Routing

Dear Juniper community,

We have a network setup consisting of two physical routers. There are many routing instances running on those routers, the most important ones are the global routing instances (where the internet traffic enters) and the default routing instances. We are currently using logical tunnels between the global and the default to connect them to each other. We would like to replace the lt-interfaces with something like next-table, mainly because of the speed limitation. Any suggestions on how to do this? What would the impact be upon implementing this? I appreciate every reply of you guys.

Best regards,

Mohammad Ayash 

Hi,

Between the two routing instances, do you selectively import prefixes? There are several options using instance-imports, rib-groups and next-table. Is it possible to share the configuration of routing-instances and the routes advertised/learned between the two using the lt interfaces?

Regards

Dear Juniper community,

We have a network setup consisting of two physical routers. There are many routing instances running on those routers, the most important ones are the global routing instances (where the internet traffic enters) and the default routing instances. We are currently using logical tunnels between the global and the default to connect them to each other. We would like to replace the lt-interfaces with something like next-table, mainly because of the speed limitation. Any suggestions on how to do this? What would the impact be upon implementing this? I appreciate every reply of you guys.

Best regards,

Mohammad Ayash 

Hi,

Thank you for your message. We are currently using a global routing instances (type virtual router) for the internet traffic and for publishing the default-route (0/0) and default routing instances (type VRF) for the clients as intermediate. There are only two global instances running on two physical routers. Each client has a default routing instance. The default instances are connected to each other using L3VPN (we are a tier-3 ISP).

What I'm trying to achieve is to publish the default-route to the default routing instance.

"Internet-global config"instance-type virtual-router;interface lt-0/0/0.10;interface ae0.101;interface ae0.210;interface ae0.4002;interface ae0.4012;interface ae0.4014;interface ae0.4015;interface lo0.1000;routing-options {    rib internet-global.inet6.0 {        generate {            route ::/0 discard;        }    }    generate {        route 0.0.0.0/0 discard;    }    autonomous-system XXXX22;}protocols {    bgp {	group customers {            type external;            description "default route to internet-default VRF";            advertise-peer-as;            peer-as 64999;            neighbor 111.222.58.251 {                description "internet-default VRF";                local-address 111.222.58.250;                import [ set-lpref-customer accept-own-prefixes-aggregated-v4 reject-all ];                family inet {                    unicast {                        prefix-limit {                            maximum 10;                        }                    }                }                export [ accept-default reject-all ];            }        }}

"Internet-default config"description "Internet VRF - asXXXX22 subnets only!";instance-type vrf;interface lt-0/0/0.11;interface ae0.100;interface ae0.900;interface ae0.901;interface ae0.905;interface ae0.906;interface ae0.911;interface ae0.913;interface ae0.914;interface ae0.915;interface ae0.916;interface ae0.917;interface ae0.920;interface ae0.921;interface ae0.922;interface ae0.924;interface ae0.926;interface ae0.927;interface ae0.998;route-distinguisher XXXXXL:100;vrf-target target:XXXXXL:100;vrf-table-label;                        routing-options {    rib internet-default.inet6.0 {        aggregate {            defaults {                as-path {                    path 6XXX9;                }            }            route XX04:dXX0::/29;            route XX07:bXX0::/29;        }    }    aggregate {        defaults {            as-path {                path 6XXX9;            }        }        route 111.22.32.0/22;        route 111.222.56.0/23;        route 111.22.58.0/24;    }    router-id 111.222.58.250;               autonomous-system 6XXX9 loops 2 independent-domain;}protocols {    bgp {	 group internet-global {                     type external;            description "default route to internet-global";            import [ accept-default reject-all ];            export [ accept-own-prefixes-aggregated-v4 reject-all ];            remove-private;            neighbor 111.222.58.250 {                local-address 111.222.58.251;                peer-as XXXX22;            }        }}

Here you can find the advertised and learned routes using the lt-interfaces:

run show route table internet-global.inet                      internet-global.inet.0: 14 destinations, 15 routes (14 active, 1 holddown, 0 hidden)@ = Routing Use Only, # = Forwarding Use Only+ = Active Route, - = Last Active, * = Both0.0.0.0/0          *[Aggregate/130] 00:20:07                      Discard111.22.32.0/22     *[BGP/170] 00:19:39, localpref 120                      AS path: 6XXX9 I, validation-state: unverified                    > to 111.222.58.251 via lt-0/0/0.10111.222.56.0/23    *[BGP/170] 00:19:39, localpref 120                      AS path: 6XXX9 I, validation-state: unverified                    > to 111.222.58.251 via lt-0/0/0.10111.222.58.0/24    *[BGP/170] 00:19:39, localpref 120                      AS path: 6XXX9 I, validation-state: unverified                    > to 111.222.58.251 via lt-0/0/0.10111.222.58.250/31  *[Direct/0] 00:20:20                    > via lt-0/0/0.10   111.222.58.250/32  *[Local/0] 00:20:20                      Local via lt-0/0/0.10111.222.58.254/32  *[Direct/0] 00:20:20                    > via lo0.1000111.222.58.255/32  @[OSPF/10] 00:20:07, metric 1                    > to 111.222.58.255 via ae0.4002                   #[Direct/0] 00:20:11, metric 1                    > to 111.222.58.255 via ae0.4002

