[j-nsp] Route-leaking between a virtual-router instance and VRF instance

Ioan Branet ioan.branet at gmail.com
Fri Feb 12 03:22:45 EST 2010


Hello Andy,

I think that exporting these prefixes leaked from virtual-router instannce
to VRFX instance to BGP does not accomplish the desired result because I
want to convert those prefixes to MPBGP VPNV4 prefixes.

I do not run any protocol in VRFX instance as the common situation in order
to use vrf-export/import policies.
The problem is that I have the prefixes leaked into VRFX seen as :
VRFX.inet.0: 29 destinations, 29 routes (29 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

5.5.5.5/32         *[OSPF/10] 00:36:40, metric 1
                    > to 150.1.25.5 via em2.0
10.210.192.0/20    *[OSPF/10] 00:36:40, metric 1
                    > to 150.1.25.5 via em2.0
10.210.192.5/32    *[OSPF/10] 00:36:40, metric 1
                    > to 150.1.25.5 via em2.0
 but I can't export them as MPBGP VPNV4 prefixes.

If I use the ospf-to-bgp export policy on BGP, I only export into BGP
prefixes from inet.0 I think.

I think that the ospf-to-bgp export policy will not accomplished the goal.

Thank you,
John



On Thu, Feb 11, 2010 at 10:42 PM, Andy Vance <avance at hq.speakeasy.net>wrote:

