Juniper - Interinstance Route Sharing
This post is about how to configure interinstance route sharing on a Juniper PE router.
What we want to accomplish is that Router 7 and Router 9 are able to reach the lo0 interface on router 8 and vice versa. Router 7 and Router 9 should not be able to reach each others loopback interfaces.
The diagram is shown below :
Interinstance route sharing on Juniper routers can be configured in different ways. The easiest way to do this is in my opinion by using an auto-export policy which I will show how to configure in this post.
First we need to creat an auto-export policy which can be used to enable the auto-export function for all vrf’s. It is also possible to configure this policy per vrf.
Auto-export policy :
|
|
|
Router 4 :
set groups vrf-export-on routing-instances <*> routing-options auto-export
or
chris@IPLOGIC-4# run show configuration groups
vrf-export-on {
routing-instances {
<*> {
routing-options {
auto-export;
}
}
}
}
|
Next we need to apply this policy to all vrf’s so we can choose which routes from which vrf to import in which vrf :
Apply auto-export policy to vrf’s:
|
|
|
Router 4 :
set routing-instances apply-groups vrf-export-on
or
routing-instances {
apply-groups vrf-export-on;
}
|
As shown in the diagram VPNB uses eBGP as PE-CE routing-protocol, VPNBC uses static and VPNC uses OSPF as PE-CE protocol.
Below are the VPN configurations on the PE-side (Router 4) :
Routing-instances configuration :
|
|
|
Router 4 :
set routing-instances VPNB instance-type vrf
set routing-instances VPNB interface fxp7.470
set routing-instances VPNB route-distinguisher 65000:9
set routing-instances VPNB vrf-import VPNB-in
set routing-instances VPNB vrf-export VPNB-out
set routing-instances VPNB vrf-table-label
set routing-instances VPNB routing-options autonomous-system 65001
set routing-instances VPNB routing-options autonomous-system independent-domain
set routing-instances VPNB routing-options auto-export
set routing-instances VPNB protocols bgp group VPNB_EBGP type external
set routing-instances VPNB protocols bgp group VPNB_EBGP local-address 10.0.47.1
set routing-instances VPNB protocols bgp group VPNB_EBGP peer-as 65005
set routing-instances VPNB protocols bgp group VPNB_EBGP neighbor 10.0.47.2
set routing-instances VPNBC instance-type vrf
set routing-instances VPNBC interface fxp5.480
set routing-instances VPNBC route-distinguisher 65000:10
set routing-instances VPNBC vrf-import VPNBC-in
set routing-instances VPNBC vrf-export VPNBC-out
set routing-instances VPNBC vrf-table-label
set routing-instances VPNBC routing-options static route 8.8.8.8/32 next-hop 10.0.48.2
set routing-instances VPNBC routing-options auto-export
set routing-instances VPNC instance-type vrf
set routing-instances VPNC interface fxp6.490
set routing-instances VPNC route-distinguisher 65000:3
set routing-instances VPNC vrf-import VPNC-in
set routing-instances VPNC vrf-export VPNC-out
set routing-instances VPNC vrf-table-label
set routing-instances VPNC routing-options auto-export
set routing-instances VPNC protocols ospf area 0.0.0.0 interface fxp6.490 interface-type p2p
set policy-options community VPNB members target:65000:222
set policy-options community VPNBC members target:65000:232
set policy-options community VPNC members target:65000:333
or
routing-instances {
apply-groups vrf-export-on;
VPNB {
instance-type vrf;
interface fxp7.470;
route-distinguisher 65000:9;
vrf-import VPNB-in;
vrf-export VPNB-out;
vrf-table-label;
routing-options {
autonomous-system 65001 independent-domain;
auto-export;
}
protocols {
bgp {
group VPNB_EBGP {
type external;
local-address 10.0.47.1;
peer-as 65005;
neighbor 10.0.47.2;
}
}
}
}
VPNBC {
instance-type vrf;
interface fxp5.480;
route-distinguisher 65000:10;
vrf-import VPNBC-in;
vrf-export VPNBC-out;
vrf-table-label;
routing-options {
static {
route 8.8.8.8/32 next-hop 10.0.48.2;
}
auto-export;
}
}
VPNC {
instance-type vrf;
interface fxp6.490;
route-distinguisher 65000:3;
vrf-import VPNC-in;
vrf-export VPNC-out;
vrf-table-label;
routing-options {
auto-export;
}
protocols {
ospf {
area 0.0.0.0 {
interface fxp6.490 {
interface-type p2p;
}
}
}
}
}
}
policy-options {
community VPNB members target:65000:222;
community VPNBC members target:65000:232;
community VPNC members target:65000:333;
}
|
Next we need to configure the import and export policies for the vrf’s because these policies decide which routes will get imported into the routing-instances routing tables.
