[j-nsp] forwarding traffic between VRFs

Bosco.Sachanandani at orange.co.in Bosco.Sachanandani at orange.co.in
Thu Apr 28 09:58:21 EDT 2005

Hello Folks,
I was reading through 'Layer 3 VPN Configuration Examples' here
rameset.htm but could not come up with a solution.

The requirement is "fairly" simple:

2 separate L3 VPNs CorpX and CorpY configured on 2 PE routers at 2
separate geographically dispersed locations. Static routes used to route
packets towards the CPE. The local leased lines connected for CorpX and
CorpY are part of their respective VRFs (LL for CorpX is part of
CorpX_VRF) and not part of inet.0

The requirement is to "mix" traffic for a particular subnet
between the 2VRFs i.e. at CorpX's ingress interface, a filter for any
given subnet, should hop all traffic for into CorpY_VRF and
use the default route in CorpY_VRF to go on upstream. 

The problem here is that filter-based forwarding works only if the
interface (CorpX's ingress interface) lies in inet.0, which is not
applicable in my setup.

Excerpt from the documentation:

" For this configuration to work, the following must be true:

1) The interfaces that use filter-based forwarding must not be bound to
the VPN. 
2) Static routing must be used as the means of routing. 
3) You must define an interface routing table group that is shared among
inet.0 and the VRFs to provide local routes to the VRF. "

Points 2 and 3 can be expedited but point 1 remains a constraint for
which I cannot figure out a workaround.

Following this link
l/vpnl3-examples43.html also talks about importing routes from inet.0

Configure the routing options as follows:


routing-options {

    rib-groups {

        inet-access {

            import-rib inet.0;




Would be great is someone can provide any pointers for a workaround.


“The information in this message is confidential and may be legally privileged. It is intended solely for the addressee.  Access to this message by anyone else is unauthorized.  If you are not the intended recipient, any disclosure, copying, or distribution of the message, or any action or omission taken by you in reliance on it, is prohibited and may be unlawful.  Please immediately contact the sender if you have received this message in error. Thank you. Hutchison Max Telecom Limited.” 

More information about the juniper-nsp mailing list