[j-nsp] copy vpn routes to inet.0

Richmond, Jeff Jeff.Richmond at frontiercorp.com
Thu Dec 25 02:54:08 EST 2008 

Ok, I'll try to answer all your questions, but am in a rush, so if I miss something, just let me know.

1. The default route is for jumping out of the VPN to inet.0. You don't need this if you don't want to leave the VPN. In other words you can still advertise your VPN routes to inet.0 just using auto-export and rib groups.

2. Yes, as I showed in the example, I am publishing the VRF-specific loopback to inet.0 using auto-export. Same exact formula for physical interfaces as well.

3. As for the remote routes, it will not work. Basically, if the local PE learns routes from other PEs, it will not readvertise them to inet.0 like it will with the local PE routes. This really stinks for me as I can't use a single PE as a gateway into the VRF (well, not easily anyway).

4. As for an explanation of auto-export, I am probably not the best person to explain all of its details or differences with other junos knobs. I would suggest getting with your SE and having them dig up the detailed info for you.

Take care,
-Jeff
________________________________________
From: snort bsd [snortbsd at yahoo.com.au]
Sent: Wednesday, December 24, 2008 10:12 PM
To: juniper-nsp; Richmond, Jeff
Subject: RE: [j-nsp] copy vpn routes to inet.0

thanks, jeff

but your primary table is inet.0 but the default route 0/0 point to next table of inet.0. how does that work?

actually i am very interested in your old post:

"Just be aware that you can only do this with local routes in the VRF, not
remotely learned routes from other PEs. At one point I was wanting to make a
"gateway" PE using auto-export and RIB groups to enter/exit the VRF on a single
PE, which works great with local routes (interface, static, etc.), but will not
work with remotely learned VRF routes (via MBGP). I asked Juniper about this,
and was basically told it just won't work. So, I ended up having each PE do
auto-export... "

indeed i am trying to copy vpn routes learned from other PE routers into inet.0 and as you had pointed before, it would not work. now i am dying to know why not...:)

also how could you get that vpn specific loopback into inet.0? via "auto-export" statement?

what does that "auto-export" statement mean? automatically export all of routes under that VRF to route tables of inet.0 and 300.inet.0? honestly i still can't get clear meaning of this "auto-export" statement.

in fact, if that just for the lo0.300, i could just use "interface-routes" statement under that vpn instance to achieve the same result.



--- On Wed, 24/12/08, Richmond, Jeff <Jeff.Richmond at frontiercorp.com> wrote:

From: Richmond, Jeff <Jeff.Richmond at frontiercorp.com>
Subject: RE: [j-nsp] copy vpn routes to inet.0
To: "snort bsd" <snortbsd at yahoo.com.au>, "juniper-nsp" <juniper-nsp at puck.nether.net>
Received: Wednesday, 24 December, 2008, 6:20 PM

Here is a sample from one of my lab routers. I am just using a loopback IP inside VRF 300, but as you can see, it is now seen in inet.0.

jeff at r2> show configuration routing-instances 300
description "Customer 2 VRF";
instance-type vrf;
interface lo0.300;
vrf-target target:65100:300;
vrf-table-label;
routing-options {
    static {
        route 0.0.0.0/0 next-table inet.0;
    }
    auto-export {
        family inet {
            unicast {
                rib-group CUST300-RIB;
            }
        }
    }
}


jeff at r2> show configuration routing-options rib-groups
CUST300-RIB {
    import-rib [ inet.0 300.inet.0 ];
    import-policy RESTRICT-VRF300;
}


jeff at r2> show configuration interfaces lo0 unit 300
family inet {
    address 10.99.99.1/32;
}

jeff at r2> show route 10.99.99.1
inet.0: 152 destinations, 167 routes (104 active, 0 holddown, 48 hidden)
+ = Active Route, - = Last Active, * = Both

10.99.99.1/32      *[Direct/0] 14:18:57
                    > via lo0.300

300.inet.0: 2 destinations, 2 routes (2 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

10.99.99.1/32      *[Direct/0] 14:18:57
                    > via lo0.300


________________________________________
From: juniper-nsp-bounces at puck.nether.net</mc/compose?to=juniper-nsp-bounces at puck.nether.net> [juniper-nsp-bounces at puck.nether.net</mc/compose?to=juniper-nsp-bounces at puck.nether.net>] On Behalf Of snort bsd [snortbsd at yahoo.com.au</mc/compose?to=snortbsd at yahoo.com.au>]
Sent: Tuesday, December 23, 2008 3:27 PM
To: juniper-nsp
Subject: [j-nsp] copy vpn routes to inet.0

Hi all:

Could those routes in the L3VPN table be copied to inet.0? I tried to use policy and it doesn't seem to be working:

term l3vpn->inet.0 {
    from {
        rib l3vpn.inet.0;
        route-filter 100.100.0.0/16 orlonger;
    }
    to rib inet.0;
    then {
        accept;
    }
}

_dave


      Stay connected to the people that matter most with a smarter inbox. Take a look http://au.docs.yahoo.com/mail/smarterinbox
_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net</mc/compose?to=juniper-nsp at puck.nether.net>
https://puck.nether.net/mailman/listinfo/juniper-nsp


________________________________
Stay connected to the people that matter most with a smarter inbox. Take a look<http://au.rd.yahoo.com/galaxy/mail/tagline2/*http://au.docs.yahoo.com/mail/smarterinbox>.

More information about the juniper-nsp mailing list