SRX

Hi,

Is there a reason this policy doesn't work?

prefix-list routes-from-main {
1.1.1.0/24;
}

policy-statement accept-from-main {
term ok {
from {
rib inet.0;
prefix-list routes-from-main;
}
then accept;
}
term reject-rest {
then reject;
}
}

Basically I wanted to import a route from inet.0 to another routing instance.

Importing routes from a routing instance to another instance (or even inet.0) works with from instance statement:

prefix-list routes-from-test-vr {
    1.1.1.0/24;
}
policy-statement accept-from-test-vr {
    term ok {
        from {
            instance test-vr;
            prefix-list routes-from-test-vr;
        }
        then accept;
    }
    term reject-rest {
        then reject;
    }
}

test2-vr {
    instance-type virtual-router;
    interface lo0.1;
    routing-options {
        instance-import accept-from-test-vr;
    }
}

What does from rib statement match anyways, and how does it compare to from instance matching?

Is there a way to make from rib statement work or i'll have to resort to rib-groups?

edit: perhaps a shorter question would be, how to reference the main/master (inet.0) instance in policy-statement from instance ?

Hello,

"from rib" is mainly used in BGP export policies - for example, when You have BGP-LU using inet.3 and BGP inet unicast using inet.0, You may want to apply different match criteria on export. That's where You start using "from rib" knob.

When importing from one routing instance to another, You have to use "from instance" knob EXCEPT when You are using VRF instances. "From instance" does not work when using VRFs as opposed to "virtual-routers" and that's where You have to use "auto-export"+VRF import policy, or rib-groups.

And to make the story complete, when importing from VRF instance to inet.0, NONE of the above works, there is a workaround but it is too complex for Your simple tasks.

HTH

Thx

Alex

instance-import is meant for only user-defined routing instance not for default master routing instance .

Its an import policy meant for VRF instance RIB's not global instance rib's like inet.0

I beleive rib-group is the easier option available.

Please mark my solution as accepted if it solves your question

Hello,

---

@Vincy wrote:

instance-import is meant for only user-defined routing instance not for default master routing instance .

 

 

---

Not true, one can import from inet.0 into VR (Virtual Router) instance  using "instance-import", I've done it many times.

---

@Vincy wrote:

 

 

Its an import policy meant for VRF instance RIB's 

 

 

---

"instance-import" does not work for VRF instance, see my earlier post.

Thx

HTH

Alex

Hi aarseniev,

can you please clarify how I can import from inet.0 to another virtual router instance?

policy-statement accept-from-main {
    term ok {
        from {
            instance inet.0;
            prefix-list routes-from-main;
        }
        then accept;
    }
    term reject-rest {
        then reject;
    }
}

I fail to see how I can even use the from instance statement when dealing with inet.0

  'instance inet.0'
    no instance inet.0
error: configuration check-out failed

Hello,

Easy 

policy-statement accept-from-main {
    term ok {
        from {
            instance master;
            prefix-list routes-from-main;
        }
        then accept;
    }
    term reject-rest {
        then reject;
    }
}

HTH

Thx

Alex

I'm at loss of words..

Simply beautiful!

Thanks! 🙂