[j-nsp] move routes from VRF to inet.0
Michael Gehrmann
mgehrmann at macquarietelecom.com
Mon Feb 3 17:44:58 EST 2014
Hi Tobias,
To put it simply your alternative option 2 would work. We use an Internet table/vrf to collect CE routes and then import a default from the Internet table into the CE vrf. To make it easy we add communities to the routes for easy identification.
Regards
Mike
-----Original Message-----
From: juniper-nsp [mailto:juniper-nsp-bounces at puck.nether.net] On Behalf Of Tobias Heister
Sent: Tuesday, 4 February 2014 4:43 AM
To: juniper-nsp at puck.nether.net
Subject: [j-nsp] move routes from VRF to inet.0
Hi,
I am trying to wrap my head around a (seemingly) simple l3VPN Setup with internet access. I am labing this up right now and got stuck.
The setup is very simple:
CE1 -- PE1 -- PE2 -- CE2
We have a l3VPN between CE1 und CE2, routes are exchanged and all routes from CE1 are seen by CE2 and vice versa. In this example CE-PE protocol is OSPF, but it could be any protocol i guess. We do have a sham-link setup between the PEs, so we do not need to redistribute the routes from BGP to OSPF on the PEs. Up to here eveything works fine.
We now want to give the customer/VRF access to the "internet" at PE1. PE1 has a full table in inet.0 so we configure a static default route on CE1 pointing to table inet.0
static {
route 0.0.0.0/0 next-table inet.0;
}
On CE1 we redistribute that default route to ospf so that CE2 knows how to reach the "internet"
CE2 can see the default route and will route all traffic to CE1
Now we need to let the "Internet" know how to reach the IPs of CE1 and CE2. Lets assume they use public addresses and we do not need to use nat.
We can use rib-groups to move the interfaces routes for CE1 to inet.0 we can also use a rib-group under protocols ospf in the routing instance on PE1 to get the ospf routes into inet.0
## routing instance ##
routing-options {
interface-routes {
rib-group inet C1-internet;
}
}
protocols {
ospf {
rib-group C1-internet;
export C1-export-default;
....
}
}
## rib-group
C1-internet {
import-rib [ C1.inet.0 inet.0 ];
}
Afterwards we do have all the routes known via OSPF and all the direct routes visible in inet.0 But what about the routes from CE2? They are only know as BGP routes imported via the vrf-target configuration.
Is there any way to move these BGP routes to the inet.0 table in PE1?
I have tried a couple of things e.g. auto-export but it seems only to work on the OSPF and direct routes, and i already have them covered with the rib-groups from above. Simply putting an route with next-table VRF into inet.0 will not work because we already have a route pointing back to inet.0 in this table and the junos parser will not let that happen.
> error: [rib inet.0 routing-options static]
> next-table may loop
I also tried to find help in the documentation, but it seems that this scenario is not covered. I also found a couple of older threads around the internet, but none of them really has a solution.
There might be a couple of alternate solutions coming to mind:
1. move all internet Routes to the CE1 table and use static routes to point back at the VRF with next-table from inet.0 which will not really scale beyond a single l3vpn.
2. use a separate VRF for the internet routes and use auto-export, rib-groups, vrf-import/export policy to move routes around. This would need a rework of our network and is not really feasible right now.
Do i miss something, like an easy knob? Or am i asking the wrong questions?
--
Kind Regards
Tobias
_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
More information about the juniper-nsp
mailing list