Connecting Versa SD-WAN overlay service with MPLS L3VPN overlay service using Inter-AS Option B

Introduction

MPLS-InterAS Routing Instance

VRF-Tenant-1

Validation

VOS CLI Configuration

Example Service Provider Configurations (Basic)

Introduction

This article covers the use case of Versa Operating System (VOS) as a gateway between a MPLS network and a Versa SD-WAN network, while serving multiple tenants and their Virtual Routing and Forwarding (VRFs). For this case Inter-AS option B (RFC 4364) will be used. Below is a quick high-level review of Inter-AS option A and option B for reference. Internet sources are available for a more in-depth look at Inter-AS options and the comparison between them.

• Inter-AS option A – Peering ASBRs are connected by multiple sub-interfaces. Each ASBR associates each sub interface with a VRF and utilizes EBGP to distribute unlabeled IPv4 addresses. Benefits of this option are less configuration complexity when compared with option B and support for IP Quality of Service (QoS) mechanisms that operate on IP traffic can be maintained. A drawback of this approach is the requirement for a BGP session per sub-interface causing network growth scalability concerns.
• Inter-AS option B – Peering ASBRs are connected by a single interface. MP-BGP is leveraged between ASBRs to signal VPN labels. A benefit of this approach when compared to option A is the single interface and BGP session requirement providing better network growth scalability. Drawbacks of this approach are increased configuration complexity when compared with option A and that QoS mechanisms that operate on IP traffic cannot be maintained.

VOS is verified to interoperate with the major vendors (Juniper/Cisco/Alcatel) configured for option L3VPN Inter-AS option B. Inter-AS option A is also supported by VOS but will not be discussed in this article. Special attention should be paid to the following design and configuration details when utilizing Inter-AS option B.

• SP ASBR is not configured as a route-reflector for vpnv4 AFI/SAFI. By default, vpnv4 routing updates received on the SP ASBR from SP PEs will be dropped and not advertised to VOS ASBR. SP ASBR must have specific knobs configured to keep vpnv4 prefixes.
  • – For Junos: “keep all”
  • – For IOS: “no bgp default route-target filter”
  • – For IOS-XR: “retain route-target all”
• Inside the MPLS provider traffic is encapsulated in a transport LSP (LDP/RSVP/BGP-LU based).
• Inside the SD-WAN provider traffic is encapsulated in VXLAN tunnels.
• Traffic between AS boundaries (ASBR <—>VOS ASBR) is encapsulated in GRE to ensure the vpnv4 label is not on top of the stack between boundaries.

The below picture presents the high-level topology used for this article. From the SP perspective in this topology, PE-1, PE-2, and ASBR are the service provider devices that serve the Tenant-1 VRF (Acme). VRFs are configured on the SP PE devices and not on the SP ASBR. To support InterAS option B VOS will be configured with the following VRs.

• MPLS-InterAS – Virtual router instance running MP-BGP between the SP ASBR and the VOS ASBR.
• VRF-Tenant-1 (VRF-Tenant-Acme in this example) – One VRF corresponding to each MPLS customer.
• Tenant-LAN-VR and Tenant-Control-VR (Acme-Control-VR in this example) are existing VRs within the Versa solution (Director UI->Configuration->Templates->Device Templates).

The Versa SD-WAN solution supports the capability to configure variables in both the Device Template and Service Template allowing for the same Device and/or Service Template to be used for multiple like devices. This feature allows for common configuration items to be standard, but for differences (IP addresses, AS numbers, etc.,) to be made variables and configured within the specific Device Bind Data (Director UI->Workflows->Devices->Devices). Throughout this document you will see the  symbol representing values that can be made a variable.

