[j-nsp] Dynamic route leaking between global routing table and vrf routing table
Mark Meijerink
mark.meijerink at sara.nl
Fri Apr 3 14:14:17 EDT 2009
Chris,
Thanks for the reply. If I understand it correctly within the rib-group the export-rib will be inet.0 because the AMS-IX routes are within the inet.0
/ global routing table. As import-rib I will put inet.0 followed by the vrf.inet.0 so routes will be imported into these two routing tables. To select
the ams-ix routes I can write a import-policy to accept routes matching the ams-ix community to be imported into the vrf routing table.
routing options {
interface-routes {
rib-group amsix-routes-to-vrf ;
}
rib-groups amsix-routs-to-vrf {
import-policy [ policy-to-select-amsix-routes ];
import-rib [ inet.0 vrf.inet.0 ];
export-rib inet.0;
}
}
That interface-routes statement is probably why I did not get it to work. The next-hops were not reachable so the routes were not added to the vrf
routing table. Please let me know if my assumptions are correct so I can try to build the setup again.
Thanks in advance,
Mark
Chris Spears wrote:
> The vrf-import/export policies are only for vpn route distribution.
> AFAIK, you have to use rib-groups to go between a routing-instance
> (vrf/l3vpn/virtual-router) and master. Use one rib-group to put the
> AMS-IX routes into the vrf, and apply another to your routing protocols
> in the VRF (or to auto-export) in order to dump routes back to inet.0.
> Just don't forget interface-routes so you can resolve next-hops.
>
> --
> Chris
>
>
> Mark Meijerink wrote:
>> Hi there,
>>
>> I have been working on dynamic leaking of routes between the global routing table and the vrf routing table based on communities. But I have failed to
>> make it work. I have already seen multiple examples but those did not work for me. I will give s short description of what we are trying to achieve
>> and I hope you can point me in the right direction.
>>
>> In the global routing table we have our peerings with AMS-IX peers and iBGP peerings with two core routers. The AMS-IX routes are given a certain
>> community. We want to create a vrf with customers which only have AMS-IX connectivity. So we want to dynamically leak routes into the vrf based on the
>> community. In the vrf we have BGP sessions with the customers and the routes we learn from them are tagged with a certain community as well. These
>> routes must be dynamically leaked into the global routing table. We are looking for a way to dynamically leak routes in two directions.
>>
>> I have tried using rib-groups and tried to make it work using the vrf-import and vrf-export policies. Could you please let me know how I can make the
>> setup as explained above work. The difficulty we are introducing is that we want to leak dynamically and not static. Thanks in advance for your reply
>> and advice.
>>
>> Regards,
>> Mark Meijerink
>> SARA
>>
>>
>>
>> ------------------------------------------------------------------------
>>
>> _______________________________________________
>> juniper-nsp mailing list juniper-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 258 bytes
Desc: OpenPGP digital signature
URL: <https://puck.nether.net/pipermail/juniper-nsp/attachments/20090403/f92daee1/attachment.bin>
More information about the juniper-nsp
mailing list