run show route table internet-default.inet                          internet-default.inet.0: 77 destinations, 77 routes (77 active, 0 holddown, 0 hidden)+ = Active Route, - = Last Active, * = Both0.0.0.0/0          *[BGP/170] 00:55:55, localpref 100                      AS path: XXXX22 I, validation-state: unverified                    > to 111.222.58.250 via lt-0/0/0.11111.22.32.0/22     *[Aggregate/130] 00:56:31                      Reject111.222.56.0/23    *[Aggregate/130] 00:56:31                      Reject111.222.58.0/24    *[Aggregate/130] 00:56:36                      Reject111.222.58.250/31  *[Direct/0] 00:56:36                    > via lt-0/0/0.11111.222.58.251/32  *[Local/0] 00:56:36                      Local via lt-0/0/0.11

Best regards,

Mohammad Ayash

Hi,

Between the two routing instances, do you selectively import prefixes? There are several options using instance-imports, rib-groups and next-table. Is it possible to share the configuration of routing-instances and the routes advertised/learned between the two using the lt interfaces?

Regards

Dear Juniper community,

We have a network setup consisting of two physical routers. There are many routing instances running on those routers, the most important ones are the global routing instances (where the internet traffic enters) and the default routing instances. We are currently using logical tunnels between the global and the default to connect them to each other. We would like to replace the lt-interfaces with something like next-table, mainly because of the speed limitation. Any suggestions on how to do this? What would the impact be upon implementing this? I appreciate every reply of you guys.

Best regards,

Mohammad Ayash 

Hi,

Thanks for sharing the configuration.

The following can possibly be done: -

• Use next-table in the internet-default routing-instance to point the default-route to the global routing-instance.
• Use rib-groups in the default routing-instance to export the required routes from the default instance to the global instance. As default instance is a vrf, instance-import will not work. Also, rib-groups probably won't work with the aggregate routes in the default-routing instance, so you may need to change the aggregate routes in the default routing instance to static discard routes.

Regards

Hi,

Thank you for your message. We are currently using a global routing instances (type virtual router) for the internet traffic and for publishing the default-route (0/0) and default routing instances (type VRF) for the clients as intermediate. There are only two global instances running on two physical routers. Each client has a default routing instance. The default instances are connected to each other using L3VPN (we are a tier-3 ISP).

What I'm trying to achieve is to publish the default-route to the default routing instance.

"Internet-global config"instance-type virtual-router;interface lt-0/0/0.10;interface ae0.101;interface ae0.210;interface ae0.4002;interface ae0.4012;interface ae0.4014;interface ae0.4015;interface lo0.1000;routing-options {    rib internet-global.inet6.0 {        generate {            route ::/0 discard;        }    }    generate {        route 0.0.0.0/0 discard;    }    autonomous-system XXXX22;}protocols {    bgp {	group customers {            type external;            description "default route to internet-default VRF";            advertise-peer-as;            peer-as 64999;            neighbor 111.222.58.251 {                description "internet-default VRF";                local-address 111.222.58.250;                import [ set-lpref-customer accept-own-prefixes-aggregated-v4 reject-all ];                family inet {                    unicast {                        prefix-limit {                            maximum 10;                        }                    }                }                export [ accept-default reject-all ];            }        }}

"Internet-default config"description "Internet VRF - asXXXX22 subnets only!";instance-type vrf;interface lt-0/0/0.11;interface ae0.100;interface ae0.900;interface ae0.901;interface ae0.905;interface ae0.906;interface ae0.911;interface ae0.913;interface ae0.914;interface ae0.915;interface ae0.916;interface ae0.917;interface ae0.920;interface ae0.921;interface ae0.922;interface ae0.924;interface ae0.926;interface ae0.927;interface ae0.998;route-distinguisher XXXXXL:100;vrf-target target:XXXXXL:100;vrf-table-label;                        routing-options {    rib internet-default.inet6.0 {        aggregate {            defaults {                as-path {                    path 6XXX9;                }            }            route XX04:dXX0::/29;            route XX07:bXX0::/29;        }    }    aggregate {        defaults {            as-path {                path 6XXX9;            }        }        route 111.22.32.0/22;        route 111.222.56.0/23;        route 111.22.58.0/24;    }    router-id 111.222.58.250;               autonomous-system 6XXX9 loops 2 independent-domain;}protocols {    bgp {	 group internet-global {                     type external;            description "default route to internet-global";            import [ accept-default reject-all ];            export [ accept-own-prefixes-aggregated-v4 reject-all ];            remove-private;            neighbor 111.222.58.250 {                local-address 111.222.58.251;                peer-as XXXX22;            }        }}

