L3vpn hub & spoke ques

densmadensma Member Posts: 40 ■■□□□□□□□□
Using case study topology.


P1 (CE1)---R2(HUB)
SPOKES--R4/R3 (CE2/CE3)


NO connection between R4/R3. They all going through HUB site.
full mesh LSP
HUB Config

[edit routing-instances vpnb]
[email protected]# show
instance-type vrf;
interface fxp0.0;
route-distinguisher 10.0.6.2:1;
vrf-target {
target:200:100;
import target:200:101;
}
vrf-table-label;
protocols {
bgp {
group peer {
import peer-in;
neighbor 10.0.5.253 {
peer-as 1492;
}
}
}
}

[edit routing-instances vpnb]
[email protected]#

SPOKE
[edit routing-instances vpnb]
[email protected]# show
instance-type vrf;
interface fxp3.0;
interface lo0.1;
route-distinguisher 10.0.3.3:1;
vrf-import vpnb-import;
vrf-export vpnb-export;
vrf-table-label;
protocols {
bgp {
group t1 {
import trans-in;
neighbor 172.16.0.14 {
peer-as 65222;
}
}
}
}

[edit routing-instances vpnb]
[email protected]#

[edit policy-options policy-statement vpnb-export]
[email protected]# show
term 1 {
from protocol bgp;
then {
community add vpnbtarget;
accept;
}
}
term 2 {
from protocol direct;
then {
community add vpnbtarget;
accept;
}
}
term others {
then reject;
}

[edit policy-options policy-statement vpnb-export]
[email protected]# up

[edit policy-options]
[email protected]# edit policy-statement vpnb-import

[edit policy-options policy-statement vpnb-import]
[email protected]# show
term 1 {
from {
protocol bgp;
community [ hub vpnbtarget ];
}
then accept;
}
term others {
then reject;
}

[edit policy-options policy-statement vpnb-import]
[email protected]#

all working, routing and connection b/w hub spoke and even b/w spokes.

trying to figure out how to use vrf-target on spoke to get the same result instead of using policy and there's no luck.

This is what i have tried.


[edit routing-instances vpnb]
[email protected]# show
instance-type vrf;
interface fxp3.0;
route-distinguisher 10.0.3.4:1;
vrf-target {
target:200:100;
import target:200:101;
}
vrf-table-label;
protocols {
bgp {
group c1 {
import cust1-in;
neighbor 172.16.0.6 {
peer-as 65010;
}
}
}
}

[edit routing-instances vpnb]

any idea to get it working on spokes without using policy, just with import/export target.
i can get it working only spoke to Hub access but not with spoke to spoke access.

Thanks

Comments

  • AldurAldur Juniper Moderator Member Posts: 1,460
    I think that the only way possible to do a hub and spoke l3vpn is with vrf-import/vrf-export policies. The reason behind this is that with the vrf-target command will only export/import on the one target community and so it's really not possible to rely on it alone.

    However, one thing you can do is use the vrf-target in combination with vrf-import/export. For example you could use the vrf-target with the vrf-import command and the routing-instance would export routes using the vrf-target and import them via the community in the vrf-import policy.

    You can do some mixing and matching but you won't be able to only use the vrf-target command alone to do hub and spoke l3vpns.
    "Bribe is such an ugly word. I prefer extortion. The X makes it sound cool."

    -Bender
Sign In or Register to comment.