Layer 3 VPN

Beelze · Wed Mar 26, 2014 3:51 pm

I'm trying to setup a Layer 3 VPN between a Juniper PE and a Mikrotik PE Router.

My current topology: CE1 (Juniper) -- PE1 (Juniper) -- P1 (RouterOS) -- P2 (RouterOS) -- PE2 (RouterOS) -- CE2 (RouterOS)

I'm running
> OSPF on CE1-PE1 and CE2-PE2.
> OSPF between PE1 and PE2.
> BGP between PE1 and PE2.
> MPLS / LDB on all interfaces between PE1 and PE2.

Currently, the Juniper PE1 router can see the OSPF network of CE2-PE2 in its VRF and bgp.l3vpn.0 table:

vrf1.inet.0: 4 destinations, 4 routes (4 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

10.1.1.0/24        *[BGP/170] 00:12:37, localpref 100, from 10.9.9.2
                      AS path: ?
                    > to 10.6.6.1 via ge-0/0/1.0, Push 16, Push 29(top)
10.8.8.0/24        *[Direct/0] 04:50:31
                    > via ge-0/0/0.0
10.8.8.1/32        *[Local/0] 04:50:58
                      Local via ge-0/0/0.0
224.0.0.5/32       *[OSPF/10] 04:51:27, metric 1
                      MultiRecv

and

bgp.l3vpn.0: 1 destinations, 1 routes (1 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

65530:111:10.1.1.0/24
                   *[BGP/170] 00:12:37, localpref 100, from 10.9.9.2
                      AS path: ?
                    > to 10.6.6.1 via ge-0/0/1.0, Push 16, Push 29(top)

This means that the VRF import policy on PE1 is working. I am, however, not sure about export policy. The 10.8.8.0/24 OSPF network is not showing on the /routing bgp vpn4-route of PE2. It can only see its directly connected OSPF network.

[admin@MikroTik] /routing bgp vpnv4-route> print detail
Flags: L - label-present
 0 L route-distinguisher=65530:111 dst-address=10.1.1.0/24 interface=ether4 in-label=16
     bgp-ext-communities="RT:65530:111"

http://wiki.mikrotik.com/wiki/Manual:La ... PN_example (old example, I know) shows the creation of an OSPF instance that you need in order to distribute client OSPF networks. It also says that you need to add a VRF routing-table to this instance, but when i do this, the routing table doesn't show any OSPF routes in the MPLS core anymore.

Anyone knows what I am missing here? (maybe a second OSPF instance?) If I forgot something to add in this post, please let me know

Beelze · Thu Mar 27, 2014 11:44 am

Update: the Juniper CE1 can now see the 10.1.1.0/24 network which is imported from BGP into OSPF.

The PE2 (RouterOS) can see the 10.8.8.0/24 network in its own routing table. This one is also shown in the /routing bgp vpnv4-route table:

[admin@MikroTik] > /routing bgp vpnv4-route print
Flags: L - label-present
 #   ROUTE-DISTINGUISHER               DST-ADDRESS        GATEWAY               INTERFACE         IN-LABEL  OUT-LABEL
 0 L 65530:111                         10.8.8.0/24        10.9.9.6              ether3                  16         16
 1 L 65530:111                         20.20.20.20/32     10.9.9.6              ether3                  16         16
 2 L 65530:111                         10.1.1.0/24                              ether4                  16

The 10.8.8.0/24 network however, is not showing in the routing table of CE2 (RouterOS).

The Layer 3 VPN Manual shows that i have to add the VRF routing instance into the /routing ospf instance. But when I do this, there are no other OSPF routes to other destinations in the MPLS core.
I am using OSPF in the MPLS core and in the local 10.1.1.0/24 network. Is it possible that this interferes with each other?

Layer 3 VPN

Layer 3 VPN

Re: Layer 3 VPN

Who is online