I'm currently working on some network segmentation work using L3VPN. Here is my lab setup.
I'm running in to AS loop issues in this setting up between baker:trusted:VOIP-POC and the firewall. There is logical system on baker which is handling the route reflection for both logical systems on baker, along with flounder and the firewall.
If I used the independent-domain option on the junipers, the routes which are learned from the Brocade (both local to the VRF, and those learned from ES over eBGP) are prepended with 65200 when they are imported into the VRF from the bgp.l3vpn.0 table on baker. Baker then doesn't advertise these routes up for good reason. Yes, I could allow AS loops, but then I would have to configure all the routers in my network to do this.
If I don't use the independent-domain option, then the routes are announced to the firewall. They are then announced to the RR. The RR rejects them because it thinks there is an AS loop on 65266, and I'm not sure where it's getting this AS from.
I was curious if anyone else has attempted something like this in their network, and if they a have what they might have done to get around the AS loop issues. My first thought is to change the AS for my RR to something other than the AS which is being used at the border.
Thanks!
No comments:
Post a Comment