Here you can find the advertised and learned routes using the lt-interfaces:

run show route table internet-global.inet                      internet-global.inet.0: 14 destinations, 15 routes (14 active, 1 holddown, 0 hidden)@ = Routing Use Only, # = Forwarding Use Only+ = Active Route, - = Last Active, * = Both0.0.0.0/0          *[Aggregate/130] 00:20:07                      Discard111.22.32.0/22     *[BGP/170] 00:19:39, localpref 120                      AS path: 6XXX9 I, validation-state: unverified                    > to 111.222.58.251 via lt-0/0/0.10111.222.56.0/23    *[BGP/170] 00:19:39, localpref 120                      AS path: 6XXX9 I, validation-state: unverified                    > to 111.222.58.251 via lt-0/0/0.10111.222.58.0/24    *[BGP/170] 00:19:39, localpref 120                      AS path: 6XXX9 I, validation-state: unverified                    > to 111.222.58.251 via lt-0/0/0.10111.222.58.250/31  *[Direct/0] 00:20:20                    > via lt-0/0/0.10   111.222.58.250/32  *[Local/0] 00:20:20                      Local via lt-0/0/0.10111.222.58.254/32  *[Direct/0] 00:20:20                    > via lo0.1000111.222.58.255/32  @[OSPF/10] 00:20:07, metric 1                    > to 111.222.58.255 via ae0.4002                   #[Direct/0] 00:20:11, metric 1                    > to 111.222.58.255 via ae0.4002

run show route table internet-default.inet                          internet-default.inet.0: 77 destinations, 77 routes (77 active, 0 holddown, 0 hidden)+ = Active Route, - = Last Active, * = Both0.0.0.0/0          *[BGP/170] 00:55:55, localpref 100                      AS path: XXXX22 I, validation-state: unverified                    > to 111.222.58.250 via lt-0/0/0.11111.22.32.0/22     *[Aggregate/130] 00:56:31                      Reject111.222.56.0/23    *[Aggregate/130] 00:56:31                      Reject111.222.58.0/24    *[Aggregate/130] 00:56:36                      Reject111.222.58.250/31  *[Direct/0] 00:56:36                    > via lt-0/0/0.11111.222.58.251/32  *[Local/0] 00:56:36                      Local via lt-0/0/0.11

Best regards,

Mohammad Ayash

Hi,

Between the two routing instances, do you selectively import prefixes? There are several options using instance-imports, rib-groups and next-table. Is it possible to share the configuration of routing-instances and the routes advertised/learned between the two using the lt interfaces?

Regards

Dear Juniper community,

We have a network setup consisting of two physical routers. There are many routing instances running on those routers, the most important ones are the global routing instances (where the internet traffic enters) and the default routing instances. We are currently using logical tunnels between the global and the default to connect them to each other. We would like to replace the lt-interfaces with something like next-table, mainly because of the speed limitation. Any suggestions on how to do this? What would the impact be upon implementing this? I appreciate every reply of you guys.

Best regards,

Mohammad Ayash 

Hi,

Thank you for your reply. I did create a static route 0.0.0.0/0 next-table internet-default.inet.0 on the internet-global routing instance. I also created a rib group on the global routing options (here I'm talking about the physical box) by using rib-groups default-to-global import-rib [internet-default.inet.0 internet-global.inet.0]. I've changed the routes to static discard on the internet-default as you said. I also added the interface-routes to the routings instances. Now when I apply this I can see all routes from both routing instances in their own tables. Wherever I apply the policies to the rib-groups the routes disappear.

What I'm trying to achieve is to advertise the default route (0.0.0.0/0) from the internet-global to the internet-default (is this the correct way? Term 1 from route-filter 0.0.0.0/0 exact then accept then reject) and the public routes from internet-default to internet-global (is this the correct way? Term 1 from route-filter xxx.xx.12.0/22 exact then accept then reject).

I've noticed that the routes that are attached or configured on an interface can be imported and exported using the policies, but the routes I want to export aren't.

I appreciate your help and time!

Best regards,

Hi,

Thanks for sharing the configuration.

The following can possibly be done: -

• Use next-table in the internet-default routing-instance to point the default-route to the global routing-instance.
• Use rib-groups in the default routing-instance to export the required routes from the default instance to the global instance. As default instance is a vrf, instance-import will not work. Also, rib-groups probably won't work with the aggregate routes in the default-routing instance, so you may need to change the aggregate routes in the default routing instance to static discard routes.

