[j-nsp] copy vpn routes to inet.0
Chuck Anderson
cra at WPI.EDU
Tue Dec 23 19:56:00 EST 2008
On Tue, Dec 23, 2008 at 03:27:13PM -0800, snort bsd wrote:
> Could those routes in the L3VPN table be copied to inet.0? I tried
> to use policy and it doesn't seem to be working:
Yes, you can do that.
> term l3vpn->inet.0 {
> from {
> rib l3vpn.inet.0;
> route-filter 100.100.0.0/16 orlonger;
> }
> to rib inet.0;
> then {
> accept;
> }
> }
How are you applying this policy? You need to create a rib-group like
this:
MAIN-to-VPN {
import-rib [ inet.0 l3vpn.inet.0 ];
import-policy [ l3vpn->inet.0 REJECT ];
}
and I don't believe the "from rib l3vpn.inet.0" part should be
specified, at least I haven't needed it:
term l3vpn->inet.0 {
from {
route-filter 100.100.0.0/16 orlonger;
}
to rib inet.0;
then {
accept;
}
}
term REJECT {
then reject;
}
More information about the juniper-nsp
mailing list