[j-nsp] Merging routes from VRF to inet.0
Chuck Anderson
cra at WPI.EDU
Wed Jan 14 11:15:18 EST 2015
I just found this excellent post that describes how rib-groups and
auto-export work, including the differences between them. I don't
think auto-export will work for going to the main/default inet.0 table
(it relies on route-distinguishers, so it only works between VRFs),
but "instance-import/export" may work instead if you'd rather not use
rib-groups:
http://forums.juniper.net/t5/TheRoutingChurn/Using-rib-groups-or-auto-export-for-route-leaking/ba-p/202349
On Wed, Jan 14, 2015 at 10:52:40AM -0500, Chuck Anderson wrote:
> I do this with rib-groups directly, not auto-export. You need to
> mention both the VRF and inet.0 tables in the rib-group, with the VRF
> one first (primary table):
>
> Main routing-options:
>
> routing-options {
> rib-groups {
> vrf_and_inet0 {
> import-rib [ vrf.inet.0 inet.0 ];
> import-policy my_pol;
> }
> }
> }
>
> You also need to add the rib-group to the direct routes, and BGP
> protocol (and/or OSPF or whatever the PE-CE protocol is) inside the
> VRF:
>
> routing-instances vrf {
> routing-options {
> interface-routes {
> rib-group {
> inet vrf_and_inet0;
> }
> }
> }
> protocols {
> bgp {
> family inet {
> unicast {
> rib-group vrf_and_inet0;
> }
> }
> }
> }
> }
>
> Add other families and/or multicast as needed.
>
> On Wed, Jan 14, 2015 at 04:01:50PM +0100, Tom Eichhorn wrote:
> > Hi Dave & j-nsp,
> >
> > I tried your example,
> > but it does not work - and I am a little bit helpless:
> >
> > http://0bin.net/paste/lpH6zV8Pk2EXnI9L#F5xzmKZTpl9hA5QjZipHfz83-xdG6qexK4MGyM6SSCU
> >
> > I also tried having an "accept all" import policy, but that doesn't
> > changed anything.
> >
> > Thanks for your help,
> > Tom
> >
> > PS: This is a MX running 12.3R5.7
> >
> > Am 14/01/15 um 11:37 schrieb Dave Bell:
> > >rib-groups is indeed the simplest way to do this. Something like this
> > >should work for you:
> > >
> > >routing-options {
> > > rib-groups {
> > > import_inet0 {
> > > import-rib inet.0;
> > > import-policy my_pol;
> > > }
> > >}
> > >
> > >policy-options {
> > > policy-statement my_pol {
> > > term 10 {
> > > from {
> > > route-filter a.b.c.d/32 exact;
> > > }
> > > then accept;
> > > }
> > > term 30 {
> > > then reject;
> > > }
> > > }
> > >}
> > >routing-instances {
> > > my_instance {
> > > routing-options {
> > > static {
> > > route 0.0.0.0/0 next-table inet.0;
> > > }
> > > auto-export {
> > > family inet {
> > > unicast {
> > > rib-group import_inet0;
> > > }
> > > }
> > > }
> > > }
> > >}
> > >
> > >On 14 January 2015 at 09:31, Tom Eichhorn <tom at wirkbetrieb.net> wrote:
> > >>Hi Guys,
> > >>
> > >>I am currently facing a problem,
> > >>to which I do not have currently a clean solution:
> > >>
> > >>I have routes in some L3 VPN vrf, and I need to merge some of them to
> > >>inet.0,
> > >>but I have no real clue how to do that.
> > >>
> > >>RIB-groups would only merge all, and tbh, I never understood rib-groups and
> > >>the
> > >>documentation is a little bit unclear how they work.
> > >>
> > >>My current solution is having a lt-interface between the inet.0 and
> > >>vrf.inet.0 and speaking BGP,
> > >>but that limits the traffic volume to one PFE (yes, I could have
> > >>lt-interfaces on each PFE and do ECMP, but
> > >>that would be that dirty...)
> > >>
> > >>I tried also instance-import under routing-options, but that doesn't work
> > >>for some reason, instance-export
> > >>in the vrf is not supported - this only works for virtual routers, but not
> > >>VRFs...
> > >>
> > >>I also tried some bad hacks on the bgp configuration, e.g. deleting the
> > >>vrf-community before importing etc,
> > >>but all of that also did not work :(
> > >>
> > >>Any hint or idea?
> > >>
> > >>Thanks,
> > >>Tom
> > >>
> > >>PS: For the other way round, getting the default route to the VRF, I simply
> > >>use a next-table inet.0 route in the vrf.
More information about the juniper-nsp
mailing list