Regards

Hi,

Thank you for your message. We are currently using a global routing instances (type virtual router) for the internet traffic and for publishing the default-route (0/0) and default routing instances (type VRF) for the clients as intermediate. There are only two global instances running on two physical routers. Each client has a default routing instance. The default instances are connected to each other using L3VPN (we are a tier-3 ISP).

What I'm trying to achieve is to publish the default-route to the default routing instance.

"Internet-global config"instance-type virtual-router;interface lt-0/0/0.10;interface ae0.101;interface ae0.210;interface ae0.4002;interface ae0.4012;interface ae0.4014;interface ae0.4015;interface lo0.1000;routing-options {    rib internet-global.inet6.0 {        generate {            route ::/0 discard;        }    }    generate {        route 0.0.0.0/0 discard;    }    autonomous-system XXXX22;}protocols {    bgp {	group customers {            type external;            description "default route to internet-default VRF";            advertise-peer-as;            peer-as 64999;            neighbor 111.222.58.251 {                description "internet-default VRF";                local-address 111.222.58.250;                import [ set-lpref-customer accept-own-prefixes-aggregated-v4 reject-all ];                family inet {                    unicast {                        prefix-limit {                            maximum 10;                        }                    }                }                export [ accept-default reject-all ];            }        }}

"Internet-default config"description "Internet VRF - asXXXX22 subnets only!";instance-type vrf;interface lt-0/0/0.11;interface ae0.100;interface ae0.900;interface ae0.901;interface ae0.905;interface ae0.906;interface ae0.911;interface ae0.913;interface ae0.914;interface ae0.915;interface ae0.916;interface ae0.917;interface ae0.920;interface ae0.921;interface ae0.922;interface ae0.924;interface ae0.926;interface ae0.927;interface ae0.998;route-distinguisher XXXXXL:100;vrf-target target:XXXXXL:100;vrf-table-label;                        routing-options {    rib internet-default.inet6.0 {        aggregate {            defaults {                as-path {                    path 6XXX9;                }            }            route XX04:dXX0::/29;            route XX07:bXX0::/29;        }    }    aggregate {        defaults {            as-path {                path 6XXX9;            }        }        route 111.22.32.0/22;        route 111.222.56.0/23;        route 111.22.58.0/24;    }    router-id 111.222.58.250;               autonomous-system 6XXX9 loops 2 independent-domain;}protocols {    bgp {	 group internet-global {                     type external;            description "default route to internet-global";            import [ accept-default reject-all ];            export [ accept-own-prefixes-aggregated-v4 reject-all ];            remove-private;            neighbor 111.222.58.250 {                local-address 111.222.58.251;                peer-as XXXX22;            }        }}

Here you can find the advertised and learned routes using the lt-interfaces:

run show route table internet-global.inet                      internet-global.inet.0: 14 destinations, 15 routes (14 active, 1 holddown, 0 hidden)@ = Routing Use Only, # = Forwarding Use Only+ = Active Route, - = Last Active, * = Both0.0.0.0/0          *[Aggregate/130] 00:20:07                      Discard111.22.32.0/22     *[BGP/170] 00:19:39, localpref 120                      AS path: 6XXX9 I, validation-state: unverified                    > to 111.222.58.251 via lt-0/0/0.10111.222.56.0/23    *[BGP/170] 00:19:39, localpref 120                      AS path: 6XXX9 I, validation-state: unverified                    > to 111.222.58.251 via lt-0/0/0.10111.222.58.0/24    *[BGP/170] 00:19:39, localpref 120                      AS path: 6XXX9 I, validation-state: unverified                    > to 111.222.58.251 via lt-0/0/0.10111.222.58.250/31  *[Direct/0] 00:20:20                    > via lt-0/0/0.10   111.222.58.250/32  *[Local/0] 00:20:20                      Local via lt-0/0/0.10111.222.58.254/32  *[Direct/0] 00:20:20                    > via lo0.1000111.222.58.255/32  @[OSPF/10] 00:20:07, metric 1                    > to 111.222.58.255 via ae0.4002                   #[Direct/0] 00:20:11, metric 1                    > to 111.222.58.255 via ae0.4002

run show route table internet-default.inet                          internet-default.inet.0: 77 destinations, 77 routes (77 active, 0 holddown, 0 hidden)+ = Active Route, - = Last Active, * = Both0.0.0.0/0          *[BGP/170] 00:55:55, localpref 100                      AS path: XXXX22 I, validation-state: unverified                    > to 111.222.58.250 via lt-0/0/0.11111.22.32.0/22     *[Aggregate/130] 00:56:31                      Reject111.222.56.0/23    *[Aggregate/130] 00:56:31                      Reject111.222.58.0/24    *[Aggregate/130] 00:56:36                      Reject111.222.58.250/31  *[Direct/0] 00:56:36                    > via lt-0/0/0.11111.222.58.251/32  *[Local/0] 00:56:36                      Local via lt-0/0/0.11

Best regards,

Mohammad Ayash

Hi,

Between the two routing instances, do you selectively import prefixes? There are several options using instance-imports, rib-groups and next-table. Is it possible to share the configuration of routing-instances and the routes advertised/learned between the two using the lt interfaces?