MPLS-InterAS Routing Instance

  Configuration will be done on the Device Template (VOS-ASBR) via the Director UI->Configuration->Templates->Device Templates. The interfaces required for the MPLS-InterAS routing instance are added by selecting Networking  , Interfaces on the left side of the Director UI. Select Ethernet and add a vni interface for the physical connection to the SP ASBR as shown below.   Add a BGP local loopback tvi interface as shown below. Add a tvi interface supporting GRE as shown below. This point-to-multipoint tunnel interface will be used to create a dynamic tunnel interface for data plane communication. Navigate to Networking , select Virtual Routers and click the + to add the MPLS-Inter-AS routing instance. Under Virtual Router Details add a Virtual Router named MPLS-InterAS as follows. Ensure that MPLS VPN Core and Create dynamic GRE tunnels are checked. Select BGP and click the + to add a BGP instance. Configure the information as follows on the BGP instance General tab. Configure the peer group for the SP ASBR on the Peer Group tab as follows and then click on Neighbors and the + to add neighbors to the group. Configure the SP ASBR neighbor as follows. Be sure to click the + when adding Family information. Click OK until you are back to the Virtual Routing Instance, select Redistribution Policies, and click the + to add a Redistribution Policy. Under the General tab click + to add a Redistribution Policy, name the policy and then click + to add a term. Create the following 2 Term Names and Match conditions as below. Note that for there are a full scope of match conditions and actions that can be configured, but for the purposes of this article the simplest approach is being taken. Click OK until you are back to Redistribution Policies, select the Redistribute To tab, click the +, and add configuration as below. Click OK until you return to the Device Template screen. The additional interfaces and Virtual routers will need to be added to the correct Organization in the Device Template Others tab. Within the Others  tab click on Limits and then select the SP parent organization (in this case Provider). Select the Traffic Identification tab and add the new interfaces (vni-0/4.0, tvi-0/101.0, and tvi-0(102.0) under the Interfaces section. Select the Resources tab and add MPLS-InterAS routing instance to Available Routing Instances (first) and then to Owned Routing Instances. Clock OK. Click on Commit Template to commit the configuration to the Device. After committing to the Device, the interfaces can be seen in the Director UI via the Administration->Appliances->Appliance Name (in this case VOS-ASBR-1)->Configuration-> Networking ->Interfaces. Checking the Device-Monitor tab we see that the SP ASBR neighbor is up, and we are receiving the vpnv4 prefix from Tenant-1 (Acme) in the MPLS-InterAS routing instance.

VRF-Tenant-1 (VRF-Tenant-Acme)

For this article, the remaining additional configuration to create the VRF-Tenant-1 (VRF-Tenant-Acme) routing instance and its’ BGP connectivity to the Tenant-1-LAN-VR (Acme-LAN-VR) will be completed in the Device Template. Service Templates can also be considered in a production environment to facilitate multiple tenant configuration. In the VOS-ASBR Device Template (Director GUI->Configuration->Templates->Device Templates->VOS-ASBR) select Networking , Interfaces on the left side of the Director UI. Configure the following interfaces. Click + to configure a new tunnel interface and sub-interface (+) as below. Ensure that Tunnel Type is Paired, and an interface number is assigned for the paired interface. The paired interface will be created automatically and will need to have an IP address assigned. These paired interfaces will be utilized for BGP between the VRF-Tenant-1 (VRF-Tenant-Acme) routing instance and the Tenant-1-LAN-VR (Acme-LAN-VR). Navigate to Networking , select Virtual Routers and click the + to add the VRF-Tenant-1 (VRF-Tenant-Acme). Under Virtual Router Details add a Virtual Router named VRF-Tenant-1 (VRF-Tenant-Acme). Ensure the configuration is in line with the following key points.

• Instance Type = Virtual routing forwarding instance
• MPLS Transport routing instance = MPLS-InterAS routing instance
• Route Distinguisher = should not be a value present in the MPLS l3vpn domain
• VRF Both Target = should match the RT assigned in the MPLS l3vpn domain (if the import and export RT values are different, the VRF Import Target and VRF Export Target can be used).
• Interfaces/Networks = The paired interface created for BGP with the LAN-VR.

