Junos OS

Hi guys. 

I am returning here with an old topic already discussed by other colleagues to understand why it is not work or what needs to be done to achieve the objective, where we are not getting it right.

Why can't I "leak" routes that I learned (received) via VPNv4 (using L3VPN scenario of course) to another routing table, specifically the main one (inet.0). Only routes learned locally in the VRF can I "leak" to inet.0.

Hey,

What methods did you try already?

I suspect you would have to use a combination of auto-export under the VRF in question, then under routing-options, use a rib group import and reference a policy that specifies BGP routes as well as the directly connected routes for route lookup.

#Export routes from VRFset routing-instances SOME_ROUTING_INSTANCE_NAME routing-options auto-export family inet unicast rib-group SOME_ROUTING_INSTANCE_NAME-TO_INET0#Import routes from VRF into inet0set routing-options rib-groups SOME_ROUTING_INSTANCE_NAME-TO_INET0 import-rib [ SOME_ROUTING_INSTANCE_NAME.inet.0 inet.0 ]set routing-options rib-groups SOME_ROUTING_INSTANCE_NAME-TO_INET0 import-policy VRF_ROUTES_FROM_SOME_ROUTING_INSTANCE_NAMEset policy-options policy-statement VRF_ROUTES_FROM_SOME_ROUTING_INSTANCE_NAME term one from protocol [ bgp direct local ]set policy-options policy-statement VRF_ROUTES_FROM_SOME_ROUTING_INSTANCE_NAME term one then acceptset policy-options policy-statement VRF_ROUTES_FROM_SOME_ROUTING_INSTANCE_NAME term then-reject then reject#Exchange directly connected routes in the other direction (notice the order of the table names)set routing-options rib-groups INET0-INTERFACE-ROUTES import-rib [ inet.0 SOME_ROUTING_INSTANCE_NAME.inet.0 ]set routing-options interface-routes rib-group inet INET0-INTERFACE-ROUTES

Hi guys. 

I am returning here with an old topic already discussed by other colleagues to understand why it is not work or what needs to be done to achieve the objective, where we are not getting it right.

Why can't I "leak" routes that I learned (received) via VPNv4 (using L3VPN scenario of course) to another routing table, specifically the main one (inet.0). Only routes learned locally in the VRF can I "leak" to inet.0.

Greetins,

Purple Packet Surfer... Yes, I do it this way and it works for routes received locally in the vrf. However, routes that are received via VPNv4 do not work. But I already know what the problem is and I am looking for the reason.

Hey,

What methods did you try already?

I suspect you would have to use a combination of auto-export under the VRF in question, then under routing-options, use a rib group import and reference a policy that specifies BGP routes as well as the directly connected routes for route lookup.

#Export routes from VRFset routing-instances SOME_ROUTING_INSTANCE_NAME routing-options auto-export family inet unicast rib-group SOME_ROUTING_INSTANCE_NAME-TO_INET0#Import routes from VRF into inet0set routing-options rib-groups SOME_ROUTING_INSTANCE_NAME-TO_INET0 import-rib [ SOME_ROUTING_INSTANCE_NAME.inet.0 inet.0 ]set routing-options rib-groups SOME_ROUTING_INSTANCE_NAME-TO_INET0 import-policy VRF_ROUTES_FROM_SOME_ROUTING_INSTANCE_NAMEset policy-options policy-statement VRF_ROUTES_FROM_SOME_ROUTING_INSTANCE_NAME term one from protocol [ bgp direct local ]set policy-options policy-statement VRF_ROUTES_FROM_SOME_ROUTING_INSTANCE_NAME term one then acceptset policy-options policy-statement VRF_ROUTES_FROM_SOME_ROUTING_INSTANCE_NAME term then-reject then reject#Exchange directly connected routes in the other direction (notice the order of the table names)set routing-options rib-groups INET0-INTERFACE-ROUTES import-rib [ inet.0 SOME_ROUTING_INSTANCE_NAME.inet.0 ]set routing-options interface-routes rib-group inet INET0-INTERFACE-ROUTES

Hi guys. 

I am returning here with an old topic already discussed by other colleagues to understand why it is not work or what needs to be done to achieve the objective, where we are not getting it right.

Why can't I "leak" routes that I learned (received) via VPNv4 (using L3VPN scenario of course) to another routing table, specifically the main one (inet.0). Only routes learned locally in the VRF can I "leak" to inet.0.

Hi guys. 

I am returning here with an old topic already discussed by other colleagues to understand why it is not work or what needs to be done to achieve the objective, where we are not getting it right.

Why can't I "leak" routes that I learned (received) via VPNv4 (using L3VPN scenario of course) to another routing table, specifically the main one (inet.0). Only routes learned locally in the VRF can I "leak" to inet.0.

Hi, 

This feature is now available as from 24.2R1 with additional CLI: vpn-global-import
https://community.juniper.net/blogs/moshiko-nayman/2024/11/07/l3vpn-to-global-rib-leaking
https://www.juniper.net/documentation/us/en/software/junos/cli-reference/topics/ref/statement/vpn-global-import-edit-routing-options-rib.html

HTH
Cheers,

Hi guys. 

I am returning here with an old topic already discussed by other colleagues to understand why it is not work or what needs to be done to achieve the objective, where we are not getting it right.

Why can't I "leak" routes that I learned (received) via VPNv4 (using L3VPN scenario of course) to another routing table, specifically the main one (inet.0). Only routes learned locally in the VRF can I "leak" to inet.0.