Routing

For BGP routes, we can set the rib-group on the BGP group or for direct or local routes, we can set the rib-group on interface-routes under routing-options. However, I cannot seem to find a way to leak aggregate routes between a virtual router routing-instance and the main instance, as there does not seem to be an option to set the rib-group for them. Does anyone have any suggestions?

Hi.

Here is your answer.

root@SRX240-01# show routing-instances TEST-AGG-ROUTE
instance-type virtual-router;
routing-options {
instance-import FROM-AGG;
}

----------master instance-----------

root@SRX240-01# show routing-options
aggregate {
route 10.0.0.0/8 ;
}

------------

policy-statement FROM-AGG {

term 1A {
from {
instance master;
protocol aggregate;
}
then accept;
}
then reject;
}

-----------Here is result on instance TEST-AGG

root@SRX240-01> show route table TEST-AGG-ROUTE.inet.0

TEST-AGG-ROUTE.inet.0: 2 destinations, 2 routes (2 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

0.0.0.0/0 *[Aggregate/130] 00:06:02
> to 172.16.1.1 via ge-0/0/3.0
10.0.0.0/8 *[Aggregate/130] 00:06:02
Reject

Hope it's useful

The instance-import seems to be working well for importing the aggregate routes from the master instance to the virtual router instance.

However, not having any luck importing the aggregate routes from the virtual router instance into the master instance. I tried using instance-export on the virtual router instance, as well as instance-import on the master instance but neither seems to work.

Here are the relevant configurations. Note that the aggregate route has been configured with metric 10 on the virtual router. For the sample route, you can see that there is only one entry in the master instance routing table, but two entries in the virtual router routing table.

> show configuration routing-options instance-import
instance-import AGGREGATE_EXPORT;

> show configuration policy-options policy-statement AGGREGATE_EXPORT    
term AGGREGATE_ALLOW {
    from {
        instance VIRTUAL;
        protocol aggregate;
    }
    then accept;
}
term DEFAULT_DENY {
    then reject;
}

> show configuration routing-instances VIRTUAL routing-options instance-import
instance-import AGGREGATE_IMPORT;

> show configuration policy-options policy-statement AGGREGATE_IMPORT
term AGGREGATE_ALLOW {
    from {
        instance master;
        protocol aggregate;
    }
    then accept;
}
term DEFAULT_DENY {
    then reject;
} 

> show route protocol aggregate x.x.x.0/24

inet.0: 516026 destinations, 684705 routes (513244 active, 8 holddown, 171323 hidden)
+ = Active Route, - = Last Active, * = Both

x.x.x.0/24   *[Aggregate/130] 00:23:40
                      Reject

VIRTUAL.inet.0: 193 destinations, 285 routes (193 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

x.x.x.0/24   *[Aggregate/130] 00:22:25
                      Reject
                    [Aggregate/130] 00:23:40, metric 10
                      Reject

So it looks like the instance-import from the main instance was working after all. Since the leaked route from the main instance was higher preference than the virtual router's own aggregate route, it wouldn't import the inactive route from the virtual router. Once I disabled the aggregate route on the main instance, and the virtual router saw its own aggregate route as preferred, the main instance was able to import it.

Thanks for your help!