Select BGP and click the + to add a BGP instance. Configure the information as follows on the BGP instance General tab. Configure the peer group on the Peer Group tab as follows and then click on Neighbors and the + to add neighbors to the group. Configure the neighbor as follows. Click OK until you are back to the Virtual Routing Instance, select Redistribution Policies, and click the + to add a Redistribution Policy. Under the General tab click + to add a Redistribution Policy, name the policy and then click + to add a term. Create a Term Name and Match condition as below. Note that for there are a full scope of match conditions and actions that can be configured, but for the purposes of this article the simplest approach is being taken. Click OK until you are back to Redistribution Policies, select the Redistribute To tab, click the +, and add configuration as below. Click OK until you return to the Device Template screen. Now the Tenant-1-LAN-VR (Acme-LAN-VR) needs the new tvi interfaces added and configured for BGP with the VRF-Tenant-1 (VRF-Tenant-Acme). In Networking  , Virtual Routers select the VRF-Tenant-1 (VRF-Tenant-Acme) routing instance. Under Virtual Router Details add the newly created interface (tvi-0/1002.0) to the Interfaces/Networks. Select BGP and click the + to add a BGP instance. Configure the Virtual Router BGP instance as follows. Configure the peer group on the Peer Group tab as follows and then click on Neighbors and the + to add neighbors to the group. Configure the neighbor as follows. Click OK until you are back to the Virtual Routing Instance, select Redistribution Policies, and select the Default-Policy-To-BGP. Click on + and configure as follows. Note that for there are a full scope of match conditions and actions that can be configured, but for the purposes of this article the simplest approach is being taken. Click OK until you return to the Device Template screen. The additional interfaces and Virtual Router will need to be added to the correct Organization in the Device Template Others tab. Within the Others tab, click on Limits and then select the SP parent organization (in this case Provider). Select the Traffic Identification tab and add the new interfaces (tvi-0/1001.0) under the Interfaces section. Select the Resources tab and add VRF-Tenant-1 (VRF-Tenant-Acme) routing instance to Available Routing Instances (first) and then to Owned Routing Instances. Click OK. Within the Others tab, click on Limits and then select the Tenant-1 organization (in this case Acme). Select the Traffic Identification tab and add the new interfaces (tvi-0/1002.0) under the Interfaces section and then click OK. Click on Commit Template to commit the configuration to the Device. After committing to the Device, the interfaces can be seen in the Director GUI via the Administration->Appliances->Appliance Name (in this case VOS-ASBR-1)->Configuration-> Networking ->Interfaces. Checking Networking ->Virtual Routers the additional routing instances can be seen configured. Checking the Device-Monitor tab we see that the BGP neighbors are up, and we are receiving the ipv4 prefix from Tenant-1 (Acme) in the LAN-VR (Acme-LAN-VR).

Validation

Let’s review the outcome of the configuration that is now in place.

• The MPLS customer prefix (192.168.100.0/24) is learned via the VOS-ASBR MPLS InterAS routing instance (l3vpn), the RT (100:110) is imported into the VRF-Tenant-Acme (ipv4), advertised via BGP to the Acme-LAN-VR (ipv4), and then advertised into the Acme-Control-VR(l3vpn).
• The Branch-1 location learns the prefix in the Acme-Control-VR (l3vpn) and imports the route into the Acme-LAN-VR (ipv4).
• The VOS branch customer prefix (172.16.255.0/24) is exported from the Acme-LAN-VR (ipv4) to the Acme-Control-VR (l3vpn).
• The VOS-ASBR learns the prefix from the Acme-Control-VR (l3vpn), imports the route into the Acme-LAN-VR (ipv4), advertises the route to VRF-Tenant-Acme (ipv4), and then exports the prefix to the MPLS-InterAS (l3vpn) routing instance.
• The SP ASBR learns the VOS customer prefix (172.16.255.0/24) via MP-BGP (l3vpn) with a unique RD and advertises the prefix via MPLS to PE-1 with the Acme RT (100:110) assigned, where PE-1 imports the prefix into the Acme VRF (ipv4).

VOS-ASBR-1 has all the required routing instances configured to support InterAS connectivity to the SP MPLS network and Tenant-1 (Acme). Additional tenants can be supported by creating a VRF-Tenant VR, import/export with the existing MPLS-InterAS routing instance and split-tunnel BGP with the additional Tenant-LAN-VR.   SP MPLS customer prefix. SD-WAN customer prefix.     As seen below, the MPLS customer route (192.168.100.0/24) is present in the Acme-LAN-VR at VOS Branch-1 and can be pinged successfully. Traffic between AS boundaries (ASBR <—>VOS ASBR) is encapsulated in GRE to ensure the vpnv4 label is not on top of the stack between boundaries.

