Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

header-navigation

Solutions

Featured solutions AI Campus and branch Data center WAN Security Service provider Cloud operator Industries
Campus and Branch

Welcome to the NOW Way to Wi-Fi

Take your networking performance to new heights with a modern, cloud-native, AI-Native architecture. Only Juniper can help you unleash the full potential of Wi-Fi 7 with our AI-Native platform for innovation.
Prepare for liftoff
Business intelligence analyst dashboard on virtual screen. Big data Graphs Charts.

AI Data Center Networking

Juniper’s AI data center solution is a quick way to deploy high performing AI training and inference networks that are the most flexible to design and easiest to manage with limited IT resources.
Find out more
Enterprise AI-Native Networking

Enterprise AI‑Native Routing

Juniper's Ai-Native routing solution delivers robust 400GbE and 800GbE capabilities for unmatched performance, reliability, and sustainability at scale.
Explore enterprise routing
Zero trust security

Ops4AI Lab

Visit our lab in Sunnyvale, CA and see our AI data center solution for yourself. You can try out your own model’s functionality and performance, too.
Visit the lab
Enterprise AI-Native Networking

Enterprise AI‑Native Routing

Juniper's Ai-Native routing solution delivers robust 400GbE and 800GbE capabilities for unmatched performance, reliability, and sustainability at scale.
Explore enterprise routing
Higher Education

Shaping Student Experiences: The NOW Way to Build Higher Education Networks

Join Juniper Networks CIO Sharon Mandell and a virtual summit of C-level IT leaders from prestigious institutions as they discuss ongoing efforts to support digital transformation.
Register to attend
Hand on tablet with healthcare overlay of graphics

Security in healthcare

In this IDC Spotlight report, discover how AI networking can automate and strengthen a healthcare ecosystem to defeat criminals and prevent loss. 
Gain insights into ecosystem security
Retail

The Future of In-Store Technologies

Join us for an enlightening webinar with Kevin McCartan, Senior IT Service Delivery Engineer at Musgrave; retail guru Jack Stratten of Insider Trends; and Christian Gilby, Director of Product Marketing at Juniper Networks, as they discuss the future of in-store technologies.
Reserve my spot

Products

Wireless access Wired access SD-WAN / SASE Routing and switching Security Mist AI™ Management software Network operating system Blueprint for AI-Native Acceleration Optics
  • Operations
ACX7020 router

Juniper ACX7020 Cloud Metro Access Router

Legacy networks simply cannot meet the demands of today’s rapidly evolving metro landscape. Unlock a new generation of highly scalable architectures and automated operations with the Juniper ACX7020. 
Learn more
EX4000 Ethernet Switch

Next-gen AI-Native EX4000 line of switches

Lack of AI innovation from your current networking vendor slowing you down? Embrace Juniper’s cloud-native, AI-Native access switches that support every level and layer, across nearly every deployment.
Discover how
The Q and AI text with an image of Bob Friday and Kedar Dhuru.

The Q&AI Podcast

Delivering practical solutions and enriching discussions, this podcast series is a vital resource for those seeking an in-depth exploration of AI's transformative potential.
Catch the latest episode

Services

Services
Services AI Care

Juniper AI Care Services Revolutionize Your Service Experience

Our industry-first AI-Native services couple AIOps with our deep expertise across the full network life cycle. You can move from reactive response to proactive insight and action.
Explore AI Care Services
Services AI Data Center

Juniper AI Data Center Deployment Services Optimize Your AI Model Runs

We use our expertise and validated designs to help design, deploy, validate and tune networks, including GPUs and storage, to get the most from your AI infrastructure operation.
Learn about AI Data Center Deployment Services

Partners

Partners

Support and Documentation

Support and Documentation

Learn

About Juniper Training Events The Feed Resources Technology learning topics Thought leadership and insights
Audience raising hands up while businessman is speaking in training at the office.

Juniper certification and training news

See the latest
Ringing of the bell

All global events

See the latest
AI-native-now

AI-Native NOW event series

Register now
Juniper's Christina Hendrix at the head of a conference table. With the text "The NOW Way to Network" overlayed, with "NOW" emphasizing the "O" in green color.