Regards

Dear Juniper community,

We have a network setup consisting of two physical routers. There are many routing instances running on those routers, the most important ones are the global routing instances (where the internet traffic enters) and the default routing instances. We are currently using logical tunnels between the global and the default to connect them to each other. We would like to replace the lt-interfaces with something like next-table, mainly because of the speed limitation. Any suggestions on how to do this? What would the impact be upon implementing this? I appreciate every reply of you guys.

Best regards,

Mohammad Ayash 

Hi,

Please share the configs that you have created.

Regards

Hi,

Thank you for your reply. I did create a static route 0.0.0.0/0 next-table internet-default.inet.0 on the internet-global routing instance. I also created a rib group on the global routing options (here I'm talking about the physical box) by using rib-groups default-to-global import-rib [internet-default.inet.0 internet-global.inet.0]. I've changed the routes to static discard on the internet-default as you said. I also added the interface-routes to the routings instances. Now when I apply this I can see all routes from both routing instances in their own tables. Wherever I apply the policies to the rib-groups the routes disappear.

What I'm trying to achieve is to advertise the default route (0.0.0.0/0) from the internet-global to the internet-default (is this the correct way? Term 1 from route-filter 0.0.0.0/0 exact then accept then reject) and the public routes from internet-default to internet-global (is this the correct way? Term 1 from route-filter xxx.xx.12.0/22 exact then accept then reject).

I've noticed that the routes that are attached or configured on an interface can be imported and exported using the policies, but the routes I want to export aren't.

I appreciate your help and time!

Best regards,

Hi,

Thanks for sharing the configuration.

The following can possibly be done: -

• Use next-table in the internet-default routing-instance to point the default-route to the global routing-instance.
• Use rib-groups in the default routing-instance to export the required routes from the default instance to the global instance. As default instance is a vrf, instance-import will not work. Also, rib-groups probably won't work with the aggregate routes in the default-routing instance, so you may need to change the aggregate routes in the default routing instance to static discard routes.

Regards

Hi,

Thank you for your message. We are currently using a global routing instances (type virtual router) for the internet traffic and for publishing the default-route (0/0) and default routing instances (type VRF) for the clients as intermediate. There are only two global instances running on two physical routers. Each client has a default routing instance. The default instances are connected to each other using L3VPN (we are a tier-3 ISP).

What I'm trying to achieve is to publish the default-route to the default routing instance.

"Internet-global config"instance-type virtual-router;interface lt-0/0/0.10;interface ae0.101;interface ae0.210;interface ae0.4002;interface ae0.4012;interface ae0.4014;interface ae0.4015;interface lo0.1000;routing-options {    rib internet-global.inet6.0 {        generate {            route ::/0 discard;        }    }    generate {        route 0.0.0.0/0 discard;    }    autonomous-system XXXX22;}protocols {    bgp {	group customers {            type external;            description "default route to internet-default VRF";            advertise-peer-as;            peer-as 64999;            neighbor 111.222.58.251 {                description "internet-default VRF";                local-address 111.222.58.250;                import [ set-lpref-customer accept-own-prefixes-aggregated-v4 reject-all ];                family inet {                    unicast {                        prefix-limit {                            maximum 10;                        }                    }                }                export [ accept-default reject-all ];            }        }}

"Internet-default config"description "Internet VRF - asXXXX22 subnets only!";instance-type vrf;interface lt-0/0/0.11;interface ae0.100;interface ae0.900;interface ae0.901;interface ae0.905;interface ae0.906;interface ae0.911;interface ae0.913;interface ae0.914;interface ae0.915;interface ae0.916;interface ae0.917;interface ae0.920;interface ae0.921;interface ae0.922;interface ae0.924;interface ae0.926;interface ae0.927;interface ae0.998;route-distinguisher XXXXXL:100;vrf-target target:XXXXXL:100;vrf-table-label;                        routing-options {    rib internet-default.inet6.0 {        aggregate {            defaults {                as-path {                    path 6XXX9;                }            }            route XX04:dXX0::/29;            route XX07:bXX0::/29;        }    }    aggregate {        defaults {            as-path {                path 6XXX9;            }        }        route 111.22.32.0/22;        route 111.222.56.0/23;        route 111.22.58.0/24;    }    router-id 111.222.58.250;               autonomous-system 6XXX9 loops 2 independent-domain;}protocols {    bgp {	 group internet-global {                     type external;            description "default route to internet-global";            import [ accept-default reject-all ];            export [ accept-own-prefixes-aggregated-v4 reject-all ];            remove-private;            neighbor 111.222.58.250 {                local-address 111.222.58.251;                peer-as XXXX22;            }        }}