Example SP Configurations (Basic)

JUNOS *Junos example PE-1

admin@PE1> show configuration routing-instances Tenant-1
instance-type vrf;
interface ge-0/0/4.0;
route-distinguisher 192.168.100.1:65000;
vrf-target target:100:110;
vrf-table-label;

*Junos example ASBR

admin@ASBR> show configuration interfaces gr-0/0/0 | display set
set interfaces gr-0/0/0 unit 0 tunnel source 192.168.4.1<<< BGP local address
set interfaces gr-0/0/0 unit 0 tunnel destination 192.168.4.254<<<BGP peer address
set interfaces gr-0/0/0 unit 0 family inet
set interfaces gr-0/0/0 unit 0 family mpls

admin@ASBR> show configuration routing-options | display set
set routing-options interface-routes rib-group inet if-rib
set routing-options rib inet.3 static route 192.168.4.254/32 next-hop gr-0/0/0.0 <<<
set routing-options static route 192.168.4.254/32 next-hop 192.168.4.2
set routing-options rib-groups if-rib import-rib inet.0
set routing-options rib-groups if-rib import-rib inet.3
set routing-options router-id 192.168.255.2
set routing-options autonomous-system 65000

admin@ASBR> show configuration protocols bgp group inter-as | display set
set protocols bgp group inter-as type external
set protocols bgp group inter-as local-address 192.168.4.1
set protocols bgp group inter-as keep all <<< to retain vpnv4 pref even if there is no matching RT
set protocols bgp group inter-as family inet-vpn unicast
set protocols bgp group inter-as peer-as 65000
set protocols bgp group inter-as neighbor 192.168.4.254 multihop ttl 64

Cisco IOS **additional BGP neighbor required due to IOS version to support single GRE encapsulation in each direction (config similar to JUNOS rib inet.3 static route not supported). *Cisco IOS example PE-1

hostname PE-1
!
vrf definition acme
rd 192.168.100.1:65000
!
address-family ipv4
route-target export 100:110
route-target import 100:110
exit-address-family

  *Cisco example ASBR

ASBR#
!
interface Ethernet0/1
description to Versa
ip address 192.168.4.1 255.255.255.252
mpls bgp forwarding
end
!
interface Tunnel1
ip address 10.1.1.1 255.255.255.252<<<local BGP for Cisco->Versa GRE
ip mtu 1400
ip tcp adjust-mss 1360
mpls bgp forwarding
tunnel source 192.168.4.1
tunnel destination 192.168.4.254
!
ip route 192.168.4.254 255.255.255.255 192.168.4.2 <<< Remote BGP for Versa->Cisco GRE
!
router bgp 65000
no bgp default ipv4-unicast
no bgp default route-target filter <<< to retain vpnv4 pref even if there is no matching RT
bgp log-neighbor-changes
neighbor 10.1.1.2 remote-as 65001
neighbor 10.1.1.2 ebgp-multihop 5
neighbor 192.168.4.254 remote-as 65001
neighbor 192.168.4.254 ebgp-multihop 5
neighbor 192.168.255.3 remote-as 65000
neighbor 192.168.255.3 update-source Loopback1
!
address-family ipv4
no synchronization
no auto-summary
exit-address-family
!
address-family vpnv4
neighbor 10.1.1.2 activate
neighbor 10.1.1.2 send-community both
neighbor 192.168.4.254 activate
neighbor 192.168.4.254 send-community both
neighbor 192.168.255.3 activate
neighbor 192.168.255.3 send-community both
neighbor 192.168.255.3 next-hop-self
exit-address-family




neighbor 10.1.1.2 ebgp-multihop 5
neighbor 192.168.4.254 remote-as 65001
neighbor 192.168.4.254 ebgp-multihop 5
neighbor 192.168.255.3 remote-as 65000
neighbor 192.168.255.3 update-source Loopback1
!
address-family ipv4
no synchronization
no auto-summary
exit-address-family
!
address-family vpnv4
neighbor 10.1.1.2 activate
neighbor 10.1.1.2 send-community both
neighbor 192.168.4.254 activate
neighbor 192.168.4.254 send-community both
neighbor 192.168.255.3 activate
neighbor 192.168.255.3 send-community both
neighbor 192.168.255.3 next-hop-self
exit-address-family

VOS Cli Configuration:

VOS-ASBR-1

####################
Interfaces
####################


set interfaces vni-0/4 description "Connection to SP ASBR"
set interfaces vni-0/4 enable true
set interfaces vni-0/4 promiscuous false
set interfaces vni-0/4 unit 0 enable true
set interfaces vni-0/4 unit 0 family
set interfaces vni-0/4 unit 0 family inet
set interfaces vni-0/4 unit 0 family inet address 192.168.4.2/30
set interfaces vni-0/4 unit 0 family inet6
set interfaces vni-0/4 unit 0 family inet6 mode router
set interfaces vni-0/4 ether-options link-speed auto
set interfaces vni-0/4 ether-options link-mode auto

