Hide Navigation Pane
Show Navigation Pane
Feedback
Download
SHA1
Configuring Layer 3 VPNs to Carry IBGP Traffic
When you configure BGP as the routing protocol between a PE router and a CE router in a Layer 3 VPN, you typically configure external peering sessions between the Layer 3 VPN service provider and the customer network ASs.
If the customer network has several sites advertising routes through an external BGP session to the service provider network and if the same AS is used by all the customer sites, the CE routers reject routes from the other CE routers. They detect a loop in the BGP AS path attribute.
To prevent the CE routers from rejecting each other’s routes, you could configure the following:
- PE routers advertising routes received from remote PE routers can remap the customer network AS number to its own AS number.
- AS path loops can be configured.
- The customer network can be configured with different AS numbers at each site.
These types of configurations can work when there are no BGP routing exchanges between the customer network and other networks. However, they do have limitations for customer networks that use BGP internally for purposes other than carrying traffic between the CE routers and the PE routers. When those routes are advertised outside the customer network, the service provider ASs are present in the AS path.
To improve the transparency of Layer 3 VPN services for customer networks, you can configure the routing instance for the Layer 3 VPN to isolate the customer’s network attributes from the service provider’s network attributes.
When you include the independent-domain statement in the Layer 3 VPN routing instance configuration, BGP attributes received from the customer network (from the CE router) are stored in a BGP attribute (ATTRSET) that functions like a stack. When that route is advertised from the remote PE router to the remote CE router, the original BGP attributes are restored. This is the default behavior for BGP routes that are advertised to Layer 3 VPNs located in different domains.
This functionality is described in the Internet draft draft-marques-ppvpn-ibgp-version.txt, RFC 2547bis Networks Using Internal BGP as PE-CE Protocol.
To allow a Layer 3 VPN to transport IBGP traffic, include the independent-domain statement:
You can include this statement at the following hierarchy levels:
- [edit routing-instances routing-instance-name routing-options autonomous-system number]
- [edit logical-systems logical-system-name routing-instances routing-instance-name routing-options
autonomous-system number]
Note: All PE routers participating in a Layer 3 VPN with the independent-domain statement in its configuration must be running Junos OS Release 6.3 or later.
