03-15-2012 12:43 PM - edited 03-15-2012 12:52 PM
This post will help everybody to understand how the inter-VR routing works on Juniper SRX. While reading the below text, this please refer to the attached diagram side-by-side.
I have two routing instances on SRX, inside_vr & outside_vr. The X.X.X.X/24 route is learned via ospf from ex in the inside_vr routing table & the second instance’s outside_vr table contains the default (0.0.0.0/0) route learned via ospf from mx. What filter (prefix-list) I should apply in order to allow only specific route must get exchange between inside_vr & outside_vr on SRX? i.e from inside_vr only X.X.X.X/24 route must be propagated & must be allowed to enter outside_vr & from outside_vr only 0.0.0.0/0 route must be propagated & must be allowed to enter inside_vr.
Once the inter-vr routing is through on SRX, I need to know what routing policy I need to configure on SRX in order to exchange the default (0.0.0.0/0) OSPF route in inside_vr learned via inter-vrf route exchange should be propagated to EX (on left side of SRX) & X.X.X.X/24 OSPF route in outside_vr learned via inter-vrf route exchange should be propagated to MX (on right side of SRX).
I have also made a sample configuration & it's very easy to understand, but i need to ensure that should be working or not. Please have a look
many many thanks.
03-15-2012 03:38 PM
I think looking at your post you want to leak routes from inet.0 to the other instance. The prefered method for this is a RIB group. Have you looked up examples on RIB-groups? There are many on this forum and other juniper sites.
JNCIA IDP AC WX JNCIS FW SSL JNCIP SEC ENT SP JNCI
If this worked for you please flag my post as an "Accepted Solution" so others can benefit. A kudo would be cool if you think I earned it.
03-15-2012 08:13 PM
No, i am leaking the routes between the inside_vr & outside_vr and i have to allow specific routes to be leaked betwn the 2 VRs. Well that's my requirement.
03-16-2012 01:01 AM
I normally use route-filter instead of prefix-list but I don't see why it shouldn't work the way you configured.
Like Screenie mentioned, another option is using rib-groups. Using an import-policy on them.
(if my post helped solve your problem, mark it as accepted solution)
03-16-2012 04:26 AM
Thanks for your reply. If you have any better way to do this then please share. From your reply it seems that it shoul dwork but the problem is that in the inside_vr i am seeing the deafult route as follows:
inside_vr.inet.0: 12 destinations, 12 routes (12 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
0.0.0.0/0 *[Kernel/4294967294] 00:01:07
> to192.168.1.2 via ge-1/0
In the inside_vr it is showing the default route is rechable via ge-1/0 which lies in in outside_vr & also it is pointing the next-hop IP address of outside_vr. In the inside_vr it is not showing the next-hop for 0.0.0.0/0 as outside_vr. Is this normal???
Refer to my diagram