The NOW Way to Network

Watch the video series
AI Native Now

Executive insights

Dive deep with leading experts and thought leaders on all the topics that matter most to your business, from AI to network security to driving rapid, relevant transformation for your business.
Learn more
A keynote speaker giving a presentation at a conference. There are dozens of people sitting around them. The presentation is displayed via projector on all the walls in the room.

Leadership voices

Juniper Networks’ leaders operate on the front lines of creating the network of the future. Take a look around to see what’s on their minds.
Watch now
Bob Friday and Jessica Garrison speaking

Bob Friday Talks

Join Bob as he ventures into all the knowns -- and -- unknowns -- of AI.
Catch the latest episode
Documentation
Menu
License Guide
Quick Starts
Validated Designs
Home Documentation Junos OS Layer 3 VPNs User Guide for Routing Devices Layer 3 VPNs Protection and Performance Features for Layer 3 VPNs

Layer 3 VPNs User Guide for Routing Devices

keyboard_arrow_up
close
keyboard_arrow_left
Layer 3 VPNs User Guide for Routing Devices
Table of Contents Expand all
list Table of Contents
file_download PDF
{ "lLangCode": "en", "lName": "English", "lCountryCode": "us", "transcode": "en_US" }
English
ON THIS PAGE
keyboard_arrow_right

BGP PIC for Layer 3 VPNs

date_range 23-Nov-23
arrow_backward
arrow_forward

Configuring BGP PIC Edge for MPLS Layer 3 VPNs

In an MPLS VPN Layer 3 environment, it is common for customers to multihome their networks to provide link redundancy. Although the interior gateway protocol (IGP) can provide fast convergence, in certain instances, the time to resolve a link failure and provide an alternate route can be time consuming. For example, a provider edge (PE) router might be configured with 200,000 or more IP prefixes, and a PE router failure could affect many of those prefixes.

BGP Prefix-Independent Convergence (PIC) Edge allows you to install a Layer 3 VPN route in the forwarding table as an alternate path, enabling fast failover when a PE router fails or you lose connectivity to a PE router. This already installed path is used until global convergence through the IGP is resolved. Using the alternative VPN route for forwarding until global convergence is complete reduces traffic loss.

BGP PIC Edge supports multiprotocol BGP IPv4 or IPv6 VPN network layer reachability information (NLRI) resolved using any of these IGP protocols:

  • OSPF

  • IS-IS

  • LDP

  • RSVP

BGP PIC Edge does not support multicast traffic.

Before you begin:

  1. Configure LDP or RSVP.

  2. Configure an IGP: either OSPF or IS-IS.

  3. Configure a Layer 3 VPN.

  4. Configure multiprotocol BGP for either an IPv4 VPN or an IPv6 VPN.

To configure BGP PIC Edge in an MPLS Layer 3 VPN:

  1. Enable BGP PIC Edge:
    content_copy zoom_out_map
    [edit routing-instances routing-instance-name routing-options]
user@host# set protect core
    Note:

    The BGP PIC edge feature is supported on ACX Universal Metro routers and on MX Series 5G Universal Routing Platforms with MPC interfaces.

  2. Configure per-packet load balancing:
    content_copy zoom_out_map
    [edit policy-options]
user@host# set policy-statement policy-name then load-balance per-packet
  3. Apply the per-packet load balancing policy to routes exported from the routing table to the forwarding table:
    content_copy zoom_out_map
    [edit routing-options forwarding-table]
user@host# set export policy-statement-name
  4. Verify that BGP PIC Edge is working.

    From operational mode, enter the show route extensive command:

    content_copy zoom_out_map
    user@host> show route 192.0.2.6 extensive
ed.inet.0: 6 destinations, 9 routes (6 active, 0 holddown, 0 hidden)
  192.0.2.6/24 (3 entries, 2 announced)
          State: <CalcForwarding>
  TSI:
  KRT in-kernel 192.0.2.6/24 -> {indirect(1048574), indirect(1048577)}
  Page 0 idx 0 Type 1 val 9219e30
      Nexthop: Self
      AS path: [2] 3 I
      Communities: target:2:1
  Path 192.0.2.6 from 192.0.2.4 Vector len 4.  Val: 0
..
          #Multipath Preference: 255
                  Next hop type: Indirect
                  Address: 0x93f4010
                  Next-hop reference count: 2
..
                  Protocol next hop: 192.0.2.4
                  Push 299824
                  Indirect next hop: 944c000 1048574 INH Session ID: 0x3
                  Indirect next hop: weight 0x1
                  Protocol next hop: 192.0.2.5
                  Push 299824
                  Indirect next hop: 944c1d8 1048577 INH Session ID: 0x4
                  Indirect next hop: weight 0x4000
                  State: <ForwardingOnly Int Ext)>
                  Inactive reason: Forwarding use only
                  Age: 25         Metric2: 15 
                  Validation State: unverified 
                  Task: RT
                  Announcement bits (1): 0-KRT 
                  AS path: 3 I
                  Communities: target:2:1