!!Only required for certain Cisco IOS versions, not required on JUNOS!!
set interfaces tvi-0/100 enable true
set interfaces tvi-0/100 mtu 1400
set interfaces tvi-0/100 mode ipsec
set interfaces tvi-0/100 type gre
set interfaces tvi-0/100 tunnel source 192.168.4.254
set interfaces tvi-0/100 tunnel destination 192.168.4.1
set interfaces tvi-0/100 tunnel routing-instance MPLS-InterAS
set interfaces tvi-0/100 unit 0 enable true
set interfaces tvi-0/100 unit 0 family
set interfaces tvi-0/100 unit 0 family inet
set interfaces tvi-0/100 unit 0 family inet address 10.1.1.2/30
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!


set interfaces tvi-0/1001 description "VRF-Tenant-Acme Split-Tunnel Interface"
set interfaces tvi-0/1001 enable true
set interfaces tvi-0/1001 mtu 1400
set interfaces tvi-0/1001 mode ipsec
set interfaces tvi-0/1001 type paired
set interfaces tvi-0/1001 paired-interface tvi-0/1002
set interfaces tvi-0/1001 unit 0 enable true
set interfaces tvi-0/1001 unit 0 family
set interfaces tvi-0/1001 unit 0 family inet
set interfaces tvi-0/1001 unit 0 family inet address 192.168.254.1/30


set interfaces tvi-0/1002 description "Acme-LAN-VR Split-Tunnel Interface"
set interfaces tvi-0/1002 enable true
set interfaces tvi-0/1002 mtu 1400
set interfaces tvi-0/1002 mode ipsec
set interfaces tvi-0/1002 type paired
set interfaces tvi-0/1002 paired-interface tvi-0/1001
set interfaces tvi-0/1002 unit 0 enable true
set interfaces tvi-0/1002 unit 0 family
set interfaces tvi-0/1002 unit 0 family inet
set interfaces tvi-0/1002 unit 0 family inet address 192.168.254.2/30


set interfaces tvi-0/101 description tvi-bgp-local-loopback
set interfaces tvi-0/101 enable true
set interfaces tvi-0/101 mtu 1400
set interfaces tvi-0/101 mode ipsec
set interfaces tvi-0/101 type ipsec
set interfaces tvi-0/101 unit 0 enable true
set interfaces tvi-0/101 unit 0 family
set interfaces tvi-0/101 unit 0 family inet
set interfaces tvi-0/101 unit 0 family inet address 192.168.4.254/32


set interfaces tvi-0/102 description dummy-tvi-for-gre
set interfaces tvi-0/102 enable true
set interfaces tvi-0/102 mtu 1400
set interfaces tvi-0/102 mode ipsec
set interfaces tvi-0/102 type p2mp-gre
set interfaces tvi-0/102 unit 0 enable true
set interfaces tvi-0/102 unit 0 family
set interfaces tvi-0/102 unit 0 family inet
set interfaces tvi-0/102 unit 0 family inet address 192.168.255.9/30




####################
orgs
####################


set orgs org Provider available-routing-instances [ MPLS-InterAS MPLS-Transport-VR VRF-Tenant-Acme Provider-Control-VR Provider-LAN-VR ]
set orgs org Provider owned-routing-instances [ MPLS-InterAS MPLS-Transport-VR VRF-Tenant-Acme Provider-Control-VR Provider-LAN-VR ]


