[j-nsp] leaking into a VRF from inet.0?
Perry, Andrew
Andrew.Perry at qwest.com
Tue Apr 17 09:41:54 EDT 2007
Unfortunately the only way I have been able to make this work is with rib groups....here is what I did to put all the direct interfaces into my VRF.
}
routing-options {
interface-routes {
rib-group inet interface-routes;
}
rib-groups {
interface-routes {
import-rib [ inet.0 vrf.inet.0 ];
}
}
Andy
-----Original Message-----
From: juniper-nsp-bounces at puck.nether.net on behalf of Dave Diller
Sent: Tue 4/17/2007 7:37 AM
To: Nick Slabakov
Cc: juniper-nsp at puck.nether.net
Subject: Re: [j-nsp] leaking into a VRF from inet.0?
Well, that was quick. Nope, not supported:
[edit routing-instances TEST routing-options]
'instance-import'
instance-import not allowed on VPN instance
error: configuration check-out failed
Ah well, worth a shot. Back to playing with rib-groups :)
-dd
> In all honesty, I have only done this with non-forwarding
> instances, so you should probably test this thoroughly with VRFs.
>
> Nick
> On Apr 16, 2007, at 7:32 PM, Dave Diller wrote:
>
>> Hmm, I can use that with VRF instances? I skipped that section of
>> the doc as it was referring to nonforwarding instances. I'm not
>> sure how those differ from a VRF, but hadn't played with that
>> particular type at all.
>>
>> I'll play with it tomorrow :)
>>
>> -dd
>>
>>
>> On Apr 16, 2007, at 6:28 PM, Nick Slabakov wrote:
>>
>>> Dave,
>>>
>>> On the odd chance you don't like RIB-groups :-) you may want to
>>> try another mechanism, which does not use them - it is policy-
>>> based export between routing instances: http://tinyurl.com/35xtrk
>>>
>>> When you reference inet.0 you need to use the keyword "master".
>>> Using this method you can export routes between the master
>>> instance and a VRF, bi-directionally.
>>>
>>> Nick
>>> On Apr 16, 2007, at 1:53 PM, Dave Diller wrote:
>>>
>>>> In the lab, I've found that I can get specific BGP routes into
>>>> inet.
>>>> 0 from a VRF using rib-groups and auto-export to create a granular
>>>> "leak policy". Works great.
>>>>
>>>> Is it possible to do the converse - leak selected BGP routes from
>>>> inet.0 into a VRF? I've had no luck so far.
>>>>
>>>> -dd
>>>>
>>>>
>>>> _______________________________________________
>>>> juniper-nsp mailing list juniper-nsp at puck.nether.net
>>>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>>
_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
This communication is the property of Qwest and may contain confidential or
privileged information. Unauthorized use of this communication is strictly
prohibited and may be unlawful. If you have received this communication
in error, please immediately notify the sender by reply e-mail and destroy
all copies of the communication and any attachments.
More information about the juniper-nsp
mailing list