[j-nsp] Route-leaking between a virtual-router instance and VRF instance
Ioan Branet
ioan.branet at gmail.com
Fri Feb 12 03:22:45 EST 2010
Hello Andy,
I think that exporting these prefixes leaked from virtual-router instannce
to VRFX instance to BGP does not accomplish the desired result because I
want to convert those prefixes to MPBGP VPNV4 prefixes.
I do not run any protocol in VRFX instance as the common situation in order
to use vrf-export/import policies.
The problem is that I have the prefixes leaked into VRFX seen as :
VRFX.inet.0: 29 destinations, 29 routes (29 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
5.5.5.5/32 *[OSPF/10] 00:36:40, metric 1
> to 150.1.25.5 via em2.0
10.210.192.0/20 *[OSPF/10] 00:36:40, metric 1
> to 150.1.25.5 via em2.0
10.210.192.5/32 *[OSPF/10] 00:36:40, metric 1
> to 150.1.25.5 via em2.0
but I can't export them as MPBGP VPNV4 prefixes.
If I use the ospf-to-bgp export policy on BGP, I only export into BGP
prefixes from inet.0 I think.
I think that the ospf-to-bgp export policy will not accomplished the goal.
Thank you,
John
On Thu, Feb 11, 2010 at 10:42 PM, Andy Vance <avance at hq.speakeasy.net>wrote:
> Ioan,
>
> I think the issue here is that the OSPF routes you have in that VRF are not
> being injected into BGP anywhere, even though we attempted to do that,
> possibly we're the area statement? I'm not running OSPF anywhere so
> my configs/experience don't help me answer that piece....
>
> see
>
> http://www-jnet.juniper.net/techpubs/software/junos/junos92/swconfig-policy/example-redistributing-ospf-routes-into-bgp.html
>
> Since they aren't advertised, it makes me think that BGP doesn't know to
> advertise those routes.
>
> Cheers,
> Andy
>
> ------------------------------
> *From:* Ioan Branet [mailto:ioan.branet at gmail.com]
> *Sent:* Thursday, February 11, 2010 10:46 AM
> *To:* Andy Vance
> *Cc:* juniper-nsp at puck.nether.net
> *Subject:* Re: [j-nsp] Route-leaking between a virtual-router instance and
> VRF instance
>
> Hello Andy and thank you for your reply.
>
> I used the solution without
> vrf-import VRFX_IMPORT;
> vrf-export VRFX_EXPORT;
>
> but with the same result, the routes leaked from virtual-router instance to
> VRFX vrf instance does not propagate to other PE.
>
> I used also the same policies for export and import but i forgot to paste
> it in mail.
> Maybe the vrf-export wont work with those prefixes leaked from
> virtual-router instance,because if i add an interface to vrf instance VRFX
> and configure OSPF in VRF routing-instance,the prefixes are exported to
> other PE.
>
> Have anyone tried this kind of solution?
>
> Thank you,
> John
>
> On Thu, Feb 11, 2010 at 7:02 PM, Andy Vance <avance at hq.speakeasy.net>wrote:
>
>> If I'm not mistaken,
>>
>> vrf-import VRFX_IMPORT;
>> vrf-export VRFX_EXPORT;
>> vrf-target {
>> import target:1:1;
>> export target:1:1;
>>
>> isn't going to accomplish what your trying to do here. vrf-target
>> commands allow you to import/export routes without as many policy hooks but
>> used together like this, I believe vrf-import/vrf-export is overriding the
>> vrf-target commands. As well, I didn't see any policy-options config for the
>> VRFX_IMPORT or VRFX_EXPORT policy your calling. I assume this policy config
>> would allow your routes to be exported:
>>
>> edit policy-options
>>
>> policy-statement VRFX_EXPORT {
>> term out {
>> from protocol ospf;
>> then {
>> community add VRFX;
>> accept;
>> }
>> }
>> term reject {
>> then reject;
>> }
>> }
>>
>> and this would allow your routes to be imported on R3
>>
>> policy-statement VRFX_IMPORT {
>> term import {
>> from {
>> protocol bgp;
>> community VRFX;
>> }
>> then accept;
>> }
>> term reject {
>> then reject;
>> }
>> }
>>
>> Cheers,
>> Andy Vance
>> Sr. Network Engineer
>> Speakeasy
>> Direct > 206.971.5144 * Fax > 206.728.1500
>> Email > avance at hq.speakeasy.net * Web > www.speakeasy.net
>>
>> Voice * Data * Managed Services
>>
>>
>>
>>
>> -----Original Message-----
>> From: juniper-nsp-bounces at puck.nether.net [mailto:
>> juniper-nsp-bounces at puck.nether.net] On Behalf Of Ioan Branet
>> Sent: Thursday, February 11, 2010 8:38 AM
>> To: juniper-nsp at puck.nether.net
>> Subject: [j-nsp] Route-leaking between a virtual-router instance and VRF
>> instance
>>
>> Hello Group,
>>
>>
>>
>> I have the following setup:
>>
>> R3(PE VRF X)----R1---R2(PE VRF X)----R5 (CE )
>>
>> On R2 on the interface connecting to R5 i have a virtual-router instance
>> and run OSPF with R5 in this instance and also a VRF X instance.