####################
routing-instances
####################


set routing-instances Acme-LAN-VR interfaces [ tvi-0/1002.0 ]
set routing-instances Acme-LAN-VR protocols bgp 1 shutdown false
set routing-instances Acme-LAN-VR protocols bgp 1 route-flap free-max-time 180
set routing-instances Acme-LAN-VR protocols bgp 1 route-flap reuse-max-time 60
set routing-instances Acme-LAN-VR protocols bgp 1 route-flap reuse-size 256
set routing-instances Acme-LAN-VR protocols bgp 1 route-flap reuse-array-size 1024
set routing-instances Acme-LAN-VR protocols bgp 1 graceful-restart helper enable
set routing-instances Acme-LAN-VR protocols bgp 1 prefix-limit
set routing-instances Acme-LAN-VR protocols bgp 1 prefix-limit action drop
set routing-instances Acme-LAN-VR protocols bgp 1 router-id 192.168.254.2
set routing-instances Acme-LAN-VR protocols bgp 1 local-as as-number 1002
set routing-instances Acme-LAN-VR protocols bgp 1 group EBGP-AS1001 type external
set routing-instances Acme-LAN-VR protocols bgp 1 group EBGP-AS1001 peer-as 1001
set routing-instances Acme-LAN-VR protocols bgp 1 group EBGP-AS1001 shutdown false
set routing-instances Acme-LAN-VR protocols bgp 1 group EBGP-AS1001 prefix-limit
set routing-instances Acme-LAN-VR protocols bgp 1 group EBGP-AS1001 prefix-limit action drop
set routing-instances Acme-LAN-VR protocols bgp 1 group EBGP-AS1001 local-address tvi-0/1002.0
set routing-instances Acme-LAN-VR protocols bgp 1 group EBGP-AS1001 neighbor 192.168.254.1 prefix-limit
set routing-instances Acme-LAN-VR protocols bgp 1 group EBGP-AS1001 neighbor 192.168.254.1 prefix-limit action drop
set routing-instances Acme-LAN-VR protocols bgp 1 group EBGP-AS1001 neighbor 192.168.254.1 shutdown false


set routing-instances MPLS-InterAS instance-type virtual-router
set routing-instances MPLS-InterAS policy-options redistribution-policy To-BGP term Direct match protocol direct
set routing-instances MPLS-InterAS policy-options redistribution-policy To-BGP term Direct action accept
set routing-instances MPLS-InterAS policy-options redistribution-policy To-BGP term Direct action set-origin igp
set routing-instances MPLS-InterAS policy-options redistribution-policy To-BGP term BGP match protocol bgp
set routing-instances MPLS-InterAS policy-options redistribution-policy To-BGP term BGP action accept
set routing-instances MPLS-InterAS policy-options redistribution-policy To-BGP term BGP action set-origin igp
set routing-instances MPLS-InterAS policy-options redistribute-to-bgp To-BGP
set routing-instances MPLS-InterAS mpls-vpn-core
set routing-instances MPLS-InterAS interfaces [ tvi-0/100.0 tvi-0/101.0 tvi-0/102.0 vni-0/4.0 ]
set routing-instances MPLS-InterAS routing-options create-dynamic-gre-tunnels
set routing-instances MPLS-InterAS routing-options mpls-vpn-local-router-address 192.168.4.254
set routing-instances MPLS-InterAS protocols bgp 1 description Inter-AS
set routing-instances MPLS-InterAS protocols bgp 1 shutdown false
set routing-instances MPLS-InterAS protocols bgp 1 versa-private-tlv site-information announce-local false
set routing-instances MPLS-InterAS protocols bgp 1 versa-private-tlv site-information announce-remote false
set routing-instances MPLS-InterAS protocols bgp 1 route-flap free-max-time 180
set routing-instances MPLS-InterAS protocols bgp 1 route-flap reuse-max-time 60
set routing-instances MPLS-InterAS protocols bgp 1 route-flap reuse-size 256
set routing-instances MPLS-InterAS protocols bgp 1 route-flap reuse-array-size 1024
set routing-instances MPLS-InterAS protocols bgp 1 graceful-restart helper enable
set routing-instances MPLS-InterAS protocols bgp 1 prefix-limit
set routing-instances MPLS-InterAS protocols bgp 1 prefix-limit action drop

