Juniper Route Leak from VRF to Global RT Using RIB-Groups

juniperjuniper-junos

I'm trying to export routes from VRF.inet.0 to inet.0 using rib-groups. Routes are placed into VRF.inet.0 from another PE by MP-BGP (family inet-vpn) session. That's rib group configuration:

rib-groups {
  VRF-GRT {
    export-rib VRF.inet.0;
    import-rib [ VRF.inet.0 inet.0 ];
  }
}

Then I apply rib-group into routing-instances protocols bgp configuration:

VRF {
    instance-type vrf;
    interface em0.0;
    route-distinguisher 200:99;
    vrf-target target:200:99;
    vrf-table-label;
    protocols {
        bgp {
            family inet {
                unicast {
                    rib-group VRF-GRT;
                }
            }
        }
    }
}

But this is not work for me. I have no VRF routes into inet.0. Is that a right way to accomplish this task?

Best Answer

This is actually not possible using rib-groups - if you're receiving the routes from another PE, then the NRLI will be carried as type inet-vpn instead of inet-unicast which you need in order to be installed in inet.0 (even though they are ultimately installed as inet-unicast in the VRF.inet.0).

To achieve the same functionality, you might need to come at it from a different angle:

On the far-end PE (the one that learnt the route in the first place) leak the route (using rib-groups) into inet.0 on the far-end PE.
Make sure your BGP link from the far-end PE and the near-end PE is configured for both inet-vpn and inet-unicast - this will carry the route from the far-end PE to the near-end PE and it will be installed into inet.0
Allow next-hop resolution for inet.0 to consult your VRF as well:

set routing-options resolution rib inet.0 resolution-ribs [ VRF.inet.0 inet.0 ]

Obviously this solution has a few drawbacks, but it is probably the simplest way.

Another solution would be to configure logical-tunnel interfaces between your VRF and inet.0 on the near-end PE, form an adjacency and export the route via BGP.

Related Solutions

Juniper – Troubleshooting Unstable Uplink on SRX240 with VPN

With help from our service provider we've been able to localise the problem. The idea I had in my last comment proved correct: the difference between fast ethernet and gigabit ethernet was the source of the problem.

The reason for dropping connections, undeliverable packets and segmented packets was a mismatch in link mode between the fiber switch and the SRX - they hardcoded their port to 100m full duplex, but the SRX had automatic negotiation, which resolved to 100m half duplex.

The problem was further complicated by Juniper's odd configuration of speed and link mode. Just setting these configuration options wasn't enough:

speed 100m;
link-mode full-duplex;

This configuration was accepted, but when running show interfaces ge-0/0/0, it still showed:

Link-level type: Ethernet, MTU: 1514, Link-mode: Half-duplex, Speed: 100mbps,

Apparently, you have to explicitly disable auto-negotiation:

speed 100m;
link-mode full-duplex;
gigether-options {
    no-auto-negotiation;
}

In the end, I found that this guy had the exact same problem (and the solution!)

Thanks for all your help.

Juniper Router – How to Set Advertised Route

JunOS does not use a network command like you would use with a cisco router.

You will need to make use of policies and create one.

For BGP you could use

policy-statement my-bgp-network {
term 1 {
    from {
        route-filter 100.100.100.0/24 exact;
    }
    then accept;
}
}

To configure BGP then you could use something like

protocols {
bgp {
group Love-Peer-A {
type external;
neighbor 1.1.1.1 {
export my-bgp-network;
peer-as 111;
}

Hope to helps you on your quest.

SleepyMan

Best Answer

Related Solutions

Juniper – Troubleshooting Unstable Uplink on SRX240 with VPN

Juniper Router – How to Set Advertised Route

Related Topic