[j-nsp] Half Duplex VRF

Saku Ytti saku at ytti.fi
Sat Oct 20 04:19:24 EDT 2012 

On (2012-10-19 17:18 -0700), Chris Cappuccio wrote:

> He means that the concept is applicable on any implementation. It's not a special feature that has to be designed in. The cisco configuration should be trivial to translate to junos.

ACK. It is implementable in JunOS. The only complex bit is, how to put
single linknetwork to multiple VRF.

Cisco makes this easy because 

a) You can RIB hop with static routes directly by specifying interface (in
JunOS you cannot do this per static route, you can add resolve-rib, but
it's global to routing-instance and non-starter)

b) you can use simple command 'ip vrf receive X' to import linkntework to
multiple VRF. In JunOS there are multiple ways to do this, none of them
completely satisfactory, to me at least.

I chose to do this via non-forwarding routing instance. You could
technically use any participating VRF also, but provisioning-wise it's
quite silly idea, since if VRFs come and you, you need to keep track where
to move the hack. If it's separate VRF you don't have to worry and it's
easy to model for automation.

So this is example of my 'vrf receive X' emulation:
    NF-ge-1/1/0.232 {
        instance-type no-forwarding;
        interface ge-1/1/0.232;
        routing-options {
            interface-routes {
                rib-group inet ge-1/1/0.232;
            }
        }
    }

rib-group being:
        ge-1/1/0.232 {
            import-rib [ NF-ge-1/1/0.232.inet.0 inet.0 VRF13324.inet.0 VRF13326.inet.0 VRF13327.inet.0 VRF13325.inet.0 VRF13319.inet.0 ];
        }


That is physical interface belongs to the NF instance, real VRFs don't have any
interface, but can make static routes towards this NF instance interface.
Incoming packets are assigned to correct instance via FW filter.

Then one other thing that might bite you, if one of the instances is INET in
half-duplex or vrf-select and you need to use FW filter to select INET, you
need to use 'then routing-instance default' which will claim "## 'default' is
not defined". But don't worry it's still supported by Juniper and works as
planned, CLI warning will disappear in due time.

-- 
  ++ytti

More information about the juniper-nsp mailing list