[j-nsp] Route-leaking between a virtual-router instance and VRF instance
Ioan Branet
ioan.branet at gmail.com
Thu Feb 11 13:45:52 EST 2010
Hello Andy and thank you for your reply.
I used the solution without
vrf-import VRFX_IMPORT;
vrf-export VRFX_EXPORT;
but with the same result, the routes leaked from virtual-router instance to
VRFX vrf instance does not propagate to other PE.
I used also the same policies for export and import but i forgot to paste it
in mail.
Maybe the vrf-export wont work with those prefixes leaked from
virtual-router instance,because if i add an interface to vrf instance VRFX
and configure OSPF in VRF routing-instance,the prefixes are exported to
other PE.
Have anyone tried this kind of solution?
Thank you,
John
On Thu, Feb 11, 2010 at 7:02 PM, Andy Vance <avance at hq.speakeasy.net> wrote:
> If I'm not mistaken,
>
> vrf-import VRFX_IMPORT;
> vrf-export VRFX_EXPORT;
> vrf-target {
> import target:1:1;
> export target:1:1;
>
> isn't going to accomplish what your trying to do here. vrf-target commands
> allow you to import/export routes without as many policy hooks but used
> together like this, I believe vrf-import/vrf-export is overriding the
> vrf-target commands. As well, I didn't see any policy-options config for the
> VRFX_IMPORT or VRFX_EXPORT policy your calling. I assume this policy config
> would allow your routes to be exported:
>
> edit policy-options
>
> policy-statement VRFX_EXPORT {
> term out {
> from protocol ospf;
> then {
> community add VRFX;
> accept;
> }
> }
> term reject {
> then reject;
> }
> }
>
> and this would allow your routes to be imported on R3
>
> policy-statement VRFX_IMPORT {
> term import {
> from {
> protocol bgp;
> community VRFX;
> }
> then accept;
> }
> term reject {
> then reject;
> }
> }
>
> Cheers,
> Andy Vance
> Sr. Network Engineer
> Speakeasy
> Direct > 206.971.5144 * Fax > 206.728.1500
> Email > avance at hq.speakeasy.net * Web > www.speakeasy.net
>
> Voice * Data * Managed Services
>
>
>
>
> -----Original Message-----
> From: juniper-nsp-bounces at puck.nether.net [mailto:
> juniper-nsp-bounces at puck.nether.net] On Behalf Of Ioan Branet
> Sent: Thursday, February 11, 2010 8:38 AM
> To: juniper-nsp at puck.nether.net
> Subject: [j-nsp] Route-leaking between a virtual-router instance and VRF
> instance
>
> Hello Group,
>
>
>
> I have the following setup:
>
> R3(PE VRF X)----R1---R2(PE VRF X)----R5 (CE )
>
> On R2 on the interface connecting to R5 i have a virtual-router instance
> and run OSPF with R5 in this instance and also a VRF X instance.
>
> I use rib-groups to leak the prefixes from virtual-router instance to VRF X
> instance ,but when I want to export these prefixese tp R3 ot seems that I
> can't do that,nothing is exported.
> I see the prefixes in VRFX.inet.o from R5 but there are no VPNV4 prefixes
> advertised to R3 PE.
> Is there any posibility to make this leaking?
>
> Here is my config:
>
> R2:
> Virtual-router instance between R2 and R5:
>
> routing-instances
> virtual-router {
> instance-type virtual-router;
> interface em2.0;
> routing-options {
> interface-routes {
> rib-group inet virtual-router ->GRT_AND_VRFX;
> }
> static {
> route 0.0.0.0/0 discard;
> }
> }
> protocols {
> ospf {
> rib-group virtual-router ->GRT_AND_VRFX;
> export DEFAULT_ORIGINATE_TAG_X;
> area 0.0.0.0 {
> interface em2.0;
> }
> }
> }
>
> VRF X routing instance (I do not use any protocol on VRFX and any
> interfaces,this is only for export and import into VRFX)
>
>
> instance-type vrf;
> route-distinguisher 1:1;
> vrf-import VRFX_IMPORT;
> vrf-export VRFX_EXPORT;
> vrf-target {
> import target:1:1;
> export target:1:1;
> }
> vrf-table-label;
> routing-options {
> interface-routes {
> family inet {
> export {
> point-to-point;
> lan;
> }
> }
> }
>
> I want to leak also routes from VRFX to Global routing table
>
> root at R2> show configuration routing-options rib-groups
> VRFX->virtual-router {
> import-rib [ VRFX.inet.0 virtual-router.inet.0 ]; }
> virtual-router->GRT_AND_VRFX {
> import-rib [virtual-router.inet.0 VRFX.inet.0 inet.0 ]; } root at R2> show
> configuration protocols ospf traceoptions {
> file OSPF size 10k world-readable;
> flag all;
> }
> area 0.0.0.0 {
> interface em0.0;
> interface lo0.0;
> }
>
> term CONNECTED {
> from protocol direct;
> then {
> community add VRFX;
> accept;
> }
> }
> term OSPF {
> from {
> protocol ospf;
>
> }
> then {
> community add VRFX ;
> accept;
> }
> }
> term REJECT {
> then reject;
> }
>
> show configuration policy-options community VRFX members target:1:1;
>
> Routes received on R2 from virtual-router instance from R5 :
> root at R2> show route table OSPF_6746_CASA.inet.0 next-hop 150.1.25.5
>
> virtual_router.inet.0: 15 destinations, 15 routes (15 active, 0 holddown, 0
> hidden)
> + = Active Route, - = Last Active, * = Both
>
> 5.5.5.5/32 *[OSPF/10] 00:33:40, metric 1
> > to 150.1.25.5 via em2.0
> 10.210.192.0/20 *[OSPF/10] 00:33:40, metric 1
> > to 150.1.25.5 via em2.0
> 10.210.192.5/32 *[OSPF/10] 00:33:40, metric 1
> > to 150.1.25.5 via em2.0
>
> These routes are leaked to VRFX ok:
>
> root at R2> show route table VRFX next-hop 150.1.25.5
>
> VRFX.inet.0: 29 destinations, 29 routes (29 active, 0 holddown, 0 hidden)
> + = Active Route, - = Last Active, * = Both
>
> 5.5.5.5/32 *[OSPF/10] 00:36:40, metric 1
> > to 150.1.25.5 via em2.0
> 10.210.192.0/20 *[OSPF/10] 00:36:40, metric 1
> > to 150.1.25.5 via em2.0
> 10.210.192.5/32 *[OSPF/10] 00:36:40, metric 1
> > to 150.1.25.5 via em2.0
>
> But these rotues from VRFX are not advertised from R2 to R3 (other PE)
>
> root at R2> show route advertising-protocol bgp 1.1.1.1
>
> root at R2>
>
> Is there any way to export the routes leaked from virtual-router instance
> from R2 to the other PE(R3)?
>
>
>
> Thank you,
> John
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
More information about the juniper-nsp
mailing list