[j-nsp] move routes from VRF to inet.0
Steve Hulshof
cereal at gmail.com
Fri Feb 7 13:53:30 EST 2014
Tobias,
You can use a Logical Tunnel (LT) interface on the PE to interconnect your
VRF with inet.0 and exchange routes between each of them using BGP.
Config example to setup LT interface with VR routing-instance but this will
work with VRF as well:
https://www.juniper.net/techpubs/en_US/junos12.3/topics/example/logical-systems-connecting-ls-interface.html
Hope this helps!
Steve
On Mon, Feb 3, 2014 at 12:43 PM, Tobias Heister <lists at tobias-heister.de>wrote:
> Hi,
>
> I am trying to wrap my head around a (seemingly) simple l3VPN Setup with
> internet access. I am labing this up right now and got stuck.
>
> The setup is very simple:
>
> CE1 -- PE1 -- PE2 -- CE2
>
> We have a l3VPN between CE1 und CE2, routes are exchanged and all routes
> from CE1 are seen by CE2 and vice versa. In this example CE-PE protocol is
> OSPF, but it could be any protocol i guess. We do have a sham-link setup
> between the PEs, so we do not need to redistribute the routes from BGP to
> OSPF on the PEs. Up to here eveything works fine.
>
> We now want to give the customer/VRF access to the "internet" at PE1. PE1
> has a full table in inet.0 so we configure a static default route on CE1
> pointing to table inet.0
>
> static {
> route 0.0.0.0/0 next-table inet.0;
> }
>
> On CE1 we redistribute that default route to ospf so that CE2 knows how to
> reach the "internet"
> CE2 can see the default route and will route all traffic to CE1
>
> Now we need to let the "Internet" know how to reach the IPs of CE1 and
> CE2. Lets assume they use public addresses and we do not need to use nat.
> We can use rib-groups to move the interfaces routes for CE1 to inet.0 we
> can also use a rib-group under protocols ospf in the routing instance on
> PE1 to get the ospf routes into inet.0
>
> ## routing instance ##
>
> routing-options {
> interface-routes {
> rib-group inet C1-internet;
> }
> }
> protocols {
> ospf {
> rib-group C1-internet;
> export C1-export-default;
> ....
> }
> }
>
> ## rib-group
>
> C1-internet {
> import-rib [ C1.inet.0 inet.0 ];
> }
>
> Afterwards we do have all the routes known via OSPF and all the direct
> routes visible in inet.0
> But what about the routes from CE2? They are only know as BGP routes
> imported via the vrf-target configuration.
> Is there any way to move these BGP routes to the inet.0 table in PE1?
>
> I have tried a couple of things e.g. auto-export but it seems only to work
> on the OSPF and direct routes, and i already have them covered with the
> rib-groups from above. Simply putting an route with next-table VRF into
> inet.0 will not work because we already have a route pointing back to
> inet.0 in this table and the junos parser will not let that happen.
>
> > error: [rib inet.0 routing-options static]
> > next-table may loop
>
> I also tried to find help in the documentation, but it seems that this
> scenario is not covered. I also found a couple of older threads around the
> internet, but none of them really has a solution.
>
> There might be a couple of alternate solutions coming to mind:
> 1. move all internet Routes to the CE1 table and use static routes to
> point back at the VRF with next-table from inet.0 which will not really
> scale beyond a single l3vpn.
> 2. use a separate VRF for the internet routes and use auto-export,
> rib-groups, vrf-import/export policy to move routes around. This would need
> a rework of our network and is not really feasible right now.
>
> Do i miss something, like an easy knob? Or am i asking the wrong questions?
>
> --
> Kind Regards
> Tobias
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
More information about the juniper-nsp
mailing list