[j-nsp] move routes from VRF to inet.0
Adam Tajer
adam.tajer at gmail.com
Tue Feb 4 06:05:46 EST 2014
Tobias,
When you receive inet-vpn routes from remote PE, they are put into
bgp.l3vpn.0 first. This is their primary RIB from the perspective of this
PE. Entries in VRF are considered secondary & are already leaked based on
vrf-target/vrf-import policy (think of it as automatic leaking between
these two tables that happens in the background w/o additional config).
When you try to leak routes from VRF into inet.0 via rib-groups, you are
only touching the VRF routes local to this instance (import-rib definition
has to contain the primary table first - vpn-x.inet.0 in this case) &
copying them into inet.0. You cannot copy prefixes coming from remote PEs
in this way.
Thanks,
Adam
On Tue, Feb 4, 2014 at 9:47 AM, Tobias Heister <lists at tobias-heister.de>wrote:
> Hi,
>
> Am 04.02.2014 04:25, schrieb Bikram Singh:
> >> There might be a couple of alternate solutions coming to mind:
> >> 1. move all internet Routes to the CE1 table and use static routes to
> point back at the VRF with next-table from inet.0 which will not really
> scale beyond a single l3vpn.
> >> 2. use a separate VRF for the internet routes and use auto-export,
> rib-groups, vrf-import/export policy to move routes around. This would need
> a rework of our network and is not really
> > feasible right now.
> >
> > If point 2. is not feasible then you can do below
> >
> > Since you have already put a static route from VRF pointing to inet.0
> for the traffic going to internet now you need to work for reverse traffic
> from internetto CE1 or CE2 .
> >
> > As you have mentioned that they use Public IP in that case you can put
> all VPN routes (from CE1 and CE2 ) or aggregate routes into inet.0 using
> rib-goups to attract reverse traffic from
> > internet .
>
> That is actually what i am trying right now. But i am not able to put all
> the VPN Routes into inet.0
> I have trouble to move the ones learned from the remote PE, as i have no
> clue how and where to match them with a rib-groub as they are from protocol
> BGP and are placed there by the l3vpn
> itself. If you happen to have an example how to move the BGP routes
> received from the remote PE to inet.0 i would be happy if you would share
> it.
>
> I already have a manual aggregate route covering CE1 and CE2 prefixes in
> inet.0 which i am exporting into the iBGP to get the internet incoming
> Traffic to the PE1. What i am missing are
> routes for the remote CE/PE on PE1 inet.0 in order to direct the traffic
> to the remote PE (PE2/CE2).
>
> regards
> Tobias
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
More information about the juniper-nsp
mailing list