[j-nsp] JunOS RPKI/ROA database in non-default routing instance, but require an eBGP import policy in inet.0 (default:default LI:RI) to reference it.

[Saku Ytti]

On Mon, 5 Jun 2023 at 11:13, Lukas Tribus via juniper-nsp
<juniper-nsp at puck.nether.net> wrote:

> in Cisco land I worked around VRF or source interface selection
> limitations for RTR by using SSH as a transport method, which then
> used SSH client source-vrf/source-interface configurations.
>
> I don't know if JunOS supports SSH transported RTR though.

It is immaterial, it wouldn't work.

If someone would actually need to make it work, they'd leak between
VRF/Internet, so that RTR configured on the Internet actually goes via
the NMS VRF. This could be accomplished in a multitude of poor ways.
Egress could be next-table static route, ingress could be firewall
filter with from source-address rtr then routing-instance default. Or
it could be LT between VRF and default instance.


-- 
  ++ytti