[j-nsp] forwarding traffic between VRFs

Krasimir Avramski krasi at smartcom.bg
Thu Apr 28 11:46:29 EDT 2005


Hi,

Beginning with junos 6.4R2 ( 7.1 for sure ) it is possile to use something like this:

CorpX {
    routing-options {
        static {
            route 10.1.8.0/24 next-table CorpY.inet.0;
        }
    }
}

Krasi

------------------------------------------------------------------------



---Original Message----------------------------------
 FROM: Bosco.Sachanandani at orange.co.in
 TO: juniper-nsp at puck.nether.net
 SUBJECT: Re: [j-nsp] forwarding traffic between VRFs
 SENT: APRIL 28, 2005 07:28PM
--------------------------------------------------------
> 
> Hello Folks, I was reading through 'Layer 3 VPN Configuration Examples' herehttp://www.juniper.net/techpubs/software/junos/junos64/swconfig64-vpns/frameset.htm but could not come up with a solution.
> The requirement is "fairly" simple:
> 2 separate L3 VPNs CorpX and CorpY configured on 2 PE routers at 2separate geographically dispersed locations. Static routes used to routepackets towards the CPE. The local leased lines connected for CorpX and are part of their respective VRFs (LL for CorpX is part ofCorpX_VRF) and not part of inet.0
> The requirement is to "mix" traffic for a particular subnet 10.1.8.0/24between the 2VRFs i.e. at CorpX's ingress interface, a filter for anygiven subnet, should hop all traffic for 10.1.8.0/24 into CorpY_VRF anduse the default route in CorpY_VRF to go on upstream. 
> The problem here is that filter-based forwarding works only if theinterface (CorpX's ingress interface) lies in inet.0, which is notapplicable in my setup.
> Excerpt from the documentation:
> " For this configuration to work, the following must be true:
> 1) The interfaces that use filter-based forwarding must not be bound tothe VPN. 	2) Static routing must be used as the means of routing. 	3) You must define an interface routing table group that is shared amonginet.0 and the VRFs to provide local routes to the VRF. "
> 
> Points 2 and 3 can be expedited but point 1 remains a constraint forwhich I cannot figure out a workaround.
> Following this linkhttp://boulder.noaa.gov/noc/juniper/software/junos54/swconfig54-vpns/html/vpnl3-examples43.html also talks about importing routes from inet.0
> Configure the routing options as follows:
> [edit]
> routing-options {
>     rib-groups {
>         inet-access {
>             import-rib inet.0;
>         }
>     }
> }
> 
> Would be great is someone can provide any pointers for a workaround.
> Thanks
> 
> 
> “The information in this message is confidential and may be legally privileged. It is intended solely for the addressee.  Access to this message by anyone else is unauthorized.  If you are not the intended recipient, any disclosure, copying, or distribution of the message, or any action or omission taken by you in reliance on it, is prohibited and may be unlawful.  Please immediately contact the sender if you have received this message in error. Thank you. Hutchison Max Telecom Limited.” 
> _______________________________________________juniper-nsp mailing list juniper-nsp at puck.nether.nethttp://puck.nether.net/mailman/listinfo/juniper-nsp
> 
> 


More information about the juniper-nsp mailing list