    The output lines that contain Indirect next hop: weight follow next hops that the software can use to repair paths where a link failure occurs. The next-hop weight has one of the following values:

    • 0x1 indicates active next hops.

    • 0x4000 indicates passive next hops.

Best Practice:

On MX Series 5G Universal Routing Platforms with Modular Port Concentrators (MPCs), we strongly recommend that you enable enhanced IP network services.

To enable enhanced IP network services:

content_copy zoom_out_map
[edit chassis]
user@host# set network-services enhanced-ip

Example: Configuring BGP PIC Edge for MPLS Layer 3 VPNs

This example shows how to configure BGP prefix-independent convergence (PIC) edge, which allows you to install a Layer 3 VPN route in the forwarding table as an alternate path. This enables fast failover when a provider edge (PE) router fails or you lose connectivity to a PE router. This already installed path is used until global convergence through the interior gateway protocol (IGP) is resolved. Using the alternative VPN route for forwarding until global convergence is complete reduces traffic loss.

Requirements

No special configuration beyond device initialization is required before configuring this example.

This example uses the following hardware and software components:

  • One MX Series 5G Universal Routing Platforms with MPC interfaces to configure the BGP PIC edge feature.

  • Five routers that can be a combination of M Series Multiservice Edge Routers, MX Series 5G Universal Routing Platforms, or T Series Core Routers.

  • Junos OS Release 13.2 or later on the device with BGP PIC edge configured.

Overview

In an MPLS VPN Layer 3 environment, it is common for customers to multihome their networks to provide link redundancy. Although the interior gateway protocol (IGP) can provide fast convergence, in certain instances, the time to resolve a link failure and provide an alternate route can be time consuming. For example, a provider edge (PE) router might be configured with 200,000 or more IP prefixes, and a PE router failure could affect many of those prefixes.

This example shows two customer edge (CE) routers, Device CE1 and Device CE2. Devices PE1, PE2, and PE3 are PE routers. Device P1 is a provider core router. Only Device PE1 has BGP PIC edge configured. The example uses the P1-PE2 link (P-PE) link to simulate the loss of a section of the network.

For testing, the address 172.16.1.5/24 is added as a loopback interface address on Device CE2. The address is announced to Device PE2 and Device PE3 and is relayed by way of internal BGP (IBGP) IBGP to Device PE1. On Device PE1, there are two paths to the 172.16.1.5/24 network. These are the primary and a backup path.

Topology

Figure 1 shows the sample network.

Figure 1: BGP PIC Edge ScenarioBGP PIC Edge Scenario

CLI Quick Configuration shows the configuration for all of the devices in Figure 1.

The section Step-by-Step Procedure describes the steps on Device PE1.

Configuration

CLI Quick Configuration

To quickly configure this example, copy the following commands, paste them into a text file, remove any line breaks, change any details necessary to match your network configuration, and then copy and paste the commands into the CLI at the [edit] hierarchy level.

Device CE1

content_copy zoom_out_map
set interfaces ge-1/2/0 unit 0 family inet address 10.0.0.1/30
set interfaces lo0 unit 0 family inet address 192.168.0.1/32
set protocols bgp group ebgp type external
set protocols bgp group ebgp export send-direct
set protocols bgp group ebgp neighbor 10.0.0.2
set policy-options policy-statement send-direct from protocol direct
set policy-options policy-statement send-direct then accept
set routing-options autonomous-system 101

