[j-nsp] move routes from VRF to inet.0

Mon Feb 3 12:43:12 EST 2014

Hi,

I am trying to wrap my head around a (seemingly) simple l3VPN Setup with internet access. I am labing this up right now and got stuck.

The setup is very simple: 

CE1 -- PE1 -- PE2 -- CE2

We have a l3VPN between CE1 und CE2, routes are exchanged and all routes from CE1 are seen by CE2 and vice versa. In this example CE-PE protocol is OSPF, but it could be any protocol i guess. We do have a sham-link setup between the PEs, so we do not need to redistribute the routes from BGP to OSPF on the PEs. Up to here eveything works fine.

We now want to give the customer/VRF access to the "internet" at PE1. PE1 has a full table in inet.0 so we configure a static default route on CE1 pointing to table inet.0

static {
    route 0.0.0.0/0 next-table inet.0;
}

On CE1 we redistribute that default route to ospf so that CE2 knows how to reach the "internet"
CE2 can see the default route and will route all traffic to CE1

Now we need to let the "Internet" know how to reach the IPs of CE1 and CE2. Lets assume they use public addresses and we do not need to use nat.
We can use rib-groups to move the interfaces routes for CE1 to inet.0 we can also use a rib-group under protocols ospf in the routing instance on PE1 to get the ospf routes into inet.0

## routing instance ##

routing-options {
	interface-routes {
   		rib-group inet C1-internet;
	}
}
protocols {
	ospf {
		rib-group C1-internet;
		export C1-export-default;
		....
	}
}

## rib-group

C1-internet {
    import-rib [ C1.inet.0 inet.0 ];
}

Afterwards we do have all the routes known via OSPF and all the direct routes visible in inet.0
But what about the routes from CE2? They are only know as BGP routes imported via the vrf-target configuration.
Is there any way to move these BGP routes to the inet.0 table in PE1?

I have tried a couple of things e.g. auto-export but it seems only to work on the OSPF and direct routes, and i already have them covered with the rib-groups from above. Simply putting an route with next-table VRF into inet.0 will not work because we already have a route pointing back to inet.0 in this table and the junos parser will not let that happen.

> error: [rib inet.0 routing-options static]
>     next-table may loop

I also tried to find help in the documentation, but it seems that this scenario is not covered. I also found a couple of older threads around the internet, but none of them really has a solution.

There might be a couple of alternate solutions coming to mind:
1. move all internet Routes to the CE1 table and use static routes to point back at the VRF with next-table from inet.0 which will not really scale beyond a single l3vpn.
2. use a separate VRF for the internet routes and use auto-export, rib-groups, vrf-import/export policy to move routes around. This would need a rework of our network and is not really feasible right now.

Do i miss something, like an easy knob? Or am i asking the wrong questions?

-- 
Kind Regards
Tobias