Here you can find the advertised and learned routes using the lt-interfaces:

run show route table internet-global.inet                      internet-global.inet.0: 14 destinations, 15 routes (14 active, 1 holddown, 0 hidden)@ = Routing Use Only, # = Forwarding Use Only+ = Active Route, - = Last Active, * = Both0.0.0.0/0          *[Aggregate/130] 00:20:07                      Discard111.22.32.0/22     *[BGP/170] 00:19:39, localpref 120                      AS path: 6XXX9 I, validation-state: unverified                    > to 111.222.58.251 via lt-0/0/0.10111.222.56.0/23    *[BGP/170] 00:19:39, localpref 120                      AS path: 6XXX9 I, validation-state: unverified                    > to 111.222.58.251 via lt-0/0/0.10111.222.58.0/24    *[BGP/170] 00:19:39, localpref 120                      AS path: 6XXX9 I, validation-state: unverified                    > to 111.222.58.251 via lt-0/0/0.10111.222.58.250/31  *[Direct/0] 00:20:20                    > via lt-0/0/0.10   111.222.58.250/32  *[Local/0] 00:20:20                      Local via lt-0/0/0.10111.222.58.254/32  *[Direct/0] 00:20:20                    > via lo0.1000111.222.58.255/32  @[OSPF/10] 00:20:07, metric 1                    > to 111.222.58.255 via ae0.4002                   #[Direct/0] 00:20:11, metric 1                    > to 111.222.58.255 via ae0.4002

run show route table internet-default.inet                          internet-default.inet.0: 77 destinations, 77 routes (77 active, 0 holddown, 0 hidden)+ = Active Route, - = Last Active, * = Both0.0.0.0/0          *[BGP/170] 00:55:55, localpref 100                      AS path: XXXX22 I, validation-state: unverified                    > to 111.222.58.250 via lt-0/0/0.11111.22.32.0/22     *[Aggregate/130] 00:56:31                      Reject111.222.56.0/23    *[Aggregate/130] 00:56:31                      Reject111.222.58.0/24    *[Aggregate/130] 00:56:36                      Reject111.222.58.250/31  *[Direct/0] 00:56:36                    > via lt-0/0/0.11111.222.58.251/32  *[Local/0] 00:56:36                      Local via lt-0/0/0.11

Best regards,

Mohammad Ayash

Hi,

Between the two routing instances, do you selectively import prefixes? There are several options using instance-imports, rib-groups and next-table. Is it possible to share the configuration of routing-instances and the routes advertised/learned between the two using the lt interfaces?

Regards

Dear Juniper community,

We have a network setup consisting of two physical routers. There are many routing instances running on those routers, the most important ones are the global routing instances (where the internet traffic enters) and the default routing instances. We are currently using logical tunnels between the global and the default to connect them to each other. We would like to replace the lt-interfaces with something like next-table, mainly because of the speed limitation. Any suggestions on how to do this? What would the impact be upon implementing this? I appreciate every reply of you guys.

Best regards,

Mohammad Ayash 

Sure!

Here is the routing-options config

show routing-optionsrib-groups {    default-to-global {        import-rib [ internet-default.inet.0 internet-global.inet.0 ];        import-policy export-flexnet;    }}show policy-options policy-statement export-flexnet term 1 {    from {        rib internet-default.inet.0;        route-filter xxx.xx.32.0/22 exact;        route-filter xxx.xxx.56.0/23 exact;        route-filter xxx.xxx.58.0/24 exact;    }    to rib internet-global.inet.0;    then accept;}term 2 {    then reject;}

Here is the config of the internet-global

show routing-instances internet-global     description "EDGE VR, Full table, not in MPLS";instance-type virtual-router;interface ae0.10;interface ae0.101;interface ae0.211;interface ae0.4002;interface ae0.4012;interface ae0.4013;interface ae0.4016;interface lo0.1000;routing-options {    rib internet-global.inet6.0 {        generate {            route ::/0 discard;        }    }    static {        route 0.0.0.0/0 next-table internet-default.inet.0;    }    generate {        route 0.0.0.0/0 discard;    }    autonomous-system xxxx22;} 

