[j-nsp] Strategies for migrating lots of customers into L3VPN / route-leaking

Daniel Rohan drohan at gmail.com
Wed Oct 8 18:40:45 EDT 2014

Hi all,

I'm working on virtualizing a regional network with about 500 customer
sites into an L3VPN. All of my customer routes (plus our internet routes)
currently exist in inet.0 on our routers. The end-state I’d like to achieve
is to have our provider's Internet routes isolated into a VRF and our
customers isolated into their own VRF with vrf-import policies leaking the
routes between the two.

Before someone asks “why?” I’ll just stop that and say that it’s likely
that in the near future I’ll have different customer classes demanding
different upstream providers on the same physical gear but still wanting
the same path/latency to the other customer classes we provide today.

So- I’d like to move our customer routes piecemeal into a VRF in as
controlled a way as possible without causing network segmentation or having
to constrain traffic through specific paths. That way we could move
reasonable sections of the network into the L3VPN over a period of a few
weeks. My first thought was to set up route leaking between the VRFs and
inet.0, but looking back at a recent threads on j-nsp as well as Juniper
docs, I realize it's not possible to export MP-BGP learned routes into
inet.0 using rib groups.

I'm currently looking into using bgp between lt interfaces on inet.0 and a
vrf to accomplish the route sharing, and that seems like a good
possibility, but I’m curious about a few things:

1) Does anyone run production traffic through lt interfaces between inet.0
and routing instances? (we’re using fairly lightly-loaded MX480s)

2) Does any one have a smarter strategy that I could borrow to accomplish
this transition? It all feels so kludge-y and brittle.


More information about the juniper-nsp mailing list