>  Ioan,
>
> I think the issue here is that the OSPF routes you have in that VRF are not
> being injected into BGP anywhere, even though we attempted to do that,
> possibly we're the area statement?  I'm not running OSPF anywhere so
> my configs/experience don't help me answer that piece....
>
> see
>
> http://www-jnet.juniper.net/techpubs/software/junos/junos92/swconfig-policy/example-redistributing-ospf-routes-into-bgp.html
>
> Since they aren't advertised, it makes me think that BGP doesn't know to
> advertise those routes.
>
> Cheers,
> Andy
>
>  ------------------------------
> *From:* Ioan Branet [mailto:ioan.branet at gmail.com]
> *Sent:* Thursday, February 11, 2010 10:46 AM
> *To:* Andy Vance
> *Cc:* juniper-nsp at puck.nether.net
> *Subject:* Re: [j-nsp] Route-leaking between a virtual-router instance and
> VRF instance
>
> Hello Andy and thank you for your reply.
>
> I used the solution without
>  vrf-import VRFX_IMPORT;
> vrf-export VRFX_EXPORT;
>
> but with the same result, the routes leaked from virtual-router instance to
> VRFX vrf instance does not propagate to other PE.
>
> I used also the same policies for export and import but i forgot to paste
> it in mail.
> Maybe the vrf-export wont work with those prefixes leaked from
> virtual-router instance,because if i add an interface to vrf instance VRFX
> and configure OSPF in VRF routing-instance,the prefixes are exported to
> other PE.
>
> Have anyone tried this kind of solution?
>
> Thank you,
> John
>
> On Thu, Feb 11, 2010 at 7:02 PM, Andy Vance <avance at hq.speakeasy.net>wrote:
>
>> If I'm not mistaken,
>>
>> vrf-import VRFX_IMPORT;
>> vrf-export VRFX_EXPORT;
>> vrf-target {
>>    import target:1:1;
>>    export target:1:1;
>>
>> isn't going to accomplish what your trying to do here.  vrf-target
>> commands allow you to import/export routes without as many policy hooks but
>> used together like this, I believe vrf-import/vrf-export is overriding the
>> vrf-target commands. As well, I didn't see any policy-options config for the
>> VRFX_IMPORT or VRFX_EXPORT policy your calling.  I assume this policy config
>> would allow your routes to be exported:
>>
>> edit policy-options
>>
>> policy-statement VRFX_EXPORT {
>>        term out {
>>            from protocol ospf;
>>            then {
>>                community add VRFX;
>>                accept;
>>            }
>>        }
>>        term reject {
>>            then reject;
>>        }
>>    }
>>
>>  and this would allow your routes to be imported on R3
>>
>> policy-statement VRFX_IMPORT {
>>        term import {
>>            from {
>>                protocol bgp;
>>                community VRFX;
>>            }
>>            then accept;
>>        }
>>        term reject {
>>            then reject;
>>        }
>>    }
>>
>> Cheers,
>> Andy Vance
>> Sr. Network Engineer
>> Speakeasy
>> Direct > 206.971.5144 * Fax > 206.728.1500
>> Email > avance at hq.speakeasy.net  * Web > www.speakeasy.net
>>
>> Voice * Data * Managed Services
>>
>>
>>
>>
>> -----Original Message-----
>> From: juniper-nsp-bounces at puck.nether.net [mailto:
>> juniper-nsp-bounces at puck.nether.net] On Behalf Of Ioan Branet
>> Sent: Thursday, February 11, 2010 8:38 AM
>> To: juniper-nsp at puck.nether.net
>> Subject: [j-nsp] Route-leaking between a virtual-router instance and VRF
>> instance
>>
>> Hello Group,
>>
>>
>>
>> I have the following setup:
>>
>> R3(PE VRF X)----R1---R2(PE VRF X)----R5 (CE )
>>
>> On R2 on the interface connecting to R5 i have a virtual-router instance
>> and run OSPF with R5 in this instance and also a VRF X instance.
>>
>> I use rib-groups to leak the prefixes from virtual-router instance to VRF
>> X instance ,but when I want to export these prefixese tp R3 ot seems that I
>> can't do that,nothing is exported.
>> I see the prefixes in VRFX.inet.o from R5 but there are no VPNV4 prefixes
>> advertised to R3 PE.
>> Is there any posibility to make this leaking?
>>
>> Here is my config:
>>
>> R2:
>> Virtual-router instance between R2 and R5:
>>
>>  routing-instances
>> virtual-router {
>>    instance-type virtual-router;
>>    interface em2.0;
>>    routing-options {
>>        interface-routes {
>>            rib-group inet virtual-router ->GRT_AND_VRFX;
>>        }
>>        static {
>>            route 0.0.0.0/0 discard;
>>        }
>>    }
>>    protocols {
>>        ospf {
>>            rib-group virtual-router ->GRT_AND_VRFX;
>>            export DEFAULT_ORIGINATE_TAG_X;
>>            area 0.0.0.0 {
>>                interface em2.0;
>>            }
>>        }
>>    }
>>
>> VRF X routing instance (I do not use any protocol on VRFX and any
>> interfaces,this is only for export and import into VRFX)
>>
>>
>> instance-type vrf;
>> route-distinguisher 1:1;
>> vrf-import VRFX_IMPORT;
>> vrf-export VRFX_EXPORT;
>> vrf-target {
>>    import target:1:1;
>>    export target:1:1;
>> }
>> vrf-table-label;
>> routing-options {
>>    interface-routes {
>>        family inet {
>>            export {
>>                point-to-point;
>>                lan;
>>            }
>>        }
>>    }
>>
>> I want to leak also routes from VRFX to Global routing table
>>
>> root at R2> show configuration routing-options rib-groups
>> VRFX->virtual-router {
>>    import-rib [ VRFX.inet.0 virtual-router.inet.0 ]; }
>> virtual-router->GRT_AND_VRFX {
>>    import-rib [virtual-router.inet.0 VRFX.inet.0 inet.0 ]; } root at R2>
>> show configuration protocols ospf traceoptions {
>>    file OSPF size 10k world-readable;
>>    flag all;
>> }
>> area 0.0.0.0 {
>>    interface em0.0;
>>    interface lo0.0;
>> }
>>
>> term CONNECTED {
>>    from protocol direct;
>>    then {
>>        community add VRFX;
>>        accept;
>>    }
>> }
>> term OSPF {
>>    from {
>>        protocol ospf;
>>
>>    }
>>    then {
>>        community add VRFX ;
>>        accept;
>>    }
>> }
>> term REJECT {
>>    then reject;
>> }
>>
>> show configuration policy-options community VRFX members target:1:1;
>>
>> Routes received on R2 from virtual-router instance from R5 :
>> root at R2> show route table OSPF_6746_CASA.inet.0 next-hop 150.1.25.5
>>
>> virtual_router.inet.0: 15 destinations, 15 routes (15 active, 0 holddown,
>> 0
>> hidden)
>> + = Active Route, - = Last Active, * = Both
>>
>> 5.5.5.5/32         *[OSPF/10] 00:33:40, metric 1
>>                    > to 150.1.25.5 via em2.0
>> 10.210.192.0/20    *[OSPF/10] 00:33:40, metric 1
>>                    > to 150.1.25.5 via em2.0
>> 10.210.192.5/32    *[OSPF/10] 00:33:40, metric 1
>>                    > to 150.1.25.5 via em2.0
>>
>> These routes are leaked to VRFX ok:
>>
>> root at R2> show route table VRFX next-hop 150.1.25.5
>>
>> VRFX.inet.0: 29 destinations, 29 routes (29 active, 0 holddown, 0 hidden)
>> + = Active Route, - = Last Active, * = Both
>>
>> 5.5.5.5/32         *[OSPF/10] 00:36:40, metric 1
>>                    > to 150.1.25.5 via em2.0
>> 10.210.192.0/20    *[OSPF/10] 00:36:40, metric 1
>>                    > to 150.1.25.5 via em2.0
>> 10.210.192.5/32    *[OSPF/10] 00:36:40, metric 1
>>                    > to 150.1.25.5 via em2.0
>>
>> But these rotues from VRFX  are not advertised from R2 to R3 (other PE)
>>
>> root at R2> show route advertising-protocol bgp 1.1.1.1
>>
>> root at R2>
>>
>> Is there any way to export the routes leaked from virtual-router instance
>> from R2 to the other PE(R3)?
>>
>>
>>
>> Thank you,
>> John
>>  _______________________________________________
>> juniper-nsp mailing list juniper-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>>
>
>
>
>


More information about the juniper-nsp mailing list