vMX

Expand all | Collapse all

VRF's on a single -- only one -- vMX

Jump to Best Answer
  • 1.  VRF's on a single -- only one -- vMX

    Posted 03-03-2019 18:48

    VRF Island RouterVRF Island Router

     

    Good evening,

     

    Is it possible to have route sharing between multiple VRF's on a single router? I realize that the bgp.l3vpn.0 table doesn't populate and is expected since the router doesn't peer with another PE.

     

    I'm mostly curious due to the hypothetical situation where a PE is cut off from the rest of the SP network. The router is now acting as an island but still has two CE's peering with it. If this occurs, how would you share routes between the two CE's?

     

    The below configuration is rendered useless in the above scenario. Is there anyway to have the router still import and export VRF tables while marooned?

     

    root@vMX-CORE> show policy RED-VIOS1-VRF-IMPORT
    Policy RED-VIOS1-VRF-IMPORT:
        Term ACCEPT:
            from proto BGP
             community GREEN [target:2019:3001 ]
            then accept
        Term DEFAULT-REJECT:
            then reject
    
    root@vMX-CORE> show policy GREEN-SHARED-VRF-EXPORT
    Policy GREEN-SHARED-VRF-EXPORT:
        Term EXPORT-GREEN:
            from proto BGP
            then community = GREEN [target:2019:3001 ] accept
        Term DEFAULT-REJECT:
            then reject

    Thanks!



  • 2.  RE: VRF's on a single -- only one -- vMX
    Best Answer

     
    Posted 03-03-2019 19:12

    Hi EK,

     

    Please check if auto-export works for you in this case: 

    https://www.juniper.net/documentation/en_US/junos12.3/information-products/topic-collections/nce/auto-export-understanding/auto-export-understanding.pdf 

     

    Hope this helps.

     

    Regards,
    -r.

    --------------------------------------------------

    If this solves your problem, please mark this post as "Accepted Solution."
    Kudos are always appreciated :).



  • 3.  RE: VRF's on a single -- only one -- vMX

    Posted 03-03-2019 19:42

    Please check if auto-export works for you in this case: 

    https://www.juniper.net/documentation/en_US/junos12.3/information-products/topic-collections/nce/auto-export-understanding/auto-export-understanding.pdf 

     


    I think this is exactly what I need after reading it:

     

    Custom policies, such as vrf-export and vrf-import, do not leak prefixes between VRF routing instances if the source VRF routing instance and the destination VRF routing instance are on the same PE router.

    That being said, even after adding the auto-export statement under the routing-instances, I'm still not populating the tables correctly so more than likely the issue is now with my import and export policies.

     

    inet.0: 2 destinations, 2 routes (2 active, 0 holddown, 0 hidden)
    + = Active Route, - = Last Active, * = Both
    
    A V Destination        P Prf   Metric 1   Metric 2  Next hop        AS path
    * ? 2.0.1.9/32         D   0                       >lo0.0
    * ? 224.0.0.2/32       L   9          1             MultiRecv
    
    GREEN-SHARED.inet.0: 3 destinations, 3 routes (3 active, 0 holddown, 0 hidden)
    + = Active Route, - = Last Active, * = Both
    
    A V Destination        P Prf   Metric 1   Metric 2  Next hop        AS path
    * ? 3.3.3.3/32         B 170        100          0                  3 I
      unverified                                       >192.168.3.2
    * ? 192.168.3.0/30     D   0                       >ge-0/0/0.0
    * ? 192.168.3.1/32     L   0                        Local
    
    BLUE-VIOS2.inet.0: 3 destinations, 3 routes (3 active, 0 holddown, 0 hidden)
    + = Active Route, - = Last Active, * = Both
    
    A V Destination        P Prf   Metric 1   Metric 2  Next hop        AS path
    * ? 2.2.2.2/32         B 170        100          0                  2 I
      unverified                                       >192.168.2.2
    * ? 192.168.2.0/30     D   0                       >ge-0/0/2.0
    * ? 192.168.2.1/32     L   0                        Local
    
    RED-VIOS1.inet.0: 3 destinations, 3 routes (3 active, 0 holddown, 0 hidden)
    + = Active Route, - = Last Active, * = Both
    
    A V Destination        P Prf   Metric 1   Metric 2  Next hop        AS path
    * ? 1.1.1.1/32         B 170        100          0                  1 I
      unverified                                       >192.168.1.2
    * ? 192.168.1.0/30     D   0                       >ge-0/0/1.0
    * ? 192.168.1.1/32     L   0                        Local
    

    Thank you for the advice and link!

     



  • 4.  RE: VRF's on a single -- only one -- vMX

     
    Posted 03-03-2019 20:07

    Hello EK,

     

    Welcome.  Yes ensure the routes can resolve so you may have to leak the necessary interface/direct routes.  Here are a couple more links that you might find helpful:

     

    https://www.juniper.net/documentation/en_US/junos/topics/example/policy-duplicating-routes.html

    https://forums.juniper.net/t5/Junos/Route-leaking-between-VRFS-using-RIB-GROUP/m-p/309804#M11513

    (see the solution)

     

    Hope this helps.

     

    Regards,
    -r.

    --------------------------------------------------

    If this solves your problem, please mark this post as "Accepted Solution."
    Kudos are always appreciated :).