This message was posted by a user wishing to remain anonymous
Hi Team,
I am having some issue route leaking between 2 VRFs.
All directly connected devices are showing on both routing table of the 2 VRF but not the switchport/vlan20 host and static routes.
I have used RIB at the beginning but no success so decided to use instance import.
Here is my config below. Thanks in advance.
SRX 1500 config:
set interfaces ge-0/0/1 unit 0 family inet address
192.168.10.1/24set interfaces ge-0/0/2 unit 0 family ethernet-switching interface-mode access
set interfaces ge-0/0/2 unit 0 family ethernet-switching vlan members VLAN20
set interfaces ge-0/0/3 unit 0 family ethernet-switching interface-mode access
set interfaces ge-0/0/3 unit 0 family ethernet-switching vlan members VLAN20
set interfaces irb unit 20 description "Switchport VLAN20"
set interfaces irb unit 20 family inet address
192.168.50.1/24
set vlans VLAN20 description "Switchport VLAN20"
set vlans VLAN20 vlan-id 20
set vlans VLAN20 l3-interface irb.20
set vlans vlan-trust vlan-id 3
set vlans vlan-trust l3-interface irb.0
set security zones security-zone SOC01-TRUST interfaces ge-0/0/1.0 host-inbound-traffic system-services all
set security zones security-zone SOC01-TRUST interfaces ge-0/0/1.0 host-inbound-traffic system-services ping
set security zones security-zone SOC02-TRUST interfaces irb.20 host-inbound-traffic system-services all
set security zones security-zone SOC02-TRUST interfaces irb.20 host-inbound-traffic system-services ping
set routing-options instance-import SOC01-to-SOC02
set policy-options policy-statement SOC01-to-SOC02 term 1 from protocol static
set policy-options policy-statement SOC01-to-SOC02 term 1 from route-filter 172.0.0.0/24 orlonger
set policy-options policy-statement SOC01-to-SOC02 term 1 then accept
set policy-options policy-statement SOC01-to-SOC02 from instance SOC01
set policy-options policy-statement SOC01-to-SOC02 then accept
set policy-options policy-statement SOC02-to-SOC01 term t1 from instance SOC02
set policy-options policy-statement SOC02-to-SOC01 term t1 from route-filter
192.168.50.1/24 orlonger
set policy-options policy-statement SOC02-to-SOC01 term t1 then accept
set policy-options policy-statement SOC02-to-SOC01 term t2 then reject
set policy-options policy-statement SOC02-to-SOC01 from instance SOC02
set policy-options policy-statement SOC02-to-SOC01 then accept
set routing-instances SOC01 instance-type virtual-router
set routing-instances SOC01 interface ge-0/0/1.0
set routing-instances SOC01 routing-options static route
172.31.139.0/24 next-hop 172.31.131.17
set routing-instances SOC01 routing-options static route
172.31.135.0/24 next-hop 172.31.131.17
set routing-instances SOC01 routing-options instance-import SOC02-to-SOC01
set routing-instances SOC02 instance-type virtual-router
set routing-instances SOC02 interface irb.20
set routing-instances SOC02 routing-options instance-import SOC01-to-SOC02
==== Ping ====
c4iadmin> ping routing-instance
SOC01 192.168.50.1
PING 192.168.50.1 (192.168.50.1): 56 data bytes
64 bytes from
192.168.50.1: icmp_seq=0 ttl=64 time=0.195 ms
64 bytes from
192.168.50.1: icmp_seq=1 ttl=64 time=0.558 ms
64 bytes from
192.168.50.1: icmp_seq=2 ttl=64 time=0.142 ms
^C
--- 192.168.50.1 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.142/0.298/0.558/0.185 ms
c4iadmin> ping routing-instance
SOC01 192.168.10.1
PING 192.168.10.1 (192.168.10.1): 56 data bytes
64 bytes from
192.168.10.1: icmp_seq=0 ttl=64 time=0.189 ms
64 bytes from
192.168.10.1: icmp_seq=1 ttl=64 time=0.142 ms
64 bytes from
192.168.10.1: icmp_seq=2 ttl=64 time=0.171 ms
^C
--- 192.168.10.1 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.142/0.167/0.189/0.019 ms
c4iadmin> ping routing-instance
SOC02 192.168.10.1
PING 192.168.10.1 (192.168.10.1): 56 data bytes
64 bytes from
192.168.10.1: icmp_seq=0 ttl=64 time=0.188 ms
64 bytes from
192.168.10.1: icmp_seq=1 ttl=64 time=0.141 ms
64 bytes from
192.168.10.1: icmp_se^C
--- 192.168.10.1 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.141/0.170/0.188/0.021 ms
c4iadmin> ping routing-instance
SOC02 192.168.50.1
PING 192.168.50.1 (192.168.50.1): 56 data bytes
64 bytes from
192.168.50.1: icmp_seq=0 ttl=64 time=0.190 ms
64 bytes from
192.168.50.1: icmp_seq=1 ttl=64 time=0.170 ms
^C
--- 192.168.50.1 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.170/0.180/0.190/0.010 ms
===== route table ======
admin> show route terse
inet.0: 9 destinations, 9 routes (9 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
A V Destination P Prf Metric 1 Metric 2 Next hop AS path
* ?
1.0.0.1/32 L 0 Reject
* ?
1.0.0.2/32 L 0 Reject
* ?
172.16.251.184/32 L 0 Reject
* ?
172.31.131.25/32 L 0 Reject
* ?
192.168.1.1/32 L 0 Reject
* ?
192.168.10.0/24 D 0 >ge-0/0/1.0
* ?
192.168.10.1/32 L 0 Local
* ?
192.168.40.1/32 D 0 >lo0.10
* ?
192.168.251.1/32 L 0 Reject
SOC01.inet.0: 4 destinations, 4 routes (4 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
A V Destination P Prf Metric 1 Metric 2 Next hop AS path
* ?
192.168.10.0/24 D 0 >ge-0/0/1.0
* ?
192.168.10.1/32 L 0 Local
* ?
192.168.40.1/32 D 0 >lo0.10
* ?
192.168.50.1/32 L 0 Local
SOC02.inet.0: 5 destinations, 5 routes (5 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
A V Destination P Prf Metric 1 Metric 2 Next hop AS path
* ?
192.168.10.0/24 D 0 >ge-0/0/1.0
* ?
192.168.10.1/32 L 0 Local
* ?
192.168.40.1/32 D 0 >lo0.10
* ?
192.168.50.0/24 D 0 >irb.20
* ?
192.168.50.1/32 L 0 Local
c4iadmin> show arp no-resolve
MAC Address Address Interface Flags
3c:52:82:4b:45:87 192.168.10.9 ge-0/0/1.0 none
cc:52:af:3d:dc:8e 192.168.50.10 irb.20 none
Total entries: 2
Unable to ping the host 192.168.50.10
admin> ping routing-instance SOC02 192.168.50.10
PING 192.168.50.10 (192.168.50.10): 56 data bytes
^C
--- 192.168.50.10 ping statistics ---
4 packets transmitted, 0 packets received, 100% packet loss
admin> ping routing-instance SOC01 192.168.50.10
PING 192.168.50.10 (192.168.50.10): 56 data bytes
ping: sendto: No route to host
ping: sendto: No route to host
^C
--- 192.168.50.10 ping statistics ---
2 packets transmitted, 0 packets received, 100% packet loss