One of the things I needed to put together recently is an Inter-AS VPN between a Cisco and Juniper. There isn’t much in the way of documentation on interoperability. Everything I’ve found is Cisco to Cisco or Juniper to Juniper. Hopefully this will help someone.
All this came about due to us being acquired by another company and needing a way to extend our L3VPNs to their network quickly.
Our simple topology follows. It’s a 7200 that has a customer VRF, a 7600, and a Juniper that also has the other side of the customer VRF (small lab).
One of the things we wanted to do is limit the vpnv4 prefixes that are shared between ASNs. We didn’t want anyone to have to configure anything on our 7609. To do this, we came up with additional route targets to add to the vpn routes.
Our 7200 config looks like this
ip vrf NNI-TEST1 rd 65100:1001 route-target export 65100:1001 route-target export 65100:65200 route-target import 65100:1001 interface Loopback101 ip vrf forwarding NNI-TEST1 ip address 10.10.10.1 255.255.255.255 router bgp 65100 address-family ipv4 vrf NNI-TEST1 no synchronization redistribute connected redistribute static exit-address-family
Pretty simple stuff. You can see where we add the extra route-target in the vrf (65100:65200).
Our 7609
router bgp 65100 neighbor NNI:US-TO-THEM peer-group neighbor NNI:US-TO-THEM remote-as 65200 neighbor x.x.156.127 peer-group NNI:US-TO-THEM address-family ipv4 no neighbor NNI:US-TO-THEM activate no neighbor x.x.156.127 activate address-family vpnv4 neighbor NNI:US-TO-THEM activate neighbor NNI:US-TO-THEM next-hop-self neighbor NNI:US-TO-THEM send-community both neighbor NNI:US-TO-THEM route-map NNI:IMPORT in neighbor NNI:US-TO-THEM route-map NNI:EXPORT out neighbor x.x.156.127 peer-group NNI:US-TO-THEM ip extcommunity-list 101 permit _RT:65100:65200_ ip extcommunity-list 102 permit _RT:65200:65100_ route-map NNI:IMPORT permit 10 match extcommunity 102 ! route-map NNI:IMPORT deny 90 route-map NNI:EXPORT permit 10 match extcommunity 101 ! route-map NNI:EXPORT deny 90
Finally, the Juniper
set interfaces lo0 unit 250 family inet address 10.10.10.2/32 set protocols mpls interface lo0.250 set protocols mpls interface fe-0/3/0.2500 set protocols mpls interface lo0.0 set routing-options autonomous-system 65200 set protocols bgp keep all set protocols bgp group NNI:PEER type external set protocols bgp group NNI:PEER family inet-vpn unicast set protocols bgp group NNI:PEER neighbor x.x.156.126 import NNI:IMPORT set protocols bgp group NNI:PEER neighbor x.x.156.126 export NNI:EXPORT set protocols bgp group NNI:PEER neighbor x.x.156.126 peer-as 65100 set policy-options policy-statement CUST1-export term 1 then community add NNI:EXPORT set policy-options policy-statement CUST1-export term 1 then community add CUST1:RT set policy-options policy-statement CUST1-export term 1 then accept set policy-options policy-statement CUST1-export term 2 then reject set policy-options policy-statement CUST1-import term 1 from community CUST1:RT set policy-options policy-statement CUST1-import term 1 then accept set policy-options policy-statement CUST1-import term 2 then reject set policy-options policy-statement NNI:IMPORT term 1 from community NNI:IMPORT set policy-options policy-statement NNI:IMPORT term 1 then accept set policy-options policy-statement NNI:IMPORT term 2 then reject set policy-options policy-statement NNI:EXPORT term 1 from community NNI:EXPORT set policy-options policy-statement NNI:EXPORT term 1 then accept set policy-options policy-statement NNI:EXPORT term 2 then reject set policy-options community CUST1:RT members target:65100:1001 set policy-options community NNI:IMPORT members target:65100:65200 set policy-options community NNI:EXPORT members target:65200:65100 set routing-instances CUST1 instance-type vrf set routing-instances CUST1 interface lo0.250 set routing-instances CUST1 route-distinguisher 65100:1001 set routing-instances CUST1 vrf-import CUST1-import set routing-instances CUST1 vrf-export CUST1-export
Now, let’s check this out on our 7200.