Here is the config of the internet-default

show routing-instances internet-default   description "Internet VRF - axxxx22 subnets only!";instance-type vrf;interface ae0.11;interface ae0.100;interface ae0.900;interface ae0.901;interface ae0.905;interface ae0.906;interface ae0.911;interface ae0.913;interface ae0.914;interface ae0.915;interface ae0.916;interface ae0.917;interface ae0.920;interface ae0.921;interface ae0.922;interface ae0.924;interface ae0.926;interface ae0.927;interface ae0.998;route-distinguisher xxxx76L:100;vrf-target target:xxxx76L:100;vrf-table-label;                        routing-options {    interface-routes {        rib-group inet default-to-global;    }    rib internet-default.inet6.0 {        aggregate {            defaults {                as-path {                    path 6xxx9;                }            }            route 2xxx:xxc0::/29;            route 2xxx:xxx0::/29;        }    }    static {        defaults {            as-path {                path 6xxx9;            }        }        route xxx.xx.32.0/22 discard;        route xxx.xxx.56.0/23 discard;          route xxx.xxx.58.0/24 discard;    }    router-id xxx.xxx.58.252;    autonomous-system 6xxx9 loops 2 independent-domain;}

Here is the internet-global routing table, the only new entry I see is the next-table. No public routes are advertised to the internet-global as far as I can see.

run show route table internet-global.inet   internet-global.inet.0: 10 destinations, 12 routes (10 active, 0 holddown, 1 hidden)+ = Active Route, - = Last Active, * = Both0.0.0.0/0          *[Static/5] 00:05:37                      to table internet-default.inet.0

The internet-default routing table doesn't show any changes. Thanks in advance!

Hi,

Please share the configs that you have created.

Regards

Hi,

Thank you for your reply. I did create a static route 0.0.0.0/0 next-table internet-default.inet.0 on the internet-global routing instance. I also created a rib group on the global routing options (here I'm talking about the physical box) by using rib-groups default-to-global import-rib [internet-default.inet.0 internet-global.inet.0]. I've changed the routes to static discard on the internet-default as you said. I also added the interface-routes to the routings instances. Now when I apply this I can see all routes from both routing instances in their own tables. Wherever I apply the policies to the rib-groups the routes disappear.

What I'm trying to achieve is to advertise the default route (0.0.0.0/0) from the internet-global to the internet-default (is this the correct way? Term 1 from route-filter 0.0.0.0/0 exact then accept then reject) and the public routes from internet-default to internet-global (is this the correct way? Term 1 from route-filter xxx.xx.12.0/22 exact then accept then reject).

I've noticed that the routes that are attached or configured on an interface can be imported and exported using the policies, but the routes I want to export aren't.

I appreciate your help and time!

Best regards,

Hi,

Thanks for sharing the configuration.

The following can possibly be done: -

• Use next-table in the internet-default routing-instance to point the default-route to the global routing-instance.
• Use rib-groups in the default routing-instance to export the required routes from the default instance to the global instance. As default instance is a vrf, instance-import will not work. Also, rib-groups probably won't work with the aggregate routes in the default-routing instance, so you may need to change the aggregate routes in the default routing instance to static discard routes.

Regards

Hi,

Thank you for your message. We are currently using a global routing instances (type virtual router) for the internet traffic and for publishing the default-route (0/0) and default routing instances (type VRF) for the clients as intermediate. There are only two global instances running on two physical routers. Each client has a default routing instance. The default instances are connected to each other using L3VPN (we are a tier-3 ISP).

What I'm trying to achieve is to publish the default-route to the default routing instance.

"Internet-global config"instance-type virtual-router;interface lt-0/0/0.10;interface ae0.101;interface ae0.210;interface ae0.4002;interface ae0.4012;interface ae0.4014;interface ae0.4015;interface lo0.1000;routing-options {    rib internet-global.inet6.0 {        generate {            route ::/0 discard;        }    }    generate {        route 0.0.0.0/0 discard;    }    autonomous-system XXXX22;}protocols {    bgp {	group customers {            type external;            description "default route to internet-default VRF";            advertise-peer-as;            peer-as 64999;            neighbor 111.222.58.251 {                description "internet-default VRF";                local-address 111.222.58.250;                import [ set-lpref-customer accept-own-prefixes-aggregated-v4 reject-all ];                family inet {                    unicast {                        prefix-limit {                            maximum 10;                        }                    }                }                export [ accept-default reject-all ];            }        }}

