Route leaking between VRF and PE on a L3VPN using logical tunnels
In a scenario where route leaking between VRF and PEs is desired, because of the default behavior of the VRF, utilizing RIB groups is not an option. A workaround is to establish a routing protocol between the VRF and the PE via a logical tunnel interface to share the desired routes
Some of the routes installed on the CE need to be provided to the PEs. Additionally, some routes belonging to the PE network are needed on the CEs, as a way to provide Internet connectivity or other services.
The CE1 and CE2 routers are connected via a L3VPN, with LDP signaling across the PE core. CE2 has 172.16 routes installed as direct routes on its loopback.
It is advertising the routes to his CE1 peer through the VPN.
PE2 router has 192.168 routes installed on its loopback and being advertised through OSPF to its PE1 peer.
The goal is to propagate the 192.168 routes to the VPN using a logical tunnel configured between the VRF on PE1 and PE1, adding OSPF knowledge between them.
Using policy the OSPF routes on CE1-VPN VRF are being imported into BGP and the other way around:
Routes: Routes:
192.168.0.0/24 172.16.0.0/24
192.168.1.0/24 172.16.1.0/24
192.168.2.0/24 172.16.2.0/24
CE1 Configuration:
set interfaces fe-0/0/0 unit 0 family inet address 10.11.22.1/30
set interfaces lo0 unit 1001 family inet address 1.1.1.1/32
set protocols bgp group EXT type external
set protocols bgp group EXT export EXP-DIRECT
set protocols bgp group EXT neighbor 10.11.22.2 peer-as 65000
set policy-options policy-statement EXP-DIRECT term 1 from protocol direct
set policy-options policy-statement EXP-DIRECT term 1 then accept
set routing-options autonomous-system 65001
PE1 Configuration:
set interfaces fe-0/0/1 unit 0 family inet address 10.11.22.2/30
set interfaces fe-0/1/0 unit 0 family inet address 10.1.3.1/30
set interfaces fe-0/1/0 unit 0 family mpls
set interfaces lo0 unit 1002 family inet address 2.2.2.2/32
This is the logical tunnel interface
set interfaces lt-0/1/0 unit 1 encapsulation ethernet
set interfaces lt-0/1/0 unit 1 peer-unit 2
set interfaces lt-0/1/0 unit 1 family inet address 10.1.2.1/30
set interfaces lt-0/1/0 unit 2 encapsulation ethernet
set interfaces lt-0/1/0 unit 2 peer-unit 1
set interfaces lt-0/1/0 unit 2 family inet address 10.1.2.2/30
set protocols bgp group INT type internal
set protocols bgp group INT local-address 2.2.2.2
set protocols bgp group INT family inet-vpn unicast
set protocols bgp group INT neighbor 3.3.3.3
set protocols ospf area 0.0.0.0 interface fe-0/1/0.0 interface-type p2p
set protocols ospf area 0.0.0.0 interface lo0.1002 passive
set protocols ospf area 0.0.0.0 interface lt-0/1/0.2 interface-type p2p >>>>added the LT into IGP
set protocols ldp interface fe-0/1/0.0
set protocols ldp interface lo0.1002
set policy-options policy-statement CE-BGP-EXPORT term 1 from protocol bgp
set policy-options policy-statement CE-BGP-EXPORT term 1 then accept
set policy-options policy-statement CE-OSPF-EXPORT term 1 from protocol ospf
set policy-options policy-statement CE-OSPF-EXPORT term 1 then accept
VRF configuration:
set routing-instances CE1-VPN instance-type vrf
set routing-instances CE1-VPN interface fe-0/0/1.0
set routing-instances CE1-VPN interface lt-0/1/0.1 >>>> Added the lt interface
set routing-instances CE1-VPN route-distinguisher 65001:1234
set routing-instances CE1-VPN vrf-target target:65001:1234
set routing-instances CE1-VPN protocols bgp group EXT type external
set routing-instances CE1-VPN protocols bgp group EXT export CE-OSPF-EXPORT
set routing-instances CE1-VPN protocols bgp group EXT neighbor 10.11.22.1 peer-as 65001
set routing-instances CE1-VPN protocols bgp group EXT neighbor 10.11.22.1 as-override