Device CE2

content_copy zoom_out_map
set interfaces ge-1/2/4 unit 0 family inet address 10.0.0.42/30
set interfaces ge-1/2/3 unit 0 family inet address 10.0.0.46/30
set interfaces lo0 unit 0 family inet address 192.168.0.8/32
set interfaces lo0 unit 0 family inet address 172.16.1.5/24
set protocols bgp group ebgp type external
set protocols bgp group ebgp export send-direct
set protocols bgp group ebgp neighbor 10.0.0.45
set protocols bgp group ebgp neighbor 10.0.0.41
set policy-options policy-statement send-direct from protocol direct
set policy-options policy-statement send-direct then accept
set routing-options autonomous-system 102

Device P1

content_copy zoom_out_map
set interfaces ge-1/2/1 unit 0 family inet address 10.0.0.5/30
set interfaces ge-1/2/1 unit 0 family mpls
set interfaces ge-1/2/5 unit 0 family inet address 10.0.0.17/30
set interfaces ge-1/2/5 unit 0 family mpls
set interfaces ge-1/2/2 unit 0 family inet address 10.0.0.33/30
set interfaces ge-1/2/2 unit 0 family mpls
set interfaces lo0 unit 0 family inet address 192.168.0.3/32
set protocols mpls interface ge-1/2/1.0
set protocols mpls interface ge-1/2/5.0
set protocols mpls interface ge-1/2/2.0
set protocols ospf area 0.0.0.0 interface ge-1/2/1.0
set protocols ospf area 0.0.0.0 interface ge-1/2/5.0
set protocols ospf area 0.0.0.0 interface ge-1/2/2.0
set protocols ospf area 0.0.0.0 interface lo0.0 passive
set protocols ldp interface ge-1/2/1.0
set protocols ldp interface ge-1/2/5.0
set protocols ldp interface ge-1/2/2.0
set protocols ldp interface lo0.0
set routing-options autonomous-system 100

Device PE1

content_copy zoom_out_map
set interfaces ge-1/2/0 unit 0 family inet address 10.0.0.2/30
set interfaces ge-1/2/1 unit 0 family inet address 10.0.0.6/30
set interfaces ge-1/2/1 unit 0 family mpls
set interfaces lo0 unit 0 family inet address 192.168.0.2/32
set protocols mpls interface ge-1/2/1.0
set protocols bgp group ibgp type internal
set protocols bgp group ibgp local-address 192.168.0.2
set protocols bgp group ibgp family inet unicast
set protocols bgp group ibgp family inet-vpn unicast
set protocols bgp group ibgp export nhs
set protocols bgp group ibgp neighbor 192.168.0.7
set protocols bgp group ibgp neighbor 192.168.0.6
set protocols ospf area 0.0.0.0 interface ge-1/2/1.0
set protocols ospf area 0.0.0.0 interface lo0.0 passive
set protocols ldp interface ge-1/2/1.0
set protocols ldp interface lo0.0
set policy-options policy-statement lb then load-balance per-packet
set policy-options policy-statement nhs then next-hop self
set routing-instances customer1 instance-type vrf
set routing-instances customer1 interface ge-1/2/0.0
set routing-instances customer1 route-distinguisher 100:1
set routing-instances customer1 vrf-target target:100:1
set routing-instances customer1 routing-options protect core
set routing-instances customer1 protocols bgp group ebgp type external
set routing-instances customer1 protocols bgp group ebgp neighbor 10.0.0.1
set routing-options router-id 192.168.0.2
set routing-options autonomous-system 100
set routing-options forwarding-table export lb

Device PE2

content_copy zoom_out_map
set interfaces ge-1/2/2 unit 0 family inet address 10.0.0.34/30
set interfaces ge-1/2/2 unit 0 family mpls
set interfaces ge-1/2/3 unit 0 family inet address 10.0.0.45/30
set interfaces lo0 unit 0 family inet address 192.168.0.7/32
set protocols mpls interface ge-1/2/2.0
set protocols bgp group ibgp type internal
set protocols bgp group ibgp local-address 192.168.0.7
set protocols bgp group ibgp family inet unicast
set protocols bgp group ibgp family inet-vpn unicast
set protocols bgp group ibgp export nhs
set protocols bgp group ibgp neighbor 192.168.0.2
set protocols bgp group ibgp neighbor 192.168.0.6
set protocols ospf area 0.0.0.0 interface ge-1/2/2.0
set protocols ospf area 0.0.0.0 interface lo0.0 passive
set protocols ldp interface ge-1/2/2.0
set protocols ldp interface lo0.0
set routing-instances customer1 instance-type vrf
set routing-instances customer1 interface ge-1/2/3.0
set routing-instances customer1 route-distinguisher 100:1
set routing-instances customer1 vrf-target target:100:1
set routing-instances customer1 protocols bgp group ebgp type external
set routing-instances customer1 protocols bgp group ebgp neighbor 10.0.0.46
set routing-options autonomous-system 100

Device PE3

content_copy zoom_out_map
set interfaces ge-1/2/5 unit 0 family inet address 10.0.0.18/30
set interfaces ge-1/2/5 unit 0 family mpls
set interfaces ge-1/2/4 unit 0 family inet address 10.0.0.41/30
set interfaces ge-1/2/4 unit 0 family mpls
set interfaces lo0 unit 0 family inet address 192.168.0.6/32
set protocols mpls interface ge-1/2/5.0
set protocols mpls interface ge-1/2/4.0
set protocols bgp group ibgp type internal
set protocols bgp group ibgp local-address 192.168.0.6
set protocols bgp group ibgp family inet unicast
set protocols bgp group ibgp family inet-vpn unicast
set protocols bgp group ibgp export nhs
set protocols bgp group ibgp neighbor 192.168.0.7
set protocols bgp group ibgp neighbor 192.168.0.2
set protocols ospf area 0.0.0.0 interface ge-1/2/5.0
set protocols ospf area 0.0.0.0 interface lo0.0 passive
set protocols ldp interface ge-1/2/5.0
set protocols ldp interface lo0.0
set routing-instances customer1 instance-type vrf
set routing-instances customer1 interface ge-1/2/4.0
set routing-instances customer1 route-distinguisher 100:1
set routing-instances customer1 vrf-target target:100:1
set routing-instances customer1 protocols bgp group ebgp type external
set routing-instances customer1 protocols bgp group ebgp neighbor 10.0.0.42
set routing-options autonomous-system 100

Procedure

Step-by-Step Procedure

The following example requires that you navigate various levels in the configuration hierarchy. For information about navigating the CLI, see Using the CLI Editor in Configuration Mode in the CLI User Guide.

To configure Device R1:

  1. Configure the device interfaces.

    content_copy zoom_out_map
    [edit interfaces]
user@PE1# set ge-1/2/0 unit 0 family inet address 10.0.0.2/30
user@PE1# set ge-1/2/1 unit 0 family inet address 10.0.0.6/30
user@PE1# set ge-1/2/1 unit 0 family mpls
user@PE1# set lo0 unit 0 family inet address 192.168.0.2/32

  2. Configure MPLS and LDP on the core-facing interfaces.

    content_copy zoom_out_map
    [edit protocols]
user@PE1# set mpls interface ge-1/2/1.0
user@PE1# set ldp interface ge-1/2/1.0
user@PE1# set ldp interface lo0.0

  3. Configure an IGP on the core-facing interfaces.

    content_copy zoom_out_map
    [edit protocols ospf area 0.0.0.0]
user@PE1# set interface ge-1/2/1.0
user@PE1# set interface lo0.0 passive

  4. Configure IBGP connections with the other PE devices.

    content_copy zoom_out_map
    [edit protocols bgp group ibgp]
user@PE1# set type internal
user@PE1# set local-address 192.168.0.2
user@PE1# set family inet unicast
user@PE1# set family inet-vpn unicast
user@PE1# set export nhs
user@PE1# set neighbor 192.168.0.7
user@PE1# set neighbor 192.168.0.6

  5. Configure the load-balancing policy.

    content_copy zoom_out_map
    [edit policy-options policy-statement lb]
user@PE1# set then load-balance per-packet

  6. (Optional) Configure a next-hop self policy.

    content_copy zoom_out_map
    [edit policy-options policy-statement nhs]
user@PE1# set then next-hop self

  7. Configure the routing-instance to create the CE-PE EBGP connection.

    content_copy zoom_out_map
    [edit routing-instances customer1]
user@PE1# set instance-type vrf
user@PE1# set interface ge-1/2/0.0
user@PE1# set route-distinguisher 100:1
user@PE1# set vrf-target target:100:1
user@PE1# set protocols bgp group ebgp type external
user@PE1# set protocols bgp group ebgp neighbor 10.0.0.1

