Junos
Junos

Route redistribution between VPN and base routing instance

11.18.10   |  
‎11-18-2010 09:42 PM

Hi,

 

  I am trying to do a couple of things not always done in a VPN and having trouble getting them working.

 

  I have an MPLS Layer 3 VPN up and working. Routes that are in the VPN are translating between routers ok. I want to achieve two things:

  1) get a default route to be injected into the VPN from a particular router. I have tried to do this using this format:

 

[edit routing-instances IP_1830_VPN]
engr@MXR1.MELB# show
instance-type vrf;
vrf-export TEST;
vrf-target target:65432:1;
routing-options {
    static {
        route 0.0.0.0/0 next-table inet.0;
    }
}

This creates the desired default route in the lcoal table, but doesn't redistribute it to other routers in the VPN. The closest I have been able to find the documentation to a suggestion in how to get this route to be redistributed is to use vrf-export. I have created the following:

 

[edit policy-options policy-statement TEST]
engr@MXR1.MELB# show
term 1 {
    from {
        protocol static;
        route-filter 0.0.0.0/0 orlonger;
    }
    then {
        community add IP_1830_VPN_COMM;
        accept;
    }
}
term 2 {
    then reject;
}
However, this doesn't work and nothing else I have tried does.

 

2) The second thing I am trying to do is to get all routes learnt in the VPN into the base route table (inet.0). I have been told (and the documentation seems to back this up) that this can be done using rib-groups. This is what I was trying:

 

engr@MXR1.MELB# show routing-options
rib-groups {
    IP_1830_VPN_TO_INET-0 {
        import-rib inet.0;
    }
}

 

then

[edit routing-instances IP_1830_VPN]
engr@MXR1.MELB# show
instance-type vrf;
vrf-export TEST;
vrf-target target:65432:1;
routing-options {
    static {
        route 0.0.0.0/0 next-table inet.0;
    }
    auto-export {
        family inet {
            unicast {
                rib-group IP_1830_VPN_TO_INET-0;
            }
        }
    }
}

Again, I have not been able to get this to work.

 

Any ideas, hints, rotten tomatoes?

5 REPLIES
Junos

Re: Route redistribution between VPN and base routing instance

11.18.10   |  
‎11-18-2010 09:44 PM

Sorry, should have included the following:

The redistribution is occurring on an MX-80 JunOS version 10.2R3.10. Other members of the VPN are J-2350s running 10.0R3.10.

Junos

Re: Route redistribution between VPN and base routing instance

11.19.10   |  
‎11-19-2010 11:32 AM

Hi Adam,

 

The 'vrf-target' configuration overrides both vrf-import and vrf-export policies, and replaces it with the default policy that matches on the route-target and then accepts.  Try removing the vrf-target command, and using a custom vrf-import policy instead.

 

Regards,

Ben

Junos

Re: Route redistribution between VPN and base routing instance

11.19.10   |  
‎11-19-2010 12:20 PM

Please ignore my previous comment.  The vrf-export policy should supersede the vrf-target command.  What is the output from

 

show route table IP_1830_VPN.inet.0 0/0 exact extensive

show route advertising-protocol bgp <remote-PE> table IP_1830_VPN.inet.0 0/0 exact extensive

 

 

 

 

 

Junos

Re: Route redistribution between VPN and base routing instance

11.21.10   |  
‎11-21-2010 05:11 PM

Ben,

 

As requested:

 

engr@MXR1.MELB> show route table IP_1830_VPN.inet.0 0/0 exact extensive

IP_1830_VPN.inet.0: 5 destinations, 5 routes (5 active, 0 holddown, 0 hidden)
0.0.0.0/0 (1 entry, 1 announced)
TSI:
KRT in-kernel 0.0.0.0/0 -> {Table}
        *Static Preference: 5
                Next table: inet.0
                Next-hop reference count: 7
                State: <Active Int Ext>
                Age: 3d 20:37:24
                Task: RT
                Announcement bits (2): 0-KRT 1-rt-export
                AS path: I


engr@MXR1.MELB> show route advertising-protocol bgp 172.16.48.5 table IP_1830_VPN.inet.0 0/0 exact extensive

engr@MXR1.MELB>

 

As you can see it is in the route table, but not getting forwarded out.

Highlighted
Junos

Re: Route redistribution between VPN and base routing instance

11.24.10   |  
‎11-24-2010 08:20 AM

You cannot copy a route from one instance to another (vrf-to-vrf or main-to-vrf) and advertise that route from the second instance.

 

I don't know why I know this fact or how I learned it (probably from experience long ago), but I know this doesn't work.

 

You need to have the prefix originate from the VRF or external peers within the VRF in order to advertise it into MPLS.  Here are two documents that cover different aspects of rib-groups, instance-import, and auto-export to accomplish route sharing in MPLS VPNS

Attachments