Re: [j-nsp] copy vpn routes to inet.0

[Richmond, Jeff]

Ok, I'll try to answer all your questions, but am in a rush, so if I miss 
something, just let me know.

1. The default route is for jumping out of the VPN to inet.0. You don't need 
this if you don't want to leave the VPN. In other words you can still advertise 
your VPN routes to inet.0 just using auto-export and rib groups.

2. Yes, as I showed in the example, I am publishing the VRF-specific loopback 
to inet.0 using auto-export. Same exact formula for physical interfaces as well.

3. As for the remote routes, it will not work. Basically, if the local PE 
learns routes from other PEs, it will not readvertise them to inet.0 like it 
will with the local PE routes. This really stinks for me as I can't use a 
single PE as a gateway into the VRF (well, not easily anyway).

4. As for an explanation of auto-export, I am probably not the best person to 
explain all of its details or differences with other junos knobs. I would 
suggest getting with your SE and having them dig up the detailed info for you.

Take care,
-Jeff
________________________________________
From: snort bsd [snort...@yahoo.com.au]
Sent: Wednesday, December 24, 2008 10:12 PM
To: juniper-nsp; Richmond, Jeff
Subject: RE: [j-nsp] copy vpn routes to inet.0

thanks, jeff

but your primary table is inet.0 but the default route 0/0 point to next table 
of inet.0. how does that work?

actually i am very interested in your old post:

"Just be aware that you can only do this with local routes in the VRF, not
remotely learned routes from other PEs. At one point I was wanting to make a
"gateway" PE using auto-export and RIB groups to enter/exit the VRF on a single
PE, which works great with local routes (interface, static, etc.), but will not
work with remotely learned VRF routes (via MBGP). I asked Juniper about this,
and was basically told it just won't work. So, I ended up having each PE do
auto-export... "

indeed i am trying to copy vpn routes learned from other PE routers into inet.0 
and as you had pointed before, it would not work. now i am dying to know why 
not...:)

also how could you get that vpn specific loopback into inet.0? via 
"auto-export" statement?

what does that "auto-export" statement mean? automatically export all of routes 
under that VRF to route tables of inet.0 and 300.inet.0? honestly i still can't 
get clear meaning of this "auto-export" statement.

in fact, if that just for the lo0.300, i could just use "interface-routes" 
statement under that vpn instance to achieve the same result.



--- On Wed, 24/12/08, Richmond, Jeff <jeff.richm...@frontiercorp.com> wrote:

From: Richmond, Jeff <jeff.richm...@frontiercorp.com>
Subject: RE: [j-nsp] copy vpn routes to inet.0
To: "snort bsd" <snort...@yahoo.com.au>, "juniper-nsp" 
<juniper-nsp@puck.nether.net>
Received: Wednesday, 24 December, 2008, 6:20 PM

Here is a sample from one of my lab routers. I am just using a loopback IP 
inside VRF 300, but as you can see, it is now seen in inet.0.

j...@r2> show configuration routing-instances 300
description "Customer 2 VRF";
instance-type vrf;
interface lo0.300;
vrf-target target:65100:300;
vrf-table-label;
routing-options {
    static {
        route 0.0.0.0/0 next-table inet.0;
    }
    auto-export {
        family inet {
            unicast {
                rib-group CUST300-RIB;
            }
        }
    }
}


j...@r2> show configuration routing-options rib-groups
CUST300-RIB {
    import-rib [ inet.0 300.inet.0 ];
    import-policy RESTRICT-VRF300;
}


j...@r2> show configuration interfaces lo0 unit 300
family inet {
    address 10.99.99.1/32;
}

j...@r2> show route 10.99.99.1
inet.0: 152 destinations, 167 routes (104 active, 0 holddown, 48 hidden)
+ = Active Route, - = Last Active, * = Both

10.99.99.1/32      *[Direct/0] 14:18:57
                    > via lo0.300

300.inet.0: 2 destinations, 2 routes (2 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

10.99.99.1/32      *[Direct/0] 14:18:57
                    > via lo0.300


________________________________________
From: 
juniper-nsp-boun...@puck.nether.net</mc/compose?to=juniper-nsp-boun...@puck.nether.net>
 
[juniper-nsp-boun...@puck.nether.net</mc/compose?to=juniper-nsp-boun...@puck.nether.net>]
 On Behalf Of snort bsd 
[snort...@yahoo.com.au</mc/compose?to=snort...@yahoo.com.au>]
Sent: Tuesday, December 23, 2008 3:27 PM
To: juniper-nsp
Subject: [j-nsp] copy vpn routes to inet.0

Hi all:

Could those routes in the L3VPN table be copied to inet.0? I tried to use 
policy and it doesn't seem to be working:

term l3vpn->inet.0 {
    from {
        rib l3vpn.inet.0;
        route-filter 100.100.0.0/16 orlonger;
    }
    to rib inet.0;
    then {
        accept;
    }
}

_dave


      Stay connected to the people that matter most with a smarter inbox. Take 
a look http://au.docs.yahoo.com/mail/smarterinbox
_______________________________________________
juniper-nsp mailing list 
juniper-nsp@puck.nether.net</mc/compose?to=juniper-...@puck.nether.net>
https://puck.nether.net/mailman/listinfo/juniper-nsp


________________________________
Stay connected to the people that matter most with a smarter inbox. Take a 
look<http://au.rd.yahoo.com/galaxy/mail/tagline2/*http://au.docs.yahoo.com/mail/smarterinbox>.
_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp