[j-nsp] copy vpn routes to inet.0
Chuck Anderson
cra at WPI.EDU
Tue Dec 23 19:59:05 EST 2008
On Tue, Dec 23, 2008 at 07:56:00PM -0500, Chuck Anderson wrote:
> On Tue, Dec 23, 2008 at 03:27:13PM -0800, snort bsd wrote:
> > Could those routes in the L3VPN table be copied to inet.0? I tried
> > to use policy and it doesn't seem to be working:
>
> Yes, you can do that.
>
> > term l3vpn->inet.0 {
> > from {
> > rib l3vpn.inet.0;
> > route-filter 100.100.0.0/16 orlonger;
> > }
> > to rib inet.0;
> > then {
> > accept;
> > }
> > }
>
> How are you applying this policy? You need to create a rib-group like
> this:
>
> MAIN-to-VPN {
> import-rib [ inet.0 l3vpn.inet.0 ];
> import-policy [ l3vpn->inet.0 REJECT ];
> }
Ooos, I have these backwards. This should be correct:
VPN-to-MAIN {
import-rib [ l3vpn.inet.0 inet.0 ];
import-policy [ l3vpn->inet.0 REJECT ];
}
> and I don't believe the "from rib l3vpn.inet.0" part should be
> specified, at least I haven't needed it:
>
> term l3vpn->inet.0 {
> from {
> route-filter 100.100.0.0/16 orlonger;
> }
> to rib inet.0;
> then {
> accept;
> }
> }
>
> term REJECT {
> then reject;
> }
More information about the juniper-nsp
mailing list