[j-nsp] Dynamic route leaking between global routing table and vrf routing table

Mark Meijerink mark.meijerink at sara.nl
Fri Apr 3 14:14:17 EDT 2009 

Chris,

Thanks for the reply. If I understand it correctly within the rib-group the export-rib will be inet.0 because the AMS-IX routes are within the inet.0
/ global routing table. As import-rib I will put inet.0 followed by the vrf.inet.0 so routes will be imported into these two routing tables. To select
the ams-ix routes I can write a import-policy to accept routes matching the ams-ix community to be imported into the vrf routing table.

routing options {
  interface-routes {
    rib-group amsix-routes-to-vrf ;
  }
  rib-groups amsix-routs-to-vrf {
    import-policy [ policy-to-select-amsix-routes ];
    import-rib [ inet.0 vrf.inet.0 ];
    export-rib inet.0;
  }
}

That interface-routes statement is probably why I did not get it to work. The next-hops were not reachable so the routes were not added to the vrf
routing table. Please let me know if my assumptions are correct so I can try to build the setup again.

Thanks in advance,
 Mark



Chris Spears wrote:
> The vrf-import/export policies are only for vpn route distribution. 
> AFAIK, you have to use rib-groups to go between a routing-instance 
> (vrf/l3vpn/virtual-router) and master.  Use one rib-group to put the 
> AMS-IX routes into the vrf, and apply another to your routing protocols 
> in the VRF (or to auto-export) in order to dump routes back to inet.0. 
>   Just don't forget interface-routes so you can resolve next-hops.
> 
> --
> Chris
> 
> 
> Mark Meijerink wrote:
>> Hi there,
>>
>> I have been working on dynamic leaking of routes between the global routing table and the vrf routing table based on communities. But I have failed to
>> make it work. I have already seen multiple examples but those did not work for me. I will give s short description of what we are trying to achieve
>> and I hope you can point me in the right direction.
>>
>> In the global routing table we have our peerings with AMS-IX peers and iBGP peerings with two core routers. The AMS-IX routes are given a certain
>> community. We want to create a vrf with customers which only have AMS-IX connectivity. So we want to dynamically leak routes into the vrf based on the
>> community. In the vrf we have BGP sessions with the customers and the routes we learn from them are tagged with a certain community as well. These
>> routes must be dynamically leaked into the global routing table. We are looking for a way to dynamically leak routes in two directions.
>>
>> I have tried using rib-groups and tried to make it work using the vrf-import and vrf-export policies. Could you please let me know how I can make the
>> setup as explained above work. The difficulty we are introducing is that we want to leak dynamically and not static. Thanks in advance for your reply
>> and advice.
>>
>> Regards,
>>  Mark Meijerink
>>  SARA
>>
>>
>>
>> ------------------------------------------------------------------------
>>
>> _______________________________________________
>> juniper-nsp mailing list juniper-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/juniper-nsp
> 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 258 bytes
Desc: OpenPGP digital signature
URL: <https://puck.nether.net/pipermail/juniper-nsp/attachments/20090403/f92daee1/attachment.bin>

More information about the juniper-nsp mailing list