Export and Import policy configurations :
|
|
|
Router 4 :
set policy-options policy-statement VPNB-in from community VPNB
set policy-options policy-statement VPNB-in then accept
set policy-options policy-statement VPNB-out term 10 from protocol bgp
set policy-options policy-statement VPNB-out term 10 from route-filter 7.7.7.7/32 exact
set policy-options policy-statement VPNB-out term 10 then community add VPNB
set policy-options policy-statement VPNB-out term 10 then accept
set policy-options policy-statement VPNB-out term 30 from protocol direct
set policy-options policy-statement VPNB-out term 30 from route-filter 10.0.47.0/30 exact
set policy-options policy-statement VPNB-out term 30 then community add VPNB
set policy-options policy-statement VPNB-out term 30 then accept
set policy-options policy-statement VPNB-out term REJECT then reject
set policy-options policy-statement VPNBC-in from community VPNB
set policy-options policy-statement VPNBC-in from community VPNC
set policy-options policy-statement VPNBC-in then accept
set policy-options policy-statement VPNBC-out then community add VPNB
set policy-options policy-statement VPNBC-out then community add VPNC
set policy-options policy-statement VPNBC-out then accept
set policy-options policy-statement VPNC-in from community VPNC
set policy-options policy-statement VPNC-in then accept
set policy-options policy-statement VPNC-out then community add VPNC
set policy-options policy-statement VPNC-out then accept
or
policy-options {
policy-statement VPNB-in {
from community VPNB;
then accept;
}
policy-statement VPNB-out {
term 10 {
from {
protocol bgp;
route-filter 7.7.7.7/32 exact;
}
then {
community add VPNB;
accept;
}
}
term 30 {
from {
protocol direct;
route-filter 10.0.47.0/30 exact;
}
then {
community add VPNB;
accept;
}
}
term REJECT {
then reject;
}
}
policy-statement VPNBC-in {
from community [ VPNB VPNC ];
then accept;
}
policy-statement VPNBC-out {
then {
community add VPNB;
community add VPNC;
accept;
}
}
policy-statement VPNC-in {
from community VPNC;
then accept;
}
policy-statement VPNC-out {
then {
community add VPNC;
accept;
}
}
community VPNB members target:65000:222;
community VPNBC members target:65000:232;
community VPNC members target:65000:333;
}
|
Let’s take a look at the routing-tables of the routing-instances :
Routing-tables :
|
|
|
Router 4 :
chris@IPLOGIC-4# run show route table VPNB
VPNB.inet.0: 10 destinations, 10 routes (10 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
8.8.8.8/32 *[Static/5] 01:22:53
> to 10.0.48.2 via fxp5.480
10.0.47.0/30 *[Direct/0] 01:22:54
> via fxp7.470
10.0.47.1/32 *[Local/0] 01:22:54
Local via fxp7.470
10.0.48.0/30 *[Direct/0] 01:22:53
> via fxp5.480
10.0.48.1/32 *[Local/0] 01:22:53
Local via fxp5.480
7.7.7.7/32 *[BGP/170] 00:31:09, localpref 100
AS path: 65005 I
> to 10.0.47.2 via fxp7.470
Routing-table VPNBC :
chris@IPLOGIC-4# run show route table VPNBC
VPNBC.inet.0: 10 destinations, 10 routes (10 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
8.8.8.8/32 *[Static/5] 01:24:42
> to 10.0.48.2 via fxp5.480
9.9.9.9/32 *[OSPF/10] 01:24:27, metric 10
> to 10.0.49.2 via fxp6.490
10.0.47.0/30 *[Direct/0] 01:24:41
> via fxp7.470
10.0.48.0/30 *[Direct/0] 01:24:42
> via fxp5.480
10.0.48.1/32 *[Local/0] 01:24:42
Local via fxp5.480
10.0.49.0/30 *[Direct/0] 01:24:41
> via fxp6.490
10.0.49.1/32 *[Local/0] 01:24:41
Local via fxp6.490
7.7.7.7/32 *[BGP/170] 00:30:36, localpref 100
AS path: 65005 I
> to 10.0.47.2 via fxp7.470
Routing-table VPNC :
chris@IPLOGIC-4# run show route table VPNC
VPNC.inet.0: 7 destinations, 8 routes (7 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
8.8.8.8/32 *[Static/5] 01:25:53
> to 10.0.48.2 via fxp5.480
9.9.9.9/32 *[OSPF/10] 01:25:39, metric 10
> to 10.0.49.2 via fxp6.490
10.0.48.0/30 *[Direct/0] 01:25:53
> via fxp5.480
10.0.48.1/32 *[Local/0] 01:25:53
Local via fxp5.480
10.0.49.0/30 *[Direct/0] 01:25:54
> via fxp6.490
[OSPF/10] 01:25:49, metric 10
> via fxp6.490
10.0.49.1/32 *[Local/0] 01:25:54
Local via fxp6.490
224.0.0.5/32 *[OSPF/10] 01:25:55, metric 1
MultiRecv
|