Messages

Awesome, thanks for confirming. So ruling out vrf-target due to lack of options, say we're manually importing/exporting, what are out options?

I tried to manually tag that rte-type community but its rejected. Morever that's a terrible solution, you'd need to match only Type 1/2/3, manually specify the area etc... is this just a limitation of doing OSPF PE-CE on JunOS?


BTW been reading your articles including that one, thanks for taking the time! Going for JNCIS-SP shortly and your articles (and explanation above!) have always been a great help.

loj001@SP-LAB-PE1# set policy-options community domain-b members rte-type:0.0.0.0:1:0     

[edit]
loj001@SP-LAB-PE1# commit
[edit policy-options community domain-b members]
  'rte-type:0.0.0.0:1:0'
    Unknown extended community type
error: configuration check-out failed

Pretty much. OSPF as PE-CE is one of things needed for lab, but hardly done in real life. This is a job for BGP. It doesn't really break anything, but it's odd to see a route to an internal prefix reached through interface learned through a type 5 :O

It's certainly a quirk in Juniper land.

With IOS, you redistribute from OSPF into BGP and vice-versa. If you use the command vrf-target, Junos is doing some automatic redistribution for you. It's not entirely clear how it does it though, i.e. there are no knobs to turn.

But take a look at this. I labbed it up myself and I'm using 1.1.1.1/32 and 2.2.2.2/32 as loopbacks on the CE kit. I'm using the 10/8 range as the PE-CE links. If I look at the routes on the RR, there is something specific I see. Note the CE's database first:

Code Select Expand

root@VJX0> show ospf database

Area 0.0.0.0
Type       ID               Adv Rtr           Seq      Age  Opt  Cksum  Len
Router  *1.1.1.1          1.1.1.1          0x80000021   812  0x22 0xdf02  48
Router   10.0.0.1         10.0.0.1         0x8000000e   813  0x22 0xba3c  36
Network  10.0.0.1         10.0.0.1         0x80000007   813  0x22 0x23ec  32
Summary  2.2.2.2          10.0.0.1         0x80000001   280  0xa2 0x4f59  28
    OSPF AS SCOPE link state database
Type       ID               Adv Rtr           Seq      Age  Opt  Cksum  Len
Extern   10.0.0.2         10.0.0.1         0x80000001  1178  0xa2 0xca7f  36

Here the router sees it's own type1 as well as the PE's type1. There is also a type2 for the segment and a type3 to get to 2.2.2.2/32 - Like you, I also see the remote pe-ce link as external.

I go over it a bit over here (https://mellowd.co.uk/ccie/?p=4697) but there is more than just one thing that is checked. Specifically non-matching domain ids will convert all internal and summaries to type5. However existing type5s remain as type5s.

But how does an MP-BGP router know what type a prefix is to begin with? There is another field that determines that, and that's where I see the difference.

Back on the route-reflector checking both vpnv4 routes check the difference here:

Code Select Expand

1:1:2.2.2.2/32 (1 entry, 0 announced)
Communities: target:1:1 rte-type:0.0.0.0:1:0

Code Select Expand

1:1:10.0.0.2/31 (1 entry, 0 announced)
Communities: target:1:1

Junos ensures 2.2.2.2/32 is advertised as a 'type1 lsa'. 10.0.0.2/31 has no such community. Seems to me that Junos makes no assumptions here and absence of that community means don't assume it's internal.

The annoying thing is that the vrt-target command gives you no options to add or subtract stuff when using it. It's an 'automatic' knob.

As you rightly stated, if you export directly connected, Junos assumes you're redistributing an external route and it becomes a type5. In IOS, redistributing OSPF ensures the pe-ce OSPF link is in MP-BGP, not so in Junos.


As for how I do this with customers, the last carrier I worked for we only did managed solutions. i.e. we controlled the CE as well. For this reason we didn't bother putting the pe-ce link inside the customers network. We used that for p2p testing only. The prefixes that sat behind the router were the only ones redistributed into the VPN

All all devices in the network Juniper btw?

What extended communities do you actually see on the MP-BGP routes?