[j-nsp] Filtering of routes from VRF to other PE's

Peter Krupl Peter.Krupl at siminn.dk
Wed Nov 24 06:44:10 EST 2010 

Hi again,

I figured it out... just after I posted my question... -*sigh*-

When applying a vrf-export policy, one has to manually set the VRF target community.

This works...

root at PE1-HQ# show routing-instances test 
instance-type vrf;
interface lo0.666;
route-distinguisher 9167:666;
vrf-export export_test;
vrf-target target:9167:666;
vrf-table-label;
routing-options {
    static {
        route 1.1.1.1/32 discard;
        route 0.0.0.0/0 discard;
    }
}

root at PE1-HQ# show policy-options policy-statement export_test 
term 1 {
    from {
        route-filter 0.0.0.0/0 exact;
    }
    then reject;
}
term 2 {
    then {
        local-preference 1234;
        community add tgt_test;
        accept;
    }
}
term 3 {
    then reject;
}

The result on a remote PE:
root at PE1-HOR> show route table test terse    

test.inet.0: 4 destinations, 4 routes (4 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

A Destination        P Prf   Metric 1   Metric 2  Next hop        AS path
* 1.1.1.1/32         B 170       1234            >89.233.11.65    I
* 2.2.2.2/32         S   5                        Discard
* 10.0.0.1/32        B 170       1234            >89.233.11.65    I
* 10.0.0.2/32        D   0                       >lo0.666


Kind Regards,
Peter Krupl


> -----Original Message-----
> From: juniper-nsp-bounces at puck.nether.net [mailto:juniper-nsp-
> bounces at puck.nether.net] On Behalf Of Peter Krupl
> Sent: 24. November, 2010 12:19
> To: juniper-nsp at puck.nether.net
> Subject: [j-nsp] Filtering of routes from VRF to other PE's
> 
> Hi,
> 
> We are running a mixed MPLS network consisting both of cisco and juniper routers.
> Im missing the "default-information originate" knob for BGP peers in Junos.
> 
> It seems the solution  is to install a static default route, and advertise that to the
> CE's.
> But i do not want the default route to be advertized to the other PE's.
> 
> At the following URL:
> http://www.juniper.net/techpubs/en_US/junos10.1/information-products/topic-
> collections/config-guide-vpns/topic-33742.html#id-10149663
> I found the "vrf-export" statement, and did as described in the "Configuring an
> Export Policy for the PE Router's VRF Table" section.
> 
> As soon as I apply, the export policy below, nothing is announced for the VRF to
> the other PE's.
> 
> term export-0 {
>     from protocol [ static direct ospf rip bgp ];
>     then accept;
> }
> term 1 {
>     then reject;
> }
> 
> I have searched other threads in this forum, and found the "vpn-apply-export"
> option. Which should be disabled as im neither peering
> eBGP or running RR on the PE in question. . And I do not need to both apply the
> vrf-export, and then the bgp-export policies at the same time.
> 
> Any hits or solutions would be greatly appreciated.
> 
> 
> Kind Regards,
> Peter Krüpl
> 
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp

More information about the juniper-nsp mailing list