Routing

Hi,

I have two vrfs on a single J6350,( acting as a PE )  on which i want to exchange some routes..   Essentially i am marking up ( via a policy statement ) routes with extended communitys, and then importing them back into the other vrf by matching for those communitys..     This all worked well when the routes that i was exchanging were learned via BGP.     A unique situation cropped up last week, and i have had to use static routes on my PE devices as the client device does not speak BGP ( it is a non juniper router )...  

It seems that the static route is not shared between the vrf's..    The route is only found in the  1stvrf.inet.0 table and not the 2ndvrf.inet.0 route tables.. It is not present in bgp.l3vpn.0 This PE of course is connected to some other PE's and if i look for the route in teh bgp.l3vpn.0 route table there, it is present, and i'm able to import it ok..  

i've checked my vrf import policy.. and this has worked in the past for me..

blah@somepe> show configuration policy-options policy-statement 2ndvrf_vrf_import  
term 1 {
    from community [ community1 community2 community3 ];
    then accept;
}
term 2 {
    then reject;
}

Given that the route is not in the bgp.l3vpn.0 table on the local PE, this matching on community is'nt going to work anyway.

So   what  ( if anything ) can i use to export and import between vrfs on the local PE?

With Junos, you can use auto-export.

I wrote this document for a customer to demostrate it's use.

Attachment(s)

auto-export explanation and example.pdf   732 KB 1 version

Thanks so much..

Your example is similar to our setup and its all working nicely now!

Hi,

am using RIB-groups to leak interface routes between VRFs on the same PE2 and this is working fine. now i need leak one static route from one VRF to another VRF on the same PE still. how can i go about this?

below is the config i have.

re0# shown routing-instances SP-NSM
instance-type vrf;
interface ge-1/0/0.55;
interface ge-1/0/0.70;
interface ge-1/0/0.71;
route-distinguisher 37305:100;
vrf-import SP-NSM;
vrf-target target:37305:100;
vrf-table-label;
routing-options {
    interface-routes {
        rib-group inet SUPER-NSM;
    }
    static {
        route 192.168.2.0/24 next-hop 10.0.16.205;
    }
}


i need the above static route in this table.

-re0# show routing-instances FON-LAN-VPN
instance-type vrf;
interface ge-1/0/0.502;
route-distinguisher 37305:502;
vrf-import FON-LAN-IMPORT;
vrf-target target:37305:502;
vrf-table-label;
routing-options {
    interface-routes {
        rib-group inet FON-LAN-NSM-IMPORT;
    }
}

re0# show routing-options rib-groups FON-LAN-NSM-IMPORT

import-rib [ SP-NSM.inet.0 FON-LAN-VPN.inet.0  ];
import-policy INTERFACE-ROUTES;


re0# show policy-options policy-statement INTERFACE-ROUTES

term DIRECT {
    from protocol [ direct local static ];
    then accept;
}
term OTHER {
    then reject;
}

re0# run show route table SP-NSM.inet.0

SP-NSM.inet.0: 20 destinations, 20 routes (20 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

10.0.16.0/24 *[Direct/0] 3w0d 17:27:29
 > via ge-1/0/0.70

10.0.16.1/32 *[Local/0] 3w0d 17:27:29
 Local via ge-1/0/0.70

192.168.2.0/24 *[Static/5] 1d 01:13:14   <<the route i need leaked to the other VRF>>
 > to 10.0.16.205 via ge-1/0/0.70


re0# run show route table FON-LAN-VPN.inet.0

FON-LAN-VPN.inet.0: 26 destinations, 26 routes (26 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

10.0.16.0/24 *[Direct/0] 3w0d 17:31:57
 > via ge-1/0/0.70
10.0.16.1/32 *[Local/0] 3w0d 17:31:57
 Local via ge-1/0/0.70

Regards,

Sheeel.

Hello,

Please add following line to Your config:

set routing-instances SP-NSM routing-options static rib-group FON-LAN-NSM-IMPORT

You may want to fine-tune Your policy INTERFACE-ROUTES in case You don't want ALL of static routes from SP-NSM VRF to be copied to FON-LAN-VPN VRF.

HTH

Thanks

Alex

Hi Alex,

Thansk for the assistance, the route now is appearing on the FON-LAN-VPN table as static route, but i cant ping it from this table (FON-LAN-VPN). i can only ping it from SP-NSM instance where its defined. what could i be missing?

re0> show route table SP-NSM.inet.0
10.0.16.0/24       *[Direct/0] 3w1d 09:16:31
                               > via ge-1/0/0.70
10.0.16.1/32       *[Local/0] 3w1d 09:16:31
192.168.2.0/24     *[Static/5] 11:43:47
                    > to 10.0.16.205 via ge-1/0/0.70

re0> show route table FON-LAN-VPN.inet.0
10.0.16.0/24       *[Direct/0] 3w1d 09:19:40
                    > via ge-1/0/0.70
10.0.16.1/32       *[Local/0] 3w1d 09:19:40
                      Local via ge-1/0/0.70
192.168.2.0/24     *[Static/5] 11:46:56
                    > to 10.0.16.205 via ge-1/0/0.70 ......<< now apperaing >>


re0> ping 192.168.2.251 routing-instance SP-NSM
PING 192.168.2.251 (192.168.2.251): 56 data bytes
64 bytes from 192.168.2.251: icmp_seq=0 ttl=63 time=23.366 ms
64 bytes from 192.168.2.251: icmp_seq=1 ttl=63 time=13.853 ms


re0> ping 192.168.2.251 routing-instance FON-LAN-VPN rapid
PING 192.168.2.251 (192.168.2.251): 56 data bytes
....^C
--- 192.168.2.251 ping statistics ---
5 packets transmitted, 0 packets received, 100% packet loss

Hello,

---

@sheeel wrote:

Hi Alex,

 

Thansk for the assistance, the route now is appearing on the FON-LAN-VPN table as static route, but i cant ping it from this table (FON-LAN-VPN). i can only ping it from SP-NSM instance where its defined. what could i be missing?  

---

Two things:

1/ source address for pings - You need to explicitly select the src.ip which is reachable from the static' route destination

2/ return VRF - if the pings are initiated from FON-LAN-VPN table but pings return to SP-NSM, then the ping response is not recognised.

HTH

Thanks
Alex

aarseniev wrote:

Hello,

Two things:

1/ source address for pings - You need to explicitly select the src.ip which is reachable from the static' route destination

 

ping 192.168.2.251 from FON-LAN-VPN with source of 10.0.16.1

 

• re0> ping 192.168.2.251 routing-instance FON-LAN-VPN source 10.0.16.1 rapid
  PING 192.168.2.251 (192.168.2.251): 56 data bytes
  .....
  --- 192.168.2.251 ping statistics ---
  5 packets transmitted, 0 packets received, 100% packet loss

ping 192.168.2.251 from SP-NSM with source of 10.0.16.1

 

re0> ping 192.168.2.251 routing-instance SP-NSM source 10.0.16.1
PING 192.168.2.251 (192.168.2.251): 56 data bytes
64 bytes from 192.168.2.251: icmp_seq=0 ttl=63 time=14.058 ms
64 bytes from 192.168.2.251: icmp_seq=1 ttl=63 time=14.148 ms
^C

 

 

2/ return VRF - if the pings are initiated from FON-LAN-VPN table but pings return to SP-NSM, then the ping response is not recognised.

 

•    What can i do abou this?? coz the ping response will first hit the SP-NSM table.

 

attached, please find the network diagram, is there any other way i could achieve this requirment?

 

HTH

Thanks
Alex

---

Attachment(s)

net-diagram.pdf   124 KB 1 version