[j-nsp] Leaking from a vrf to inet0

Chuck Anderson cra at WPI.EDU
Mon Mar 21 12:17:02 EDT 2016


On Mon, Mar 21, 2016 at 05:04:35PM +0100, Raphael Mazelier wrote:
> I am currently evaluating how to migrate the internet dmz, and the
> public pfx of my customers into VRF.
> During the migration phase I have to leak pfx from vrf to the global table.
> Don't ask why, but I cannot do the leaking on the PE-CE side as it
> should normaly occur.
> So I want to do leaking on the remote PE from pfx learned via mp-bgp
> on the vrf to the global, and afaik it is not possible directly.
> 
> I know that this topic have been discussed before, but if someone
> have some hints on how to do this the cleanest way possible.

You can use rib-groups to do this.

> - advertise twice the route in family inet in addition to inet-vpn,
> in order to leak it with rib-group (since rib-group only work when
> pfx is in a primary table)

I don't think this is true.  I'm doing this and it works.

set routing-instances INTERNET protocols bgp family inet unicast rib-group INTERNET-to-MAIN-UCAST
set routing-instances INTERNET protocols bgp family inet6 unicast rib-group INTERNET-to-MAIN-UCAST6
set routing-options rib-groups INTERNET-to-MAIN-UCAST import-rib INTERNET.inet.0
set routing-options rib-groups INTERNET-to-MAIN-UCAST import-rib inet.0
set routing-options rib-groups INTERNET-to-MAIN-UCAST6 import-rib INTERNET.inet6.0
set routing-options rib-groups INTERNET-to-MAIN-UCAST6 import-rib inet6.0


More information about the juniper-nsp mailing list