  8. Enable the BGP PIC edge feature.

    content_copy zoom_out_map
    [edit routing-instances customer1]
user@PE1# set  routing-options protect core

  9. Apply the load-balancing policy.

    content_copy zoom_out_map
    [edit routing-options forwarding-table]
user@PE1# set export lb

  10. Assign the router ID and autonomous system (AS) number.

    content_copy zoom_out_map
    [edit routing-options]
user@PE1# set router-id 192.168.0.2
user@PE1# set autonomous-system 100
Results

From configuration mode, confirm your configuration by entering the show interfaces, show protocols, show policy-options, show routing-instances, and show routing-options commands. If the output does not display the intended configuration, repeat the instructions in this example to correct the configuration.

content_copy zoom_out_map
user@PE1# show interfaces
ge-1/2/0 {
    unit 0 {
        family inet {
            address 10.0.0.2/30;
        }
    }
}
ge-1/2/1 {
    unit 0 {
        family inet {
            address 10.0.0.6/30;
        }
        family mpls;
    }
}
lo0 {
    unit 0 {
        family inet {
            address 192.168.0.2/32;
        }
    }
}
content_copy zoom_out_map
user@PE1# show protocols
mpls {
    interface ge-1/2/1.0;
}
bgp {
    group ibgp {
        type internal;
        local-address 192.168.0.2;
        family inet {
            unicast;
        }
        family inet-vpn {
            unicast;
        }
        export nhs;
        neighbor 192.168.0.7;
        neighbor 192.168.0.6;
    }
}
ospf {
    area 0.0.0.0 {
        interface ge-1/2/1.0;
        interface lo0.0 {
            passive;
        }
    }
}
ldp {
    interface ge-1/2/1.0;
    interface lo0.0;
}
content_copy zoom_out_map
user@PE1# show policy-options
policy-statement lb {
    then {
        load-balance per-packet;
    }
}
policy-statement nhs {
    then {
        next-hop self;
    }
}
content_copy zoom_out_map
user@PE1# show routing-instances
customer1 {
    instance-type vrf;
    interface ge-1/2/0.0;
    route-distinguisher 100:1;
    vrf-target target:100:1;
    routing-options {
        protect core;
    }
    protocols {
        bgp {
            group ebgp {
                type external;
                peer-as 101;
                neighbor 10.0.0.1;
            }
        }
    }
}
content_copy zoom_out_map
user@PE1# show routing-options
router-id 192.168.0.2;
autonomous-system 100;
forwarding-table {
    export lb;
}

If you are done configuring the device, enter commit from configuration mode.

Verification

Confirm that the configuration is working properly.

Displaying Extensive Route Information

Purpose

Confirm that BGP PIC Edge is working.

Action

From Device PE1, run the show route extensive table customer1.inet.0 172.16.1/24 command.

content_copy zoom_out_map
user@PE1> show route extensive table customer1.inet.0 172.16.1/24 

