Junos OS

Expand all | Collapse all

Route Leaking between different VRFs for SRX

Jump to Best Answer
  • 1.  Route Leaking between different VRFs for SRX

    Posted 10-14-2018 21:46

    Hi Guys,

     

    I am a network engineer which is more accustomed to the Cisco world.

    Recently my organisation has acquired another company and that company uses the SRX300 as their PE.

    I am currently tasked to set up the MPLS between my organization and the new company.

     

    To be honest, I have a hard time trying to figure out how to peform specific route leaking between different VRFs (no issues on this with Cisco).

    I saw examples of instance import which I do understand but unfortunately, its not applicable for leaking routes between VRFs.

    Researching futher, I think the answer to my problem is auto-export.

    However, I do not understand the configuration examples that is on the web.

    I was hoping if there is any kind soul out there that is able to give me a simple example on how I could do this?

    Thanks.


    #VRFs
    #leak


  • 2.  RE: Route Leaking between different VRFs for SRX

     
    Posted 10-14-2018 22:17

    Hello,

     

    Do you want to leak routes between two custom routing-instances or a custom routing-instance and default routing instance?

    Can you share the output of 'show routing-instance' so that I can understand the type of routing-instance/s you are using?

     

    Regards,

     

    Rushi

     

     



  • 3.  RE: Route Leaking between different VRFs for SRX

    Posted 10-14-2018 22:25

    Hi Rushi,

     

    Config requested as below.

    I am trying to leak routes between 2 different routing-instances (aka VRFs)

     

    Voice {
    instance-type vrf;
    interface irb.16;
    route-distinguisher 64512:9;
    vrf-target target:64512:9;
    vrf-table-label;
    }


    VPN100-DATA {
    instance-type vrf;
    interface irb.1000;
    route-distinguisher 64512:100;
    vrf-target target:64512:100;
    vrf-table-label;
    routing-options {
    static {
    route 10.89.0.0/16 next-hop 10.89.0.1;
    route 10.100.61.0/24 next-hop 10.89.0.1;
    }
    aggregate {
    route 10.89.0.0/16;
    }
    auto-export;
    }
    protocols {
    bgp {
    group external {
    type external;
    family inet {
    unicast;
    }
    export send-aggregate;
    }
    }
    }
    }


    Some of VPN 100 Routes:
    0.0.0.0/0

    10.89.0.0/16
    10.90.0.0/16
    10.84.15.0/24

    10.100.61.0/24


    Some of Voice routes:
    10.110.0.0/24
    10.10.13.0/25
    10.107.13.0/25


    What I would like to achieve is to have only 10.110.0.0/24 (which is irb.16) to be leaked to VPN100.

     Thank you.



  • 4.  RE: Route Leaking between different VRFs for SRX

     
    Posted 10-14-2018 22:44

    Hello,

     

    You can follow another forum link below which is very close to what you want to achieve.

     

    https://forums.juniper.net/t5/Routing/Exporting-Routes-between-two-vrfs-on-same-router/td-p/28030

     

    Regards,

     

    Rushi



  • 5.  RE: Route Leaking between different VRFs for SRX

    Posted 10-15-2018 00:00

    Hi Rushi,


    Thanks for the quick response.

    I did try on my lab, but was not able to get it working.

    Below are the changes that I made.

     

    routing-instances {
    VPN100-Data{
    vrf-export Data_out;
    }
    Voice {
    vrf-export Voice_out;
    }
    }

     

    policy-options {
    policy-statement Voice_in {
    term 1 {
    from community Voice;
    then accept;
    }
    term 2 {
    then reject;
    }
    }
    policy-statement VPN100-Data_out {
    term 1 {
    from protocol [ direct static ];
    then {
    community add VPN100-Data;
    }
    }
    }
    policy-statement VPN100-Data_in {
    term 1 {
    from community VPN100-Data;
    then accept;
    }
    term 2 {
    then reject;
    }
    }
    policy-statement Voice_out {
    term 1 {
    from protocol [ direct static ];
    then {
    community add Voice;
    }
    }

    }

     

    community VPN100-Data members target:64512:100;
    community Voice members target:64512:9;
    }

     

     

     

    Did I do anything wrong?

     

     

     

     

     

     



  • 6.  RE: Route Leaking between different VRFs for SRX

    Posted 10-18-2018 16:49

    ! Create a policy for what type of routes you want to leak
    ! Add the leak routes into a community (in this case, is called LeakedRoutesFromVRF, community can be called anything that you like)

    ! If you would like to add a specific route, you can add the route-filter policy statement too

    set policy-options policy-statement Leak-Routes term 1 from protocol direct
    set policy-options policy-statement Leak-Routes term 1 from interface irb.16
    set policy-options policy-statement Leak-Routes term 1 then community add LeakedRoutesFromVRF
    set policy-options policy-statement Leak-Routes term 1 then accept
    set policy-options policy-statement Leak-Routes term 2 then reject

     

    ! Set the community that is listed above to the route distinguisher of the VRF that you would like to add into
    ! In this case, I would like to export from Voice vrf to VPN100-DATA
    ! VPN100-DATA RD is 64512:100, thats why the below statement is targeting 64512:100
    set policy-options community LeakedRoutesFromVRF members target:64512:100


    ! Need to export the routes that we want
    ! The name must match the policy-statement name created above

    ! The routing instance name must match the VRF that you would like to export the routes from
    set routing-instances Voice vrf export Leak-Routes

     

    ! Both the exporting and importing vrf will need to enable auto-export
    set routing-instances Voice routing-options auto-export
    set routing-instances VPN100-DATA routing-options auto-export

     

    Thanks guys.

     



  • 7.  RE: Route Leaking between different VRFs for SRX
    Best Answer

    Posted 10-26-2018 07:41

    Tha auto-export command is used when you want to leak routes between different VRFs at the same router.

    Now let's talk about our use case which is leaking routes between different VRFs in general ( at the same router or different routers)

     

    1-You should create an export policy in the Voice VRF with the community Voice( =target:64512:9)

    2-You should create an export policy in the VPN100-Data VRF with the community VPN100-Data( =target:64512:100)

    3- You should create an import policy in the Voice VRF which imports the routes tagged with VPN100-Data community.

    4-You should create an import policy in the VPN100-Data VRF which imports the routes tagged with Voice community.

     

    I hope this helps you.