Hi amiri,
Firstly, please ensure if the CPU spike is for "rpd" process from "show processes extensive | except 0.00". If yes, then you're probably right about the route leaking be the actual cause of the CPU spike.
With regards to your query about leaking specific routes to inet.0 from routing-instance, please try to apply an import policy. Something like the following:
set routing-options interface-routes rib-group inet FBF-rib
set routing-options rib-groups FBF-rib import-rib inet.0
set routing-options rib-groups FBF-rib import-rib webtraffic.inet.0
set routing-options rib-groups FBF-rib-import import-policy webtraffic_to_inet
set policy-options policy-statement webtraffic_to_inet term allow from route-filter 1.1.1.1/32 exact
set policy-options policy-statement webtraffic_to_inet term allow from route-filter 2.2.2.0/24 exact
set policy-options policy-statement webtraffic_to_inet term allow then accept
set policy-options policy-statement webtraffic_to_inet term deny-all then reject
There are other ways to allow specific protocol routes, for example:
https://www.juniper.net/documentation/en_US/junos/topics/example/policy-duplicating-routes.html. However, believe the import-policy above might serve your purpose here.
Hope this helps. Please let me know.
Regards,
-r.
--------------------------------------------------
If this solves your problem, please mark this post as "Accepted Solution."
Kudos are always appreciated :).