Redistributing routes between VRF and INET.0 with logical tunnels

Vendor: Juniper
Device: MX series
Software: 11.4R9.4

 If you don't want to use RIB groups to leak routes between the inet.0 \ VRF routing tables do not fear there is another solution. Using logical tunnels we can form adjancies between the inet.0 and l3vpn tables and redistribute routes. In this example we will use ibgp as the igp. 

 Note: MX Series routers must be equipped with a Trio MPC/MIC module
###################################################################

 set interfaces lt-1/2/0 unit 13 description "GLOBAL"
Configure the Global IBGP Session
set routing-instances L3VPN_(groupname) interface lt-1/2/0.14
show route receive-protocol bgp 1.1.1.2

 Configure the lt interfaces 

 set interfaces lt-1/2/0 unit 13 encapsulation ethernet
set interfaces lt-1/2/0 unit 13 peer-unit 14
set interfaces lt-1/2/0 unit 13 family inet address 192.168.0.1/30

 set interfaces lt-1/2/0 unit 14 description "L3VPN"
set interfaces lt-1/2/0 unit 14 encapsulation ethernet
set interfaces lt-1/2/0 unit 14 peer-unit 13

 set interfaces lt-1/2/0 unit 14 family inet address 192.168.0.1/30
set protocols bgp group (groupname) type internal
set protocols bgp group (groupname) export (groupname)_CUSTOMERS_ROUTES
set protocols bgp group (groupname) export REJECT_ANY
set protocols bgp group (groupname) cluster xxx.xxx.xxx.xxx
set protocols bgp group (groupname) neighbor xxx.xxx.xxx.xxx

 Configure import export policies

 set policy-options policy-statement (groupname)_CUSTOMERS_ROUTES term CUSTOMERS_ROUTES from prefix-list (groupname)_CUSTOMERS_ROUTES
set policy-options policy-statement (groupname)_CUSTOMERS_ROUTES term CUSTOMERS_ROUTES then community delete DELETE_ALL
set policy-options policy-statement (groupname)_CUSTOMERS_ROUTES term CUSTOMERS_ROUTES then next-hop self
set policy-options policy-statement (groupname)_CUSTOMERS_ROUTES term CUSTOMERS_ROUTES then accept

 set policy-options prefix-list (groupname)_CUSTOMERS_ROUTES xxx.xxx.xxx.xxx/24
set policy-options prefix-list (groupname)_CUSTOMERS_ROUTES yyy.yyy.yyy.yyy/24
set policy-options prefix-list (groupname)_CUSTOMERS_ROUTES zzz.zzz.zzz.zzz/26

 Add the lt interface into the VRF
Configure the VRF IBGP Session

 set routing-instances L3VPN_(groupname)  protocols bgp group GLOBAL type internal
set routing-instances L3VPN_(groupname)  protocols bgp group GLOBAL export ABSEC200080_SOURCE_ROUTES
set routing-instances L3VPN_(groupname)  protocols bgp group GLOBAL export REJECT_ANY