!!Only required for certain Cisco IOS versions, not required on JUNOS!!
set routing-instances MPLS-InterAS protocols bgp 1 routing-peer-policy Allow-All term Allow-All match family inet-vpn
set routing-instances MPLS-InterAS protocols bgp 1 routing-peer-policy Allow-All term Allow-All action accept
set routing-instances MPLS-InterAS protocols bgp 1 routing-peer-policy Allow-All term Allow-All action extended-community 999:999
set routing-instances MPLS-InterAS protocols bgp 1 routing-peer-policy Allow-All term Allow-All action set-origin igp
set routing-instances MPLS-InterAS protocols bgp 1 routing-peer-policy Allow-All term Allow-All action rib-bgp-ecmp false
set routing-instances MPLS-InterAS protocols bgp 1 routing-peer-policy Deny-All term Deny-VPNV4 match family inet-vpn
set routing-instances MPLS-InterAS protocols bgp 1 routing-peer-policy Deny-All term Deny-VPNV4 action reject
set routing-instances MPLS-InterAS protocols bgp 1 routing-peer-policy Deny-All term Deny-VPNV4 action rib-bgp-ecmp false
set routing-instances MPLS-InterAS protocols bgp 1 routing-peer-policy Deny-All term Allow-All match family inet
set routing-instances MPLS-InterAS protocols bgp 1 routing-peer-policy Deny-All term Allow-All action accept
set routing-instances MPLS-InterAS protocols bgp 1 routing-peer-policy Deny-All term Allow-All action rib-bgp-ecmp false
set routing-instances MPLS-InterAS protocols bgp 1 routing-peer-policy To-ASBR term Deny-999 match community 999:999
set routing-instances MPLS-InterAS protocols bgp 1 routing-peer-policy To-ASBR term Deny-999 action reject
set routing-instances MPLS-InterAS protocols bgp 1 routing-peer-policy To-ASBR term Deny-999 action rib-bgp-ecmp false
set routing-instances MPLS-InterAS protocols bgp 1 routing-peer-policy To-ASBR term Allow-All action accept
set routing-instances MPLS-InterAS protocols bgp 1 routing-peer-policy To-ASBR term Allow-All action rib-bgp-ecmp false
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

set routing-instances MPLS-InterAS protocols bgp 1 router-id 192.168.4.254
set routing-instances MPLS-InterAS protocols bgp 1 local-as as-number 65001
set routing-instances MPLS-InterAS protocols bgp 1 group Inter-AS-SP-ASBR type external
set routing-instances MPLS-InterAS protocols bgp 1 group Inter-AS-SP-ASBR description "BGP Peer Group to SP ASBR"
set routing-instances MPLS-InterAS protocols bgp 1 group Inter-AS-SP-ASBR export To-ASBR
set routing-instances MPLS-InterAS protocols bgp 1 group Inter-AS-SP-ASBR shutdown false
set routing-instances MPLS-InterAS protocols bgp 1 group Inter-AS-SP-ASBR prefix-limit
set routing-instances MPLS-InterAS protocols bgp 1 group Inter-AS-SP-ASBR prefix-limit action drop

!!Only required for certain Cisco IOS versions, not required on JUNOS!!
set routing-instances MPLS-InterAS protocols bgp 1 group Inter-AS-SP-ASBR neighbor 10.1.1.1 prefix-limit
set routing-instances MPLS-InterAS protocols bgp 1 group Inter-AS-SP-ASBR neighbor 10.1.1.1 prefix-limit action drop
set routing-instances MPLS-InterAS protocols bgp 1 group Inter-AS-SP-ASBR neighbor 10.1.1.1 local-address tvi-0/100.0
set routing-instances MPLS-InterAS protocols bgp 1 group Inter-AS-SP-ASBR neighbor 10.1.1.1 family inet unicast
set routing-instances MPLS-InterAS protocols bgp 1 group Inter-AS-SP-ASBR neighbor 10.1.1.1 family inet unicast prefix-limit-control action drop
set routing-instances MPLS-InterAS protocols bgp 1 group Inter-AS-SP-ASBR neighbor 10.1.1.1 family inet-vpn unicast
set routing-instances MPLS-InterAS protocols bgp 1 group Inter-AS-SP-ASBR neighbor 10.1.1.1 family inet-vpn unicast prefix-limit-control action drop
set routing-instances MPLS-InterAS protocols bgp 1 group Inter-AS-SP-ASBR neighbor 10.1.1.1 import Deny-All
set routing-instances MPLS-InterAS protocols bgp 1 group Inter-AS-SP-ASBR neighbor 10.1.1.1 export To-ASBR
set routing-instances MPLS-InterAS protocols bgp 1 group Inter-AS-SP-ASBR neighbor 10.1.1.1 peer-as 65000
set routing-instances MPLS-InterAS protocols bgp 1 group Inter-AS-SP-ASBR neighbor 10.1.1.1 shutdown false
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