NW-7206-2#sh ip route vrf NNI-TEST1 10.10.10.2
Routing Table: NNI-TEST1
Routing entry for 10.10.10.2/32
Known via "bgp 65100", distance 200, metric 0
Tag 65200, type internal
Last update from x.x.156.127 00:34:23 ago
Routing Descriptor Blocks:
* x.x.156.127 (default), from x.x.156.2, 00:34:23 ago
Route metric is 0, traffic share count is 1
AS Hops 1
Route tag 65200
MPLS Required
Woot!
NW-7206-2#ping vrf NNI-TEST1 ip 10.10.10.2 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.10.10.2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms
From our Juniper:
junos@NNI-TESTING# run ping routing-instance CUST1 10.10.10.1 PING 10.10.10.1 (10.10.10.1): 56 data bytes 64 bytes from 10.10.10.1: icmp_seq=0 ttl=255 time=0.943 ms 64 bytes from 10.10.10.1: icmp_seq=1 ttl=255 time=0.988 ms 64 bytes from 10.10.10.1: icmp_seq=2 ttl=255 time=0.911 ms 64 bytes from 10.10.10.1: icmp_seq=3 ttl=255 time=0.990 ms ^C --- 10.10.10.1 ping statistics --- 4 packets transmitted, 4 packets received, 0% packet loss round-trip min/avg/max/stddev = 0.911/0.958/0.990/0.033 ms
junos@NNI-TESTING# run show route table CUST1
CUST1.inet.0: 2 destinations, 2 routes (2 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
10.10.10.1/32 *[BGP/170] 00:34:58, localpref 100
AS path: 65100 ?
> to x.x.156.126 via fe-0/3/0.2500, Push 57
10.10.10.2/32 *[Direct/0] 11:28:14
> via lo0.250
And, on our 7609
NW-7609-1#sh ip bgp vpnv4 rd 65100:1001
BGP table version is 134, local router ID is x.x.156.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 65100:1001
*>i10.10.10.1/32 x.x.156.7 0 100 0 ?
*> 10.10.10.2/32 x.x.156.127 0 65200 i
Here’s the l3vpn bgp table on the Juniper
junos@NNI-TESTING# run show route table bgp.l3vpn.0 extensive
bgp.l3vpn.0: 2 destinations, 2 routes (2 active, 0 holddown, 0 hidden)
65100:1001:10.10.10.1/32 (1 entry, 0 announced)
*BGP Preference: 170/-101
Route Distinguisher: 65100:1001
Next hop type: Router, Next hop index: 541
Next-hop reference count: 3
Source: x.x.156.126
Next hop: x.x.156.126 via fe-0/3/0.2500, selected
Label operation: Push 57
State: <Active Ext>
Local AS: 65200 Peer AS: 65100
Age: 44:42
Task: BGP_65100.x.x.156.126+179
AS path: 65100 ?
Communities: target:65100:65200 target:65100:1001
Import Accepted
VPN Label: 57
Localpref: 100
Router ID: x.x.156.2
Secondary Tables: CUST1.inet.0
65100:1001:10.10.10.2/32 (1 entry, 1 announced)
TSI:
Page 0 idx 0 Type 1 val 14845048
*Direct Preference: 0
Next hop type: Interface
Next-hop reference count: 2
Next hop: via lo0.250, selected
State: <Secondary Active Int>
Age: 11:20:01
Task: IF
Announcement bits (1): 0-BGP RT Background
AS path: I
Communities: target:65200:65100 target:65100:1001
Primary Routing Table CUST1.inet.0
This was pretty simple. So much so that I was over thinking it for quite a bit. Hopefully this helps someone else in the future.