set routing-instances CE1-VPN protocols ospf export CE-BGP-EXPORT >>>> Added IGP protocol and LT interface
set routing-instances CE1-VPN protocols ospf area 0.0.0.0 interface lt-0/1/0.1 interface-type p2p
set routing-options autonomous-system 65000
PE2 configuration:
set interfaces fe-0/0/2 unit 0 family inet address 10.22.44.1/30
set interfaces lt-0/1/0 unit 4 encapsulation ethernet
set interfaces lt-0/1/0 unit 4 peer-unit 3
set interfaces lt-0/1/0 unit 4 family inet address 10.1.3.2/30
set interfaces lt-0/1/0 unit 4 family mpls
set interfaces lo0 unit 1003 family inet address 3.3.3.3/32
set interfaces lo0 unit 1003 family inet address 192.168.0.1/24
set interfaces lo0 unit 1003 family inet address 192.168.1.1/24
set interfaces lo0 unit 1003 family inet address 192.168.2.1/24
set protocols bgp group INT type internal
set protocols bgp group INT local-address 3.3.3.3
set protocols bgp group INT family inet-vpn unicast
set protocols bgp group INT neighbor 2.2.2.2
set protocols ospf area 0.0.0.0 interface lt-0/1/0.4 interface-type p2p
set protocols ospf area 0.0.0.0 interface lo0.1003 passive
set protocols ldp interface lt-0/1/0.4
set protocols ldp interface lo0.1003
set routing-instances CE2-VPN instance-type vrf
set routing-instances CE2-VPN interface fe-0/0/2.0
set routing-instances CE2-VPN route-distinguisher 65001:1234
set routing-instances CE2-VPN vrf-target target:65001:1234
set routing-instances CE2-VPN protocols bgp group EXT type external
set routing-instances CE2-VPN protocols bgp group EXT neighbor 10.22.44.2 peer-as 65001
set routing-instances CE2-VPN protocols bgp group EXT neighbor 10.22.44.2 as-override
set routing-options autonomous-system 65000
CE2 Configuration:
set interfaces fe-0/0/3 unit 0 family inet address 10.22.44.2/30
set interfaces lo0 unit 1004 family inet address 4.4.4.4/32
set interfaces lo0 unit 1004 family inet address 172.16.0.1/24
set interfaces lo0 unit 1004 family inet address 172.16.1.1/24
set interfaces lo0 unit 1004 family inet address 172.16.2.1/24
set protocols bgp group EXT type external
set protocols bgp group EXT export EXPORT-DIRECT
set protocols bgp group EXT neighbor 10.22.44.1 peer-as 65000
set policy-options prefix-list DIRECT-ROUTES 172.16.0.0/24
set policy-options prefix-list DIRECT-ROUTES 172.16.1.0/24
set policy-options prefix-list DIRECT-ROUTES 172.16.2.0/24
set policy-options policy-statement EXPORT-DIRECT from protocol direct
set policy-options policy-statement EXPORT-DIRECT from prefix-list DIRECT-ROUTES
set policy-options policy-statement EXPORT-DIRECT then accept
set routing-options autonomous-system 65001
CE1 routing table: ************************************************** inet.0: 16 destinations, 16 routes (16 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both A V Destination P Prf Metric 1 Metric 2 Next hop AS path * ? 1.1.1.1/32 D 0 >lo0.1001 * ? 2.2.2.2/32 B 170 100 1 65000 I unverified >10.11.22.2 * ? 3.3.3.3/32 B 170 100 2 65000 I unverified >10.11.22.2 * ? 10.1.3.0/30 B 170 100 2 65000 I unverified >10.11.22.2 * ? 10.11.22.0/30 D 0 >fe-0/0/0.0 * ? 10.11.22.1/32 L 0 Local * ? 10.22.44.0/30 B 170 100 65000 I unverified >10.11.22.2 * ? 172.16.0.0/24 B 170 100 65000 65000 I unverified >10.11.22.2 * ? 172.16.1.0/24 B 170 100 65000 65000 I unverified >10.11.22.2 * ? 172.16.2.0/24 B 170 100 65000 65000 I unverified >10.11.22.2 * ? 192.168.0.0/24 B 170 100 2 65000 I unverified >10.11.22.2 * ? 192.168.0.1/32 B 170 100 2 65000 I unverified >10.11.22.2 * ? 192.168.1.0/24 B 170 100 2 65000 I unverified >10.11.22.2 * ? 192.168.1.1/32 B 170 100 2 65000 I unverified >10.11.22.2 * ? 192.168.2.0/24 B 170 100 2 65000 I unverified >10.11.22.2 * ? 