set routing-instances MPLS-InterAS protocols bgp 1 group Inter-AS-SP-ASBR neighbor 192.168.4.1 prefix-limit
set routing-instances MPLS-InterAS protocols bgp 1 group Inter-AS-SP-ASBR neighbor 192.168.4.1 prefix-limit action drop
set routing-instances MPLS-InterAS protocols bgp 1 group Inter-AS-SP-ASBR neighbor 192.168.4.1 local-address tvi-0/101.0
set routing-instances MPLS-InterAS protocols bgp 1 group Inter-AS-SP-ASBR neighbor 192.168.4.1 family inet unicast
set routing-instances MPLS-InterAS protocols bgp 1 group Inter-AS-SP-ASBR neighbor 192.168.4.1 family inet unicast prefix-limit-control action drop
set routing-instances MPLS-InterAS protocols bgp 1 group Inter-AS-SP-ASBR neighbor 192.168.4.1 family inet-vpn unicast
set routing-instances MPLS-InterAS protocols bgp 1 group Inter-AS-SP-ASBR neighbor 192.168.4.1 family inet-vpn unicast prefix-limit-control action drop
set routing-instances MPLS-InterAS protocols bgp 1 group Inter-AS-SP-ASBR neighbor 192.168.4.1 export Deny-All <<<Only required for certain Cisco IOS versions, not required on JUNOS
set routing-instances MPLS-InterAS protocols bgp 1 group Inter-AS-SP-ASBR neighbor 192.168.4.1 peer-as 65000
set routing-instances MPLS-InterAS protocols bgp 1 group Inter-AS-SP-ASBR neighbor 192.168.4.1 shutdown false


set routing-instances VRF-Tenant-Acme instance-type vrf
set routing-instances VRF-Tenant-Acme policy-options redistribution-policy Policy-To-BGP term BGP match protocol bgp
set routing-instances VRF-Tenant-Acme policy-options redistribution-policy Policy-To-BGP term BGP action accept
set routing-instances VRF-Tenant-Acme policy-options redistribution-policy Policy-To-BGP term BGP action set-origin igp
set routing-instances VRF-Tenant-Acme policy-options redistribute-to-bgp Policy-To-BGP
set routing-instances VRF-Tenant-Acme mpls-vpn-core-instance MPLS-InterAS
set routing-instances VRF-Tenant-Acme interfaces [ tvi-0/1001.0 ]
set routing-instances VRF-Tenant-Acme route-distinguisher 172.16.255.1:65000
set routing-instances VRF-Tenant-Acme vrf-both-target target:100:110
set routing-instances VRF-Tenant-Acme protocols bgp 1 shutdown false
set routing-instances VRF-Tenant-Acme protocols bgp 1 route-flap free-max-time 180
set routing-instances VRF-Tenant-Acme protocols bgp 1 route-flap reuse-max-time 60
set routing-instances VRF-Tenant-Acme protocols bgp 1 route-flap reuse-size 256
set routing-instances VRF-Tenant-Acme protocols bgp 1 route-flap reuse-array-size 1024
set routing-instances VRF-Tenant-Acme protocols bgp 1 graceful-restart helper enable
set routing-instances VRF-Tenant-Acme protocols bgp 1 prefix-limit
set routing-instances VRF-Tenant-Acme protocols bgp 1 prefix-limit action drop
set routing-instances VRF-Tenant-Acme protocols bgp 1 router-id 192.168.254.1
set routing-instances VRF-Tenant-Acme protocols bgp 1 local-as as-number 1001
set routing-instances VRF-Tenant-Acme protocols bgp 1 group EBGP-AS1002 type external
set routing-instances VRF-Tenant-Acme protocols bgp 1 group EBGP-AS1002 peer-as 1002
set routing-instances VRF-Tenant-Acme protocols bgp 1 group EBGP-AS1002 shutdown false
set routing-instances VRF-Tenant-Acme protocols bgp 1 group EBGP-AS1002 prefix-limit
set routing-instances VRF-Tenant-Acme protocols bgp 1 group EBGP-AS1002 prefix-limit action drop
set routing-instances VRF-Tenant-Acme protocols bgp 1 group EBGP-AS1002 local-address tvi-0/1001.0
set routing-instances VRF-Tenant-Acme protocols bgp 1 group EBGP-AS1002 neighbor 192.168.254.2 prefix-limit
set routing-instances VRF-Tenant-Acme protocols bgp 1 group EBGP-AS1002 neighbor 192.168.254.2 prefix-limit action drop
set routing-instances VRF-Tenant-Acme protocols bgp 1 group EBGP-AS1002 neighbor 192.168.254.2 shutdown false