[j-nsp] Route-leaking between a virtual-router instance and VRF instance

Andy Vance avance at hq.speakeasy.net
Thu Feb 11 12:02:38 EST 2010 

If I'm not mistaken, 

vrf-import VRFX_IMPORT;
vrf-export VRFX_EXPORT;
vrf-target {
    import target:1:1;
    export target:1:1;

isn't going to accomplish what your trying to do here.  vrf-target commands allow you to import/export routes without as many policy hooks but used together like this, I believe vrf-import/vrf-export is overriding the vrf-target commands. As well, I didn't see any policy-options config for the VRFX_IMPORT or VRFX_EXPORT policy your calling.  I assume this policy config would allow your routes to be exported:

edit policy-options 

policy-statement VRFX_EXPORT {
        term out {
            from protocol ospf;
            then {
                community add VRFX;
                accept;
            }
        }
        term reject {
            then reject;
        }
    }

 and this would allow your routes to be imported on R3

policy-statement VRFX_IMPORT {
        term import {
            from {
                protocol bgp;
                community VRFX;
            }
            then accept;
        }
        term reject {
            then reject;
        }
    }

Cheers,
Andy Vance
Sr. Network Engineer
Speakeasy
Direct > 206.971.5144 * Fax > 206.728.1500 
Email > avance at hq.speakeasy.net  * Web > www.speakeasy.net

Voice * Data * Managed Services




-----Original Message-----
From: juniper-nsp-bounces at puck.nether.net [mailto:juniper-nsp-bounces at puck.nether.net] On Behalf Of Ioan Branet
Sent: Thursday, February 11, 2010 8:38 AM
To: juniper-nsp at puck.nether.net
Subject: [j-nsp] Route-leaking between a virtual-router instance and VRF instance

Hello Group,



I have the following setup:

R3(PE VRF X)----R1---R2(PE VRF X)----R5 (CE )

On R2 on the interface connecting to R5 i have a virtual-router instance and run OSPF with R5 in this instance and also a VRF X instance.

I use rib-groups to leak the prefixes from virtual-router instance to VRF X instance ,but when I want to export these prefixese tp R3 ot seems that I can't do that,nothing is exported.
I see the prefixes in VRFX.inet.o from R5 but there are no VPNV4 prefixes advertised to R3 PE.
Is there any posibility to make this leaking?

Here is my config:

R2:
Virtual-router instance between R2 and R5:

 routing-instances
virtual-router {
    instance-type virtual-router;
    interface em2.0;
    routing-options {
        interface-routes {
            rib-group inet virtual-router ->GRT_AND_VRFX;
        }
        static {
            route 0.0.0.0/0 discard;
        }
    }
    protocols {
        ospf {
            rib-group virtual-router ->GRT_AND_VRFX;
            export DEFAULT_ORIGINATE_TAG_X;
            area 0.0.0.0 {
                interface em2.0;
            }
        }
    }

VRF X routing instance (I do not use any protocol on VRFX and any interfaces,this is only for export and import into VRFX)


instance-type vrf;
route-distinguisher 1:1;
vrf-import VRFX_IMPORT;
vrf-export VRFX_EXPORT;
vrf-target {
    import target:1:1;
    export target:1:1;
}
vrf-table-label;
routing-options {
    interface-routes {
        family inet {
            export {
                point-to-point;
                lan;
            }
        }
    }

I want to leak also routes from VRFX to Global routing table

root at R2> show configuration routing-options rib-groups
VRFX->virtual-router {
    import-rib [ VRFX.inet.0 virtual-router.inet.0 ]; }
virtual-router->GRT_AND_VRFX {
    import-rib [virtual-router.inet.0 VRFX.inet.0 inet.0 ]; } root at R2> show configuration protocols ospf traceoptions {
    file OSPF size 10k world-readable;
    flag all;
}
area 0.0.0.0 {
    interface em0.0;
    interface lo0.0;
}

term CONNECTED {
    from protocol direct;
    then {
        community add VRFX;
        accept;
    }
}
term OSPF {
    from {
        protocol ospf;

    }
    then {
        community add VRFX ;
        accept;
    }
}
term REJECT {
    then reject;
}

show configuration policy-options community VRFX members target:1:1;

Routes received on R2 from virtual-router instance from R5 :
root at R2> show route table OSPF_6746_CASA.inet.0 next-hop 150.1.25.5

virtual_router.inet.0: 15 destinations, 15 routes (15 active, 0 holddown, 0
hidden)
+ = Active Route, - = Last Active, * = Both

5.5.5.5/32         *[OSPF/10] 00:33:40, metric 1
                    > to 150.1.25.5 via em2.0
10.210.192.0/20    *[OSPF/10] 00:33:40, metric 1
                    > to 150.1.25.5 via em2.0
10.210.192.5/32    *[OSPF/10] 00:33:40, metric 1
                    > to 150.1.25.5 via em2.0

These routes are leaked to VRFX ok:

root at R2> show route table VRFX next-hop 150.1.25.5

VRFX.inet.0: 29 destinations, 29 routes (29 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

5.5.5.5/32         *[OSPF/10] 00:36:40, metric 1
                    > to 150.1.25.5 via em2.0
10.210.192.0/20    *[OSPF/10] 00:36:40, metric 1
                    > to 150.1.25.5 via em2.0
10.210.192.5/32    *[OSPF/10] 00:36:40, metric 1
                    > to 150.1.25.5 via em2.0

But these rotues from VRFX  are not advertised from R2 to R3 (other PE)

root at R2> show route advertising-protocol bgp 1.1.1.1

root at R2>

Is there any way to export the routes leaked from virtual-router instance from R2 to the other PE(R3)?



Thank you,
John
_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp

More information about the juniper-nsp mailing list