customer1.inet.0: 7 destinations, 12 routes (7 active, 0 holddown, 0 hidden)
172.16.1.0/24 (3 entries, 2 announced)
        State: <CalcForwarding>
TSI:
KRT in-kernel 172.16.1.0/24 -> {indirect(262146), indirect(262142)}
Page 0 idx 0, (group ebgp type External) Type 1 val 0x950a62c (adv_entry)
   Advertised metrics:
     Nexthop: Self
     AS path: [100] 102 I
     Communities: target:100:1
Path 172.16.1.0 from 192.168.0.6 Vector len 4.  Val: 0
        @BGP    Preference: 170/-101
                Route Distinguisher: 100:1
                Next hop type: Indirect
                Address: 0x9514a74
                Next-hop reference count: 7
                Source: 192.168.0.6
                Next hop type: Router, Next hop index: 990
                Next hop: 10.0.0.5 via ge-1/2/1.0, selected
                Label operation: Push 299824, Push 299856(top)
                Label TTL action: prop-ttl, prop-ttl(top)
                Load balance label: Label 299824: None; Label 299856: None; 
                Session Id: 0x280002
                Protocol next hop: 192.168.0.6
                Label operation: Push 299824
                Label TTL action: prop-ttl
                Load balance label: Label 299824: None; 
                Indirect next hop: 0x96bc104 262146 INH Session ID: 0x280006
                State: <Secondary Active Int Ext ProtectionPath ProtectionCand>
                Local AS:   100 Peer AS:   100
                Age: 1:38:13    Metric2: 1 
                Validation State: unverified 
                Task: BGP_100.192.168.0.6+45824
                Announcement bits (1): 1-BGP_RT_Background 
                AS path: 102 I
                Communities: target:100:1
                Import Accepted
                VPN Label: 299824
                Localpref: 100
                Router ID: 192.168.0.6
                Primary Routing Table bgp.l3vpn.0
                Indirect next hops: 1
                        Protocol next hop: 192.168.0.6 Metric: 1
                        Label operation: Push 299824
                        Label TTL action: prop-ttl
                        Load balance label: Label 299824: None; 
                        Indirect next hop: 0x96bc104 262146 INH Session ID: 0x280006
                        Indirect path forwarding next hops: 1
                                Next hop type: Router
                                Next hop: 10.0.0.5 via ge-1/2/1.0
                                Session Id: 0x280002
                        192.168.0.6/32 Originating RIB: inet.3
                          Metric: 1                       Node path count: 1
                          Forwarding nexthops: 1
                                Nexthop: 10.0.0.5 via ge-1/2/1.0
         BGP    Preference: 170/-101
                Route Distinguisher: 100:1
                Next hop type: Indirect
                Address: 0x9515570
                Next-hop reference count: 7
                Source: 192.168.0.7
                Next hop type: Router, Next hop index: 933
                Next hop: 10.0.0.5 via ge-1/2/1.0, selected
                Label operation: Push 299856, Push 299872(top)
                Label TTL action: prop-ttl, prop-ttl(top)
                Load balance label: Label 299856: None; Label 299872: None; 
                Session Id: 0x280002
                Protocol next hop: 192.168.0.7
                Label operation: Push 299856
                Label TTL action: prop-ttl
                Load balance label: Label 299856: None; 
                Indirect next hop: 0x96bc000 262142 INH Session ID: 0x280005
                State: <Secondary NotBest Int Ext ProtectionPath ProtectionCand>
                Inactive reason: Not Best in its group - Router ID
                Local AS:   100 Peer AS:   100
                Age: 1:38:13    Metric2: 1 
                Validation State: unverified 
                Task: BGP_100.192.168.0.7+10985
                AS path: 102 I
                Communities: target:100:1
                Import Accepted
                VPN Label: 299856
                Localpref: 100
                Router ID: 192.168.0.7
                Primary Routing Table bgp.l3vpn.0
                Indirect next hops: 1   
                        Protocol next hop: 192.168.0.7 Metric: 1
                        Label operation: Push 299856
                        Label TTL action: prop-ttl
                        Load balance label: Label 299856: None; 
                        Indirect next hop: 0x96bc000 262142 INH Session ID: 0x280005
                        Indirect path forwarding next hops: 1
                                Next hop type: Router
                                Next hop: 10.0.0.5 via ge-1/2/1.0
                                Session Id: 0x280002
                        192.168.0.7/32 Originating RIB: inet.3
                          Metric: 1                       Node path count: 1
                          Forwarding nexthops: 1
                                Nexthop: 10.0.0.5 via ge-1/2/1.0
        #Multipath Preference: 255
                Next hop type: Indirect
                Address: 0x9578010
                Next-hop reference count: 4
                Next hop type: Router, Next hop index: 990
                Next hop: 10.0.0.5 via ge-1/2/1.0, selected
                Label operation: Push 299824, Push 299856(top)
                Label TTL action: prop-ttl, prop-ttl(top)
                Load balance label: Label 299824: None; Label 299856: None; 
                Session Id: 0x280002
                Next hop type: Router, Next hop index: 933
                Next hop: 10.0.0.5 via ge-1/2/1.0
                Label operation: Push 299856, Push 299872(top)
                Label TTL action: prop-ttl, prop-ttl(top)
                Load balance label: Label 299856: None; Label 299872: None; 
                Session Id: 0x280002
                Protocol next hop: 192.168.0.6
                Label operation: Push 299824
                Label TTL action: prop-ttl
                Load balance label: Label 299824: None; 
                Indirect next hop: 0x96bc104 262146 INH Session ID: 0x280006 Weight 0x1
                Protocol next hop: 192.168.0.7
                Label operation: Push 299856
                Label TTL action: prop-ttl
                Load balance label: Label 299856: None; 
                Indirect next hop: 0x96bc000 262142 INH Session ID: 0x280005 Weight 0x4000
                State: <ForwardingOnly Int Ext>
                Inactive reason: Forwarding use only
                Age: 1:38:13    Metric2: 1 
                Validation State: unverified 
                Task: RT
                Announcement bits (1): 0-KRT 
                AS path: 102 I
                Communities: target:100:1
Meaning