"Internet-default config"description "Internet VRF - asXXXX22 subnets only!";instance-type vrf;interface lt-0/0/0.11;interface ae0.100;interface ae0.900;interface ae0.901;interface ae0.905;interface ae0.906;interface ae0.911;interface ae0.913;interface ae0.914;interface ae0.915;interface ae0.916;interface ae0.917;interface ae0.920;interface ae0.921;interface ae0.922;interface ae0.924;interface ae0.926;interface ae0.927;interface ae0.998;route-distinguisher XXXXXL:100;vrf-target target:XXXXXL:100;vrf-table-label;                        routing-options {    rib internet-default.inet6.0 {        aggregate {            defaults {                as-path {                    path 6XXX9;                }            }            route XX04:dXX0::/29;            route XX07:bXX0::/29;        }    }    aggregate {        defaults {            as-path {                path 6XXX9;            }        }        route 111.22.32.0/22;        route 111.222.56.0/23;        route 111.22.58.0/24;    }    router-id 111.222.58.250;               autonomous-system 6XXX9 loops 2 independent-domain;}protocols {    bgp {	 group internet-global {                     type external;            description "default route to internet-global";            import [ accept-default reject-all ];            export [ accept-own-prefixes-aggregated-v4 reject-all ];            remove-private;            neighbor 111.222.58.250 {                local-address 111.222.58.251;                peer-as XXXX22;            }        }}

Here you can find the advertised and learned routes using the lt-interfaces:

run show route table internet-global.inet                      internet-global.inet.0: 14 destinations, 15 routes (14 active, 1 holddown, 0 hidden)@ = Routing Use Only, # = Forwarding Use Only+ = Active Route, - = Last Active, * = Both0.0.0.0/0          *[Aggregate/130] 00:20:07                      Discard111.22.32.0/22     *[BGP/170] 00:19:39, localpref 120                      AS path: 6XXX9 I, validation-state: unverified                    > to 111.222.58.251 via lt-0/0/0.10111.222.56.0/23    *[BGP/170] 00:19:39, localpref 120                      AS path: 6XXX9 I, validation-state: unverified                    > to 111.222.58.251 via lt-0/0/0.10111.222.58.0/24    *[BGP/170] 00:19:39, localpref 120                      AS path: 6XXX9 I, validation-state: unverified                    > to 111.222.58.251 via lt-0/0/0.10111.222.58.250/31  *[Direct/0] 00:20:20                    > via lt-0/0/0.10   111.222.58.250/32  *[Local/0] 00:20:20                      Local via lt-0/0/0.10111.222.58.254/32  *[Direct/0] 00:20:20                    > via lo0.1000111.222.58.255/32  @[OSPF/10] 00:20:07, metric 1                    > to 111.222.58.255 via ae0.4002                   #[Direct/0] 00:20:11, metric 1                    > to 111.222.58.255 via ae0.4002

run show route table internet-default.inet                          internet-default.inet.0: 77 destinations, 77 routes (77 active, 0 holddown, 0 hidden)+ = Active Route, - = Last Active, * = Both0.0.0.0/0          *[BGP/170] 00:55:55, localpref 100                      AS path: XXXX22 I, validation-state: unverified                    > to 111.222.58.250 via lt-0/0/0.11111.22.32.0/22     *[Aggregate/130] 00:56:31                      Reject111.222.56.0/23    *[Aggregate/130] 00:56:31                      Reject111.222.58.0/24    *[Aggregate/130] 00:56:36                      Reject111.222.58.250/31  *[Direct/0] 00:56:36                    > via lt-0/0/0.11111.222.58.251/32  *[Local/0] 00:56:36                      Local via lt-0/0/0.11

Best regards,

Mohammad Ayash

Hi,

Between the two routing instances, do you selectively import prefixes? There are several options using instance-imports, rib-groups and next-table. Is it possible to share the configuration of routing-instances and the routes advertised/learned between the two using the lt interfaces?

Regards

Dear Juniper community,

We have a network setup consisting of two physical routers. There are many routing instances running on those routers, the most important ones are the global routing instances (where the internet traffic enters) and the default routing instances. We are currently using logical tunnels between the global and the default to connect them to each other. We would like to replace the lt-interfaces with something like next-table, mainly because of the speed limitation. Any suggestions on how to do this? What would the impact be upon implementing this? I appreciate every reply of you guys.

Best regards,

Mohammad Ayash 

Thanks.

So, looking at your requirements: -

a) "What I'm trying to achieve is to advertise the default route (0.0.0.0/0) from the internet-global to the internet-default" - For this, you need to apply the next-table static route in the internet-default routing-instance. In the configuration shared,  I see the global static default route is pointed towards the default routing table, which is the other way round.

b) "and the public routes from internet-default to internet-global" - As you have created the static discard routes for the public IPs in the default-routing table, you need to apply the rib-group to the static route and not the interface routes. Something like "set routing-instances int-default routing-options static rib-group default-to-global". In the rib-group configuration, you can have an import policy to control which static routes are imported in the global routing table. There is no need to specify from rib and to rib in the policy-statement, as the rib-group configuration already specifies that.It doesn't work in your case, as the rib-group has been applied on the interface-routes.

I simulated the above scenario in lab and it works fine.

Regards

Sure!

Here is the routing-options config

show routing-optionsrib-groups {    default-to-global {        import-rib [ internet-default.inet.0 internet-global.inet.0 ];