Junos
Reply
Visitor
Adam
Posts: 4
Registered: ‎10-10-2010
0

Route redistribution between VPN and base routing instance

Hi,

 

  I am trying to do a couple of things not always done in a VPN and having trouble getting them working.

 

  I have an MPLS Layer 3 VPN up and working. Routes that are in the VPN are translating between routers ok. I want to achieve two things:

  1) get a default route to be injected into the VPN from a particular router. I have tried to do this using this format:

 

[edit routing-instances IP_1830_VPN]
engr@MXR1.MELB# show
instance-type vrf;
vrf-export TEST;
vrf-target target:65432:1;
routing-options {
    static {
        route 0.0.0.0/0 next-table inet.0;
    }
}

This creates the desired default route in the lcoal table, but doesn't redistribute it to other routers in the VPN. The closest I have been able to find the documentation to a suggestion in how to get this route to be redistributed is to use vrf-export. I have created the following:

 

[edit policy-options policy-statement TEST]
engr@MXR1.MELB# show
term 1 {
    from {
        protocol static;
        route-filter 0.0.0.0/0 orlonger;
    }
    then {
        community add IP_1830_VPN_COMM;
        accept;
    }
}
term 2 {
    then reject;
}
However, this doesn't work and nothing else I have tried does.

 

2) The second thing I am trying to do is to get all routes learnt in the VPN into the base route table (inet.0). I have been told (and the documentation seems to back this up) that this can be done using rib-groups. This is what I was trying:

 

engr@MXR1.MELB# show routing-options
rib-groups {
    IP_1830_VPN_TO_INET-0 {
        import-rib inet.0;
    }
}

 

then

[edit routing-instances IP_1830_VPN]
engr@MXR1.MELB# show
instance-type vrf;
vrf-export TEST;
vrf-target target:65432:1;
routing-options {
    static {
        route 0.0.0.0/0 next-table inet.0;
    }
    auto-export {
        family inet {
            unicast {
                rib-group IP_1830_VPN_TO_INET-0;
            }
        }
    }
}

Again, I have not been able to get this to work.

 

Any ideas, hints, rotten tomatoes?

Visitor
Adam
Posts: 4
Registered: ‎10-10-2010
0

Re: Route redistribution between VPN and base routing instance

Sorry, should have included the following:

The redistribution is occurring on an MX-80 JunOS version 10.2R3.10. Other members of the VPN are J-2350s running 10.0R3.10.

Recognized Expert
benb
Posts: 204
Registered: ‎11-05-2007
0

Re: Route redistribution between VPN and base routing instance

Hi Adam,

 

The 'vrf-target' configuration overrides both vrf-import and vrf-export policies, and replaces it with the default policy that matches on the route-target and then accepts.  Try removing the vrf-target command, and using a custom vrf-import policy instead.

 

Regards,

Ben

Recognized Expert
benb
Posts: 204
Registered: ‎11-05-2007
0

Re: Route redistribution between VPN and base routing instance

Please ignore my previous comment.  The vrf-export policy should supersede the vrf-target command.  What is the output from

 

show route table IP_1830_VPN.inet.0 0/0 exact extensive

show route advertising-protocol bgp <remote-PE> table IP_1830_VPN.inet.0 0/0 exact extensive

 

 

 

 

 

Visitor
Adam
Posts: 4
Registered: ‎10-10-2010
0

Re: Route redistribution between VPN and base routing instance

Ben,

 

As requested:

 

engr@MXR1.MELB> show route table IP_1830_VPN.inet.0 0/0 exact extensive

IP_1830_VPN.inet.0: 5 destinations, 5 routes (5 active, 0 holddown, 0 hidden)
0.0.0.0/0 (1 entry, 1 announced)
TSI:
KRT in-kernel 0.0.0.0/0 -> {Table}
        *Static Preference: 5
                Next table: inet.0
                Next-hop reference count: 7
                State: <Active Int Ext>
                Age: 3d 20:37:24
                Task: RT
                Announcement bits (2): 0-KRT 1-rt-export
                AS path: I


engr@MXR1.MELB> show route advertising-protocol bgp 172.16.48.5 table IP_1830_VPN.inet.0 0/0 exact extensive

engr@MXR1.MELB>

 

As you can see it is in the route table, but not getting forwarded out.

Super Contributor
jwparks
Posts: 157
Registered: ‎04-20-2009
0

Re: Route redistribution between VPN and base routing instance

You cannot copy a route from one instance to another (vrf-to-vrf or main-to-vrf) and advertise that route from the second instance.

 

I don't know why I know this fact or how I learned it (probably from experience long ago), but I know this doesn't work.

 

You need to have the prefix originate from the VRF or external peers within the VRF in order to advertise it into MPLS.  Here are two documents that cover different aspects of rib-groups, instance-import, and auto-export to accomplish route sharing in MPLS VPNS

Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.