The Indirect next hop output lines that contain weight follow next hops that the software can use to repair paths where a link failure occurs.

The next-hop weight has one of the following values:

  • 0x1 indicates active next hops.

  • 0x4000 indicates passive next hops.

Displaying the Forwarding Table

Purpose

Check the forwarding and kernel routing-table state by using show route forwarding-table.

Action

From Device PE1, run the show route forwarding-table table customer1 destination 172.16.1.0/24 command.

content_copy zoom_out_map
user@PE1> show route forwarding-table table customer1 destination 172.16.1.0/24

Routing table: customer1.inet
Internet:
Destination        Type RtRef Next hop           Type Index    NhRef Netif
172.16.1.0/24      user     0                    ulst   262147     2
                                                 indr   262146     3
                              10.0.0.5          Push 299824, Push 299856(top)      990     2 ge-1/2/1.0
                                                 indr   262144     3
                              10.0.0.5          Push 300080, Push 299920(top)     1000     2 ge-1/2/1.0
Meaning

in addition to the forwarding and kernel routing-table state, this command shows the unilist index (262147) used by the Packet Forwarding Engine.

Displaying the OSPF Routes

Purpose

Show the OSPF route state.

Action

From Device PE1, run the show (ospf | ospf3) route detail command.

content_copy zoom_out_map
user@PE1> show ospf route detail

betsy@tp0:PE1> show ospf route detail               
Topology default Route Table:

Prefix             Path  Route      NH       Metric NextHop       Nexthop      
                   Type  Type       Type            Interface     Address/LSP
192.168.0.3        Intra Router     IP            1 ge-1/2/1.0    10.0.0.5
  area 0.0.0.0, origin 192.168.0.3, optional-capability 0x0
192.168.0.6        Intra Router     IP            2 ge-1/2/1.0    10.0.0.5
  area 0.0.0.0, origin 192.168.0.6, optional-capability 0x0
192.168.0.7        Intra Router     IP            2 ge-1/2/1.0    10.0.0.5
  area 0.0.0.0, origin 192.168.0.7, optional-capability 0x0
10.0.0.4/30        Intra Network    IP            1 ge-1/2/1.0
  area 0.0.0.0, origin 192.168.0.3, priority low
10.0.0.16/30       Intra Network    IP            2 ge-1/2/1.0    10.0.0.5
  area 0.0.0.0, origin 192.168.0.6, priority medium
10.0.0.32/30       Intra Network    IP            2 ge-1/2/1.0    10.0.0.5
  area 0.0.0.0, origin 192.168.0.7, priority medium
192.168.0.2/32     Intra Network    IP            0 lo0.0
  area 0.0.0.0, origin 192.168.0.2, priority low
192.168.0.3/32     Intra Network    IP            1 ge-1/2/1.0    10.0.0.5
  area 0.0.0.0, origin 192.168.0.3, priority medium
192.168.0.6/32     Intra Network    IP            2 ge-1/2/1.0    10.0.0.5
  area 0.0.0.0, origin 192.168.0.6, priority medium
  session-id: 2621446, version: 1 
192.168.0.7/32     Intra Network    IP            2 ge-1/2/1.0    10.0.0.5
  area 0.0.0.0, origin 192.168.0.7, priority medium
  session-id: 2621450, version: 1
Meaning

The output shows the tracked session IDs for the loopback interface addresses on Devices PE2 and PE3.

Related Documentation

arrow_backward PREVIOUS Next-Hop Based Tunnels for Layer 3 VPNs
NEXT arrow_forward Egress Protection in Layer 3 VPNs
footer-navigation

© 1999 - 2025 Juniper Networks, Inc. All rights reserved.

Scroll to top