192.168.2.1/32 B 170 100 2 65000 I unverified >10.11.22.2 PE2 routing table: ********************************************************************* inet.0: 17 destinations, 17 routes (17 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both A V Destination P Prf Metric 1 Metric 2 Next hop AS path * ? 1.1.1.1/32 O 150 0 >10.1.3.1 * ? 2.2.2.2/32 O 10 1 >10.1.3.1 * ? 3.3.3.3/32 D 0 >lo0.1003 * ? 10.1.2.0/30 O 10 2 >10.1.3.1 * ? 10.1.3.0/30 D 0 >lt-0/1/0.4 * ? 10.1.3.2/32 L 0 Local * ? 10.22.44.0/30 O 150 0 >10.1.3.1 * ? 172.16.0.0/24 O 150 0 >10.1.3.1 * ? 172.16.1.0/24 O 150 0 >10.1.3.1 * ? 172.16.2.0/24 O 150 0 >10.1.3.1 * ? 192.168.0.0/24 D 0 >lo0.1003 * ? 192.168.0.1/32 L 0 Local * ? 192.168.1.0/24 D 0 >lo0.1003 * ? 192.168.1.1/32 L 0 Local * ? 192.168.2.0/24 D 0 >lo0.1003 * ? 192.168.2.1/32 L 0 Local * ? 224.0.0.5/32 O 10 1 MultiRecv CE2 Routing Table:********************************************************************************** inet.0: 21 destinations, 21 routes (21 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both A V Destination P Prf Metric 1 Metric 2 Next hop AS path * ? 1.1.1.1/32 B 170 100 65000 65000 I unverified >10.22.44.1 * ? 2.2.2.2/32 B 170 100 65000 I unverified >10.22.44.1 * ? 3.3.3.3/32 B 170 100 65000 I unverified >10.22.44.1 * ? 4.4.4.4/32 D 0 >lo0.1004 * ? 10.1.2.0/30 B 170 100 65000 I unverified >10.22.44.1 * ? 10.1.3.0/30 B 170 100 65000 I unverified >10.22.44.1 * ? 10.11.22.0/30 B 170 100 65000 I unverified >10.22.44.1 * ? 10.22.44.0/30 D 0 >fe-0/0/3.0 * ? 10.22.44.2/32 L 0 Local * ? 172.16.0.0/24 D 0 >lo0.1004 * ? 172.16.0.1/32 L 0 Local * ? 172.16.1.0/24 D 0 >lo0.1004 * ? 172.16.1.1/32 L 0 Local * ? 172.16.2.0/24 D 0 >lo0.1004 * ? 172.16.2.1/32 L 0 Local * ? 192.168.0.0/24 B 170 100 65000 I unverified >10.22.44.1 * ? 192.168.0.1/32 B 170 100 65000 I unverified >10.22.44.1 * ? 192.168.1.0/24 B 170 100 65000 I unverified >10.22.44.1 * ? 192.168.1.1/32 B 170 100 65000 I unverified >10.22.44.1 * ? 192.168.2.0/24 B 170 100 65000 I unverified >10.22.44.1 * ? 192.168.2.1/32 B 170 100 65000 I unverified >10.22.44.1 Connectivity tests:**************************************************** Ping from PE2 to 172.16.0.1 on CE2: jmontero@josecuervo# run ping 172.16.0.1 logical-system PE2 rapid count 10 PING 172.16.0.1 (172.16.0.1): 56 data bytes !!!!!!!!!! --- 172.16.0.1 ping statistics --- 10 packets transmitted, 10 packets received, 0% packet loss round-trip min/avg/max/stddev = 1.036/1.073/1.267/0.066 ms Ping from CE1 to 192.168.0.1 on PE2, needs to be sourced form an IP PE2 knows. jmontero@josecuervo# run ping 192.168.0.1 logical-system CE1 source 1.1.1.1 rapid count 10 PING 192.168.0.1 (192.168.0.1): 56 data bytes !!!!!!!!!! --- 192.168.0.1 ping statistics --- 10 packets transmitted, 10 packets received, 0% packet loss round-trip min/avg/max/stddev = 1.036/1.098/1.316/0.091 ms Ping from PE1 to 172.16.0.1 on CE2: jmontero@josecuervo# run ping 172.16.0.1 logical-system PE1 rapid count 10 PING 172.16.0.1 (172.16.0.1): 56 data bytes !!!!!!!!!! --- 172.16.0.1 ping statistics --- 10 packets transmitted, 10 packets received, 0% packet loss round-trip min/avg/max/stddev = 1.024/1.058/1.269/0.071 ms Ping from PE1 to 192.168 on PE2: jmontero@josecuervo# run ping 192.168.0.1 logical-system PE1 rapid count 10 PING 192.168.0.1 (192.168.0.1): 56 data bytes !!!!!!!!!! --- 192.168.0.1 ping statistics --- 10 packets transmitted, 10 packets received, 0% packet loss round-trip min/avg/max/stddev = 1.004/1.024/1.145/0.041 ms Ping from CE1 to 172.16.0.1 on CE2: jmontero@josecuervo# run ping 172.16.0.1 logical-system CE1 rapid count 10 PING 172.16.0.1 (172.16.0.1): 56 data bytes !!!!!!!!!! --- 172.16.0.1 ping statistics --- 10 packets transmitted, 10 packets received, 0% packet loss round-trip min/avg/max/stddev = 1.056/1.098/1.320/0.075 ms