>>
>> I use rib-groups to leak the prefixes from virtual-router instance to VRF
>> X instance ,but when I want to export these prefixese tp R3 ot seems that I
>> can't do that,nothing is exported.
>> I see the prefixes in VRFX.inet.o from R5 but there are no VPNV4 prefixes
>> advertised to R3 PE.
>> Is there any posibility to make this leaking?
>>
>> Here is my config:
>>
>> R2:
>> Virtual-router instance between R2 and R5:
>>
>> routing-instances
>> virtual-router {
>> instance-type virtual-router;
>> interface em2.0;
>> routing-options {
>> interface-routes {
>> rib-group inet virtual-router ->GRT_AND_VRFX;
>> }
>> static {
>> route 0.0.0.0/0 discard;
>> }
>> }
>> protocols {
>> ospf {
>> rib-group virtual-router ->GRT_AND_VRFX;
>> export DEFAULT_ORIGINATE_TAG_X;
>> area 0.0.0.0 {
>> interface em2.0;
>> }
>> }
>> }
>>
>> VRF X routing instance (I do not use any protocol on VRFX and any
>> interfaces,this is only for export and import into VRFX)
>>
>>
>> instance-type vrf;
>> route-distinguisher 1:1;
>> vrf-import VRFX_IMPORT;
>> vrf-export VRFX_EXPORT;
>> vrf-target {
>> import target:1:1;
>> export target:1:1;
>> }
>> vrf-table-label;
>> routing-options {
>> interface-routes {
>> family inet {
>> export {
>> point-to-point;
>> lan;
>> }
>> }
>> }
>>
>> I want to leak also routes from VRFX to Global routing table
>>
>> root at R2> show configuration routing-options rib-groups
>> VRFX->virtual-router {
>> import-rib [ VRFX.inet.0 virtual-router.inet.0 ]; }
>> virtual-router->GRT_AND_VRFX {
>> import-rib [virtual-router.inet.0 VRFX.inet.0 inet.0 ]; } root at R2>
>> show configuration protocols ospf traceoptions {
>> file OSPF size 10k world-readable;
>> flag all;
>> }
>> area 0.0.0.0 {
>> interface em0.0;
>> interface lo0.0;
>> }
>>
>> term CONNECTED {
>> from protocol direct;
>> then {
>> community add VRFX;
>> accept;
>> }
>> }
>> term OSPF {
>> from {
>> protocol ospf;
>>
>> }
>> then {
>> community add VRFX ;
>> accept;
>> }
>> }
>> term REJECT {
>> then reject;
>> }
>>
>> show configuration policy-options community VRFX members target:1:1;
>>
>> Routes received on R2 from virtual-router instance from R5 :
>> root at R2> show route table OSPF_6746_CASA.inet.0 next-hop 150.1.25.5
>>
>> virtual_router.inet.0: 15 destinations, 15 routes (15 active, 0 holddown,
>> 0
>> hidden)
>> + = Active Route, - = Last Active, * = Both
>>
>> 5.5.5.5/32 *[OSPF/10] 00:33:40, metric 1
>> > to 150.1.25.5 via em2.0
>> 10.210.192.0/20 *[OSPF/10] 00:33:40, metric 1
>> > to 150.1.25.5 via em2.0
>> 10.210.192.5/32 *[OSPF/10] 00:33:40, metric 1
>> > to 150.1.25.5 via em2.0
>>
>> These routes are leaked to VRFX ok:
>>
>> root at R2> show route table VRFX next-hop 150.1.25.5
>>
>> VRFX.inet.0: 29 destinations, 29 routes (29 active, 0 holddown, 0 hidden)
>> + = Active Route, - = Last Active, * = Both
>>
>> 5.5.5.5/32 *[OSPF/10] 00:36:40, metric 1
>> > to 150.1.25.5 via em2.0
>> 10.210.192.0/20 *[OSPF/10] 00:36:40, metric 1
>> > to 150.1.25.5 via em2.0
>> 10.210.192.5/32 *[OSPF/10] 00:36:40, metric 1
>> > to 150.1.25.5 via em2.0
>>
>> But these rotues from VRFX are not advertised from R2 to R3 (other PE)
>>
>> root at R2> show route advertising-protocol bgp 1.1.1.1
>>
>> root at R2>
>>
>> Is there any way to export the routes leaked from virtual-router instance
>> from R2 to the other PE(R3)?
>>
>>
>>
>> Thank you,
>> John
>> _______________________________________________
>> juniper-nsp mailing list juniper-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>>
>
>
>
>
More information about the juniper-nsp
mailing list