Route leaking between VRF and PE on a L3VPN using logical tunnels

Route leaking between VRF and PE on a L3VPN using logical tunnels

In a scenario where route leaking between VRF and PEs is desired, because of the default behavior of the VRF, utilizing RIB groups is not an option. A workaround is to establish a routing protocol between the VRF and the PE via a logical tunnel interface to share the desired routes

Some of the routes installed on the CE need to be provided to the PEs. Additionally, some routes belonging to the PE network are needed on the CEs, as a way to provide Internet connectivity or other services.

The CE1 and CE2 routers are connected via a L3VPN, with LDP signaling across the PE core. CE2 has 172.16 routes installed as direct routes on its loopback.
It is advertising the routes to his CE1 peer through the VPN.
PE2 router has 192.168 routes installed on its loopback and being advertised through OSPF to its PE1 peer.
The goal is to propagate the 192.168 routes to the VPN using a logical tunnel configured between the VRF on PE1 and PE1, adding OSPF knowledge between them.
Using policy the OSPF routes on CE1-VPN VRF are being imported into BGP and the other way around:

Routes: Routes:
192.168.0.0/24 172.16.0.0/24
192.168.1.0/24 172.16.1.0/24
192.168.2.0/24 172.16.2.0/24

CE1 Configuration:
set interfaces fe-0/0/0 unit 0 family inet address 10.11.22.1/30
set interfaces lo0 unit 1001 family inet address 1.1.1.1/32
set protocols bgp group EXT type external
set protocols bgp group EXT export EXP-DIRECT
set protocols bgp group EXT neighbor 10.11.22.2 peer-as 65000
set policy-options policy-statement EXP-DIRECT term 1 from protocol direct
set policy-options policy-statement EXP-DIRECT term 1 then accept
set routing-options autonomous-system 65001

PE1 Configuration:
set interfaces fe-0/0/1 unit 0 family inet address 10.11.22.2/30
set interfaces fe-0/1/0 unit 0 family inet address 10.1.3.1/30
set interfaces fe-0/1/0 unit 0 family mpls
set interfaces lo0 unit 1002 family inet address 2.2.2.2/32

This is the logical tunnel interface
set interfaces lt-0/1/0 unit 1 encapsulation ethernet
set interfaces lt-0/1/0 unit 1 peer-unit 2
set interfaces lt-0/1/0 unit 1 family inet address 10.1.2.1/30
set interfaces lt-0/1/0 unit 2 encapsulation ethernet
set interfaces lt-0/1/0 unit 2 peer-unit 1
set interfaces lt-0/1/0 unit 2 family inet address 10.1.2.2/30

set protocols bgp group INT type internal
set protocols bgp group INT local-address 2.2.2.2
set protocols bgp group INT family inet-vpn unicast
set protocols bgp group INT neighbor 3.3.3.3

set protocols ospf area 0.0.0.0 interface fe-0/1/0.0 interface-type p2p
set protocols ospf area 0.0.0.0 interface lo0.1002 passive
set protocols ospf area 0.0.0.0 interface lt-0/1/0.2 interface-type p2p >>>>added the LT into IGP
set protocols ldp interface fe-0/1/0.0
set protocols ldp interface lo0.1002

set policy-options policy-statement CE-BGP-EXPORT term 1 from protocol bgp
set policy-options policy-statement CE-BGP-EXPORT term 1 then accept
set policy-options policy-statement CE-OSPF-EXPORT term 1 from protocol ospf
set policy-options policy-statement CE-OSPF-EXPORT term 1 then accept

VRF configuration:
set routing-instances CE1-VPN instance-type vrf
set routing-instances CE1-VPN interface fe-0/0/1.0
set routing-instances CE1-VPN interface lt-0/1/0.1 >>>> Added the lt interface
set routing-instances CE1-VPN route-distinguisher 65001:1234
set routing-instances CE1-VPN vrf-target target:65001:1234
set routing-instances CE1-VPN protocols bgp group EXT type external
set routing-instances CE1-VPN protocols bgp group EXT export CE-OSPF-EXPORT
set routing-instances CE1-VPN protocols bgp group EXT neighbor 10.11.22.1 peer-as 65001
set routing-instances CE1-VPN protocols bgp group EXT neighbor 10.11.22.1 as-override
set routing-instances CE1-VPN protocols ospf export CE-BGP-EXPORT >>>> Added IGP protocol and LT interface
set routing-instances CE1-VPN protocols ospf area 0.0.0.0 interface lt-0/1/0.1 interface-type p2p
set routing-options autonomous-system 65000

PE2 configuration:
set interfaces fe-0/0/2 unit 0 family inet address 10.22.44.1/30
set interfaces lt-0/1/0 unit 4 encapsulation ethernet
set interfaces lt-0/1/0 unit 4 peer-unit 3
set interfaces lt-0/1/0 unit 4 family inet address 10.1.3.2/30
set interfaces lt-0/1/0 unit 4 family mpls
set interfaces lo0 unit 1003 family inet address 3.3.3.3/32
set interfaces lo0 unit 1003 family inet address 192.168.0.1/24
set interfaces lo0 unit 1003 family inet address 192.168.1.1/24
set interfaces lo0 unit 1003 family inet address 192.168.2.1/24
set protocols bgp group INT type internal
set protocols bgp group INT local-address 3.3.3.3
set protocols bgp group INT family inet-vpn unicast
set protocols bgp group INT neighbor 2.2.2.2
set protocols ospf area 0.0.0.0 interface lt-0/1/0.4 interface-type p2p
set protocols ospf area 0.0.0.0 interface lo0.1003 passive
set protocols ldp interface lt-0/1/0.4
set protocols ldp interface lo0.1003
set routing-instances CE2-VPN instance-type vrf
set routing-instances CE2-VPN interface fe-0/0/2.0
set routing-instances CE2-VPN route-distinguisher 65001:1234
set routing-instances CE2-VPN vrf-target target:65001:1234
set routing-instances CE2-VPN protocols bgp group EXT type external
set routing-instances CE2-VPN protocols bgp group EXT neighbor 10.22.44.2 peer-as 65001
set routing-instances CE2-VPN protocols bgp group EXT neighbor 10.22.44.2 as-override
set routing-options autonomous-system 65000

CE2 Configuration:
set interfaces fe-0/0/3 unit 0 family inet address 10.22.44.2/30
set interfaces lo0 unit 1004 family inet address 4.4.4.4/32
set interfaces lo0 unit 1004 family inet address 172.16.0.1/24
set interfaces lo0 unit 1004 family inet address 172.16.1.1/24
set interfaces lo0 unit 1004 family inet address 172.16.2.1/24
set protocols bgp group EXT type external
set protocols bgp group EXT export EXPORT-DIRECT
set protocols bgp group EXT neighbor 10.22.44.1 peer-as 65000
set policy-options prefix-list DIRECT-ROUTES 172.16.0.0/24
set policy-options prefix-list DIRECT-ROUTES 172.16.1.0/24
set policy-options prefix-list DIRECT-ROUTES 172.16.2.0/24
set policy-options policy-statement EXPORT-DIRECT from protocol direct
set policy-options policy-statement EXPORT-DIRECT from prefix-list DIRECT-ROUTES
set policy-options policy-statement EXPORT-DIRECT then accept
set routing-options autonomous-system 65001

 

About the author

James Palmer

Leave a Comment