FW: [j-nsp] L3VPN management
Chris Hellberg
Chris.Hellberg at telecom.co.nz
Fri Jul 18 00:56:56 EDT 2003
You need to kick-start the customer VPN to be able to export routes to the management VPN like so:
set routing-instance custvpn-a routing-options auto-export enable
Then in your management import policy, you'll have something like this:
policy-statement mgmt-import {
term from-custvpn-a {
from {
community community-cust-a
}
then accept
}
}
> -----Original Message-----
> From: Adam Szymajda [mailto:aszymajd at wp.pl]
> Sent: Thursday, 17 July 2003 23:49
> To: Chris Hellberg
> Cc: juniper-nsp at puck.nether.net
> Subject: Odp: FW: [j-nsp] L3VPN management
>
>
> I have 5.7.
> Do you mean sth like:
> policy-statement mgmt-import {
> term 1 {
> from instance
> or
> from rib ?
>
> I have tried to do it, but with no effect at all :-(
>
> Adam.
>
> Dnia 17-07-2003 o godz. 13:22 Chris Hellberg napisał(a):
> > resent to the list......
> >
> > > -----Original Message-----
> > > From: Chris Hellberg
> > > Sent: Thursday, 17 July 2003 23:19
> > > To: 'Adam Szymajda'; juniper-nsp at puck.nether.net
> > > Subject: RE: [j-nsp] L3VPN management
> > >
> > >
> > > Upgrade to 5.6. It really is a *big* hassle using rib-groups
> > > for what you want to do on < 5.6. With 5.6, there's some
> > > funky internal mechanism to import routes from other VRFs on
> > > the same PE by just matching the community (without the
> > > protocol BGP bit) when you define your import policy.
> > >
> > > > -----Original Message-----
> > > > From: Adam Szymajda [mailto:aszymajd at wp.pl]
> > > > Sent: Thursday, 17 July 2003 23:08
> > > > To: juniper-nsp at puck.nether.net
> > > > Subject: [j-nsp] L3VPN management
> > > >
> > > >
> > > > Hi all,
> > > >
> > > > I want to create a management network for L3VPN, by simply
> > > > adding an additional VRF on one of the PE's. It is
> supposed to
> > > > import the loopback addressess of all the CE's, while all
> other
> > > > VRF's are to import the route to the management network.
> While
> > > > this is quite easy to do with separate route target for
> the CE's
> > > > attached to any other PE, it won't work for the CE
> attached to
> > > > the same PE as the management network (the CE's loopbacks
> won't
> > > > be placed in bgp.l3vpn.0 table on this particular PE). The
> only
> > > > thing that goes through my mind is to creat rib-groups,
> but that
> > > > requires a lot of configuration when there's significant
> amount
> > > > of the VRF's (two rib-groups per each vrf). My question is
> > > > whether you know any other, more convenient way to do it.
> > > > Hope this is clear :-)
> > > > Best regards,
> > > > Adam.
> > > >
> > > >
> > > > ----------------------------------------------------------
> > > > Jesteś w Trójmieście? Zajrzyj na Gdynia Summer Jazz Days!
> > > > Więcej < http://www.gsjd.wp.pl >
> > > >
> > > >
> > > >
> > > > _______________________________________________
> > > > juniper-nsp mailing list juniper-nsp at puck.nether.net
> > > > http://puck.nether.net/mailman/listinfo/juniper-nsp
> > > >
> > > >
> > >
> >
> > ---------------------------------------------------------------
> ---------------
> > "This communication, including any attachments, is
> confidential.
> > If you are not the intended recipient, you should not read
> > it - please contact me immediately, destroy it, and do not
> > copy or use any part of this communication or disclose
> > anything about it. Thank you."
> > ---------------------------------------------------------------
> ---------------
> >
> >
> > _______________________________________________
> > juniper-nsp mailing list juniper-nsp at puck.nether.net
> > http://puck.nether.net/mailman/listinfo/juniper-nsp
> >
>
> --------------------------------------------------------------
> ---------
> Festiwal Filmowy Era Nowe Horyzonty, 17-27 lipca.
> Cieszyn zaprasza! < http://film.wp.pl/www/film/2003/eranowehoryzonty >
>
>
>
>
>
------------------------------------------------------------------------------
"This communication, including any attachments, is confidential.
If you are not the intended recipient, you should not read
it - please contact me immediately, destroy it, and do not
copy or use any part of this communication or disclose
anything about it. Thank you."
------------------------------------------------------------------------------
More information about the juniper-nsp
mailing list