We ordered new cloud core CCR2004-16G-2S+ that require ROSv7. We are having trouble getting our existing ROSv6 VPN4 configurations to work. We strongly feel our underlying MPLS (LDP) network isn’t the issue as we have ROSv6 devices and juniper ACX receiving iBGP and VPNv4 routes from our PE and have been for a few years.
OSPF, LDP, iBGP and VPNv4 routes come up on ROSv7 CCR2004-16G-2S+ without any issue. Our PE router (Juniper MX) sees VPNv4 /30 block advertised from an attached interface within a customers VRF (vrf-internet) on CCR2004. We can even route all the way to the CCR2004 /30 block. However there are no routes installed into the customers VRF vrf-internet other then the statically added /30 block attached to the vrf-internet on CCR2004.
Below is our running configuration on CCR2004-16G-2S running ROSv7.9. Is there anything that seems off to anyone in our config below?
Code: Select all
/interface bridge
add name=PUBGWBR
/interface bridge settings
set allow-fast-path=no
/ip address
add address=100.64.34.37 comment=CE-Loopback interface=LOOP1 network=100.64.34.37
add address=100.64.20.37/22 comment=CE-MPLS-p2p interface=ether1 network=100.64.20.0
add address=xxx.xxx.79.141/30 interface=PUBGWBR network=xxx.xxx.79.140
/ip vrf
add interfaces=PUBGWBR name=vrf-internet
/mpls interface
add input=yes interface=ether1 mpls-mtu=2000
/mpls ldp
add afi=ip disabled=no lsr-id=100.64.34.37 transport-addresses=100.64.34.37
/mpls ldp accept-filter
add accept=yes comment=lo0.p disabled=no prefix=100.64.34.2/32
add accept=yes comment=lo0.pe disabled=no prefix=100.64.34.1/32
add accept=no disabled=no
/mpls ldp advertise-filter
add advertise=yes comment=LOOP1 prefix=100.64.34.37/32
add advertise=no
/mpls ldp interface
add afi=ip disabled=no hello-interval=2s interface=ether1 transport-addresses=100.64.34.37
/routing bgp template
set default address-families=ip,vpnv4 as=65101 disabled=no hold-time=1m30s keepalive-time=30s output.redistribute=static router-id=100.64.34.37 routing-table=main
/routing bgp connection
add address-families=ip,vpnv4 as=65101 disabled=no hold-time=1m30s keepalive-time=30s local.address=100.64.34.37 .role=ibgp multihop=no name=lo0.pe output.no-client-to-client-reflection=yes .redistribute=static remote.address=100.64.34.1/32 \
.as=65101 router-id=100.64.34.37 routing-table=main
/routing bgp vpn
add disabled=no export.redistribute=connected,static .route-targets=65101:11 import.route-targets=65101:11 .router-id=100.64.34.37 label-allocation-policy=per-vrf name=bgp-mpls-vpn-1 route-distinguisher=65101:11 vrf=vrf-internet
I want to be clear that we do see VPNv4 routes on the CCR2004-16G-2S+ from our PE router but the VRF (vrf-internet) can not reach them.
Code: Select all
routing/route/print where afi=vpn4
Flags: A - ACTIVE; b, y - BGP-MPLS-VPN
Columns: DST-ADDRESS, GATEWAY, AFI, DISTANCE, SCOPE, TARGET-SCOPE, IMMEDIATE-GW
DST-ADDRESS GATEWAY AFI DISTANCE SCOPE TARGET-SCOPE IMMEDIATE-GW
Ay xxx.xxx.79.140/30&65101:11 PUBGWBR@vrf-internet vpn4 200 40 10 PUBGWBR
Ab xxx.xxx.79.250:1 100.64.34.1 vpn4 200 40 30 100.64.20.1%ether1
Ab 100.64.34.3/32&xxx.xxx.79.250:1 100.64.34.1 vpn4 200 40 30 100.64.20.1%ether1
Ab xxx.xxx.65.0/24&xxx.xxx.79.250:1 100.64.34.1 vpn4 200 40 30 100.64.20.1%ether1
Ab xxx.xxx.79.250/31&xxx.xxx.79.250:1 100.64.34.1 vpn4 200 40 30 100.64.20.1%ether1
Ab xxx.xx.12.0/23&xxx.xxx.79.250:1 100.64.34.1 vpn4 200 40 30 100.64.20.1%ether1
Is anyone else having an issue like this or are we just missing something? We have a ticket open with MikroTik (SUP-113133).