won't be able to only use the vrf-target command alone to do hub and spoke l3vpns."Bribe is such an ugly word. I prefer extortion. The X makes it sound cool."
-Bender