[j-nsp] Merging routes from VRF to inet.0

Fri Jan 16 14:49:41 EST 2015

Hi Guys,

I have found an answer why my rib-groups and everything is not working:
All fiddling with RIB-groups is for PE-CE, and not for PE-PE.
As the primary route is in bgp.l3vpn.0, I cannot leak from vrf.inet.0, 
which is the secondary table for the route.

(If somebody asks why I can't do the leaking on the CE-PE router - there 
is non. The other side of the
VPN is a contrail controller, which only speaks inet-vpn.).

I also discussed with this my SE, and they didn't had a quick answer but 
have to discuss internally,
but I hope that our community here maybe also has an idea howto leak 
routes received via inet-vpn to inet.0...

Thanks,
Tom

PS:
No, rib-groups between bgp.l3vpn.0 and inet.0 doesn't work, tried that 
already.

Am 14/01/15 um 17:15 schrieb Chuck Anderson:
> I just found this excellent post that describes how rib-groups and
> auto-export work, including the differences between them.  I don't
> think auto-export will work for going to the main/default inet.0 table
> (it relies on route-distinguishers, so it only works between VRFs),
> but "instance-import/export" may work instead if you'd rather not use
> rib-groups:
>
> http://forums.juniper.net/t5/TheRoutingChurn/Using-rib-groups-or-auto-export-for-route-leaking/ba-p/202349
>
> On Wed, Jan 14, 2015 at 10:52:40AM -0500, Chuck Anderson wrote:
>> I do this with rib-groups directly, not auto-export.  You need to
>> mention both the VRF and inet.0 tables in the rib-group, with the VRF
>> one first (primary table):
>>
>> Main routing-options:
>>
>> routing-options {
>>      rib-groups {
>>          vrf_and_inet0 {
>>              import-rib [ vrf.inet.0 inet.0 ];
>>              import-policy my_pol;
>>          }
>>      }
>> }
>>
>> You also need to add the rib-group to the direct routes, and BGP
>> protocol (and/or OSPF or whatever the PE-CE protocol is) inside the
>> VRF:
>>
>> routing-instances vrf {
>>      routing-options {
>>          interface-routes {
>>              rib-group {
>>                  inet vrf_and_inet0;
>>              }
>>          }
>>      }
>>      protocols {
>>          bgp {
>>              family inet {
>> 	        unicast {
>> 		    rib-group vrf_and_inet0;
>> 		}
>> 	    }
>> 	}
>>      }
>> }
>>
>> Add other families and/or multicast as needed.
>>
>> On Wed, Jan 14, 2015 at 04:01:50PM +0100, Tom Eichhorn wrote:
>>> Hi Dave & j-nsp,
>>>
>>> I tried your example,
>>> but it does not work - and I am a little bit helpless:
>>>
>>> http://0bin.net/paste/lpH6zV8Pk2EXnI9L#F5xzmKZTpl9hA5QjZipHfz83-xdG6qexK4MGyM6SSCU
>>>
>>> I also tried having an "accept all" import policy, but that doesn't
>>> changed anything.
>>>
>>> Thanks for your help,
>>> Tom
>>>
>>> PS: This is a MX running 12.3R5.7
>>>
>>> Am 14/01/15 um 11:37 schrieb Dave Bell:
>>>> rib-groups is indeed the simplest way to do this. Something like this
>>>> should work for you:
>>>>
>>>> routing-options {
>>>>      rib-groups {
>>>>          import_inet0 {
>>>>              import-rib inet.0;
>>>>              import-policy my_pol;
>>>>          }
>>>> }
>>>>
>>>> policy-options {
>>>>      policy-statement my_pol {
>>>>          term 10 {
>>>>              from {
>>>>                  route-filter a.b.c.d/32 exact;
>>>>              }
>>>>              then accept;
>>>>          }
>>>>          term 30 {
>>>>              then reject;
>>>>          }
>>>>      }
>>>> }
>>>> routing-instances {
>>>>      my_instance {
>>>>          routing-options {
>>>>              static {
>>>>                  route 0.0.0.0/0 next-table inet.0;
>>>>              }
>>>>              auto-export {
>>>>                  family inet {
>>>>                      unicast {
>>>>                          rib-group import_inet0;
>>>>                      }
>>>>                  }
>>>>          }
>>>>      }
>>>> }
>>>>
>>>> On 14 January 2015 at 09:31, Tom Eichhorn <tom at wirkbetrieb.net> wrote:
>>>>> Hi Guys,
>>>>>
>>>>> I am currently facing a problem,
>>>>> to which I do not have currently a clean solution:
>>>>>
>>>>> I have routes in some L3 VPN vrf, and I need to merge some of them to
>>>>> inet.0,
>>>>> but I have no real clue how to do that.
>>>>>
>>>>> RIB-groups would only merge all, and tbh, I never understood rib-groups and
>>>>> the
>>>>> documentation is a little bit unclear how they work.
>>>>>
>>>>> My current solution is having a lt-interface between the inet.0 and
>>>>> vrf.inet.0 and speaking BGP,
>>>>> but that limits the traffic volume to one PFE (yes, I could have
>>>>> lt-interfaces on each PFE and do ECMP, but
>>>>> that would be that dirty...)
>>>>>
>>>>> I tried also instance-import under routing-options, but that doesn't work
>>>>> for some reason, instance-export
>>>>> in the vrf is not supported - this only works for virtual routers, but not
>>>>> VRFs...
>>>>>
>>>>> I also tried some bad hacks on the bgp configuration, e.g. deleting the
>>>>> vrf-community before importing etc,
>>>>> but all of that also did not work :(
>>>>>
>>>>> Any hint or idea?
>>>>>
>>>>> Thanks,
>>>>> Tom
>>>>>
>>>>> PS: For the other way round, getting the default route to the VRF, I simply
>>>>> use a next-table inet.0 route in the vrf.
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp