AM,
1. why don't you have CE to get inet access via PE1 since PE1's inet.0 table
should have inet access as well? It would be much easier.
2. Assumming only PE2's inet.0 table has inet access, then you will need to
create 2 vrf instances:
sort of like hub and spokes model and you will need BGP between Hub PE (PE2)
and Hub CE(CE2).
the spokes-to-hub vrf imports the public and VPN routes of CE1 into Hub CE's
routing table. Hub CE then
export them out back to Hub PE via hub-to-spokes vrf. You then can
configure a rib group and bgp import policy
install CE1's public routes into Hub PE's inet.0 as well.
example:
root@PE2# show routing-instances
VPNA-Hub-to-Spokes {
instance-type vrf;
interface ge-1/0/0.0;
route-distinguisher 10.0.0.7:189;
vrf-import null;
vrf-export hub;
routing-options {
static {
route 0.0.0.0/0 next-table inet.0; # export 0/0 to CE1
}
}
protocols {
bgp {
import import-spokece-public-to-inet0;
group to-ce-a9 {
type external;
family inet {
unicast {
rib-group vpna-to-inet0;
}
}
peer-as 65535;
neighbor 10.7.0.2;
}
}
}
}
VPNA-Spokes-to-Hubs {
instance-type vrf;
interface ge-1/0/0.1;
route-distinguisher 10.0.0.7:1;
vrf-import spokes;
vrf-export null;
protocols {
bgp {
group to-ce-a9 {
type external;
peer-as 65535;
neighbor 10.9.0.1;
}
}
}
}
policy-statement spokes {
term a {
from {
protocol bgp;
community VPN-A;
}
then accept;
}
term b {
then reject;
}
}
policy-statement hub {
term a {
from protocol bgp;
then {
community add VPN-A;
accept;
}
}
term b {
from {
protocol static;
route-filter 0.0.0.0/0 exact;
}
then {
community add VPN-A;
accept;
}
}
}
policy-statement import-spokece-public-to-inet0 {
term a {
from {
protocol bgp;
rib VPNA-Hub-to-Spokes.inet.0;
community [ ce-public ce-vpn ];
}
then accept;
}
term b {
from {
protocol bgp;
community ce-public;
}
then accept;
}
term c {
then reject;
}
}
policy-statement null {
then reject;
}
community VPN-A members target:123:19;
community ce-public members 1:1;
community ce-vpn members 1:2;
-----Original Message-----
From: AM Shaikh [mailto:junosuser@yahoo.com]
Sent: Saturday, February 02, 2002 12:22 AM
To: juniper-nsp@puck.nether.net
Subject: [j-nsp] importing VRF Route into inet.0
Hi
Can someone tell me how to import VRF routes into inet.0. The scenario is
like this
CE --- PE1 ----- PE2
PE1 has the VRF for CE. I want the CE to get internet access via PE2. So I
created a VRF in PE2 and created a default route to inet.0.
Now the question is how to get the routes inside the VRF in PE2 into inet.0
so that PE2 can route packets back to CE via PE1.
I tried RIB Groups in PE2 .. created RIB importing VRF routes to inet.0 and
inside VRF put a satement in protocol bgp for the rib group. But it deosn't
seem to work ...
Pls advise.
Thanx in advance
Rgds
AM
-----Original Message-----
From: AM Shaikh [mailto:junosuser@yahoo.com]
Sent: Saturday, February 02, 2002 12:22 AM
To: juniper-nsp@puck.nether.net
Subject: [j-nsp] importing VRF Route into inet.0
Hi
Can someone tell me how to import VRF routes into inet.0. The scenario is
like this
CE --- PE1 ----- PE2
PE1 has the VRF for CE. I want the CE to get internet access via PE2. So I
created a VRF in PE2 and created a default route to inet.0.
Now the question is how to get the routes inside the VRF in PE2 into
inet.0 so that PE2 can route packets back to CE via PE1.
I tried RIB Groups in PE2 .. created RIB importing VRF routes to inet.0
and inside VRF put a satement in protocol bgp for the rib group. But it
deosn't seem to work ...
Pls advise.
Thanx in advance
Rgds
AM
This archive was generated by hypermail 2b29 : Mon Aug 05 2002 - 10:42:39 EDT