Hello,
Anyone wants to help a bit? I think I'm missing something totally obvious here but cannot figure it out.
I have an SRX1400 cluster running JunOS 12.3X48-D85. There is a virtual-router type routing instance which is learning routes from a remote source by eBGP. I would want to import some of those routes into the master inet.0 routing table by using instance-import, but that's not doing anything. And I cannot figure out any troubleshooting tools for it either.
I know this would probably work just fine by using rib-groups, but for some reasons I would like to avoid using them and just use import policies. The main reason being that similar configuration will most likely be multiplied to some hundreds of routing-instances and I don't want to end up configuring a separate rib-group for all of them. One generic import rule with suitable filter rules would be much more convinient.
The configuration which I believe should be correct is below, but I have been attempting quite a few different combinations already.. Including policy-statements which accept everything.
Import policy:
user@fwX_node0> show configuration policy-options policy-statement import-instances-to-default
term reject-default {
from {
route-filter 0.0.0.0/0 exact;
}
then reject;
}
term vpn-routers {
from {
instance vpn-routers;
protocol bgp;
route-filter 10.0.0.0/16 orlonger;
}
then accept;
}
term reject-rest {
then reject;
}
Main instance routing-options:
user@fwX_node0> show configuration routing-options
static {
...removed as unrelated
}
router-id 10.69.69.1;
autonomous-system 65400;
instance-import import-instances-to-default;
Routing-instance with BGP neighborhood to a remote device:
user@fwX_node0> show configuration routing-instances vpn-routers
instance-type virtual-router;
interface reth3.253;
routing-options {
static {
route 0.0.0.0/0 next-table inet.0;
route 172.16.0.0/16 reject;
route 10.56.0.0/16 reject;
route 10.57.0.0/16 reject;
}
router-id 100.69.0.1;
}
protocols {
bgp {
group dc1-vpn2 {
import 394682-vpn-routers-import; // Filters towards BGP, removing doesn't affect
export 394682-vpn-routers-export; // Filters towards BGP, removing doesn't affect
peer-as 65402;
neighbor 100.69.0.2 {
local-address 100.69.0.1;
}
}
}
}
Example route, missing from the main table:
user@fwX_node0> show route 10.57.114.2
inet.0: 1126 destinations, 1193 routes (1123 active, 3 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
0.0.0.0/0 *[Static/5] 18w1d 19:33:07
> to xx.xx.xxx.xxx via reth0.0
vpn-routers.inet.0: 12 destinations, 12 routes (12 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
10.57.114.0/24 *[BGP/170] 06:30:01, MED 0, localpref 100
AS path: 65402 ?, validation-state: valid
> to 100.69.0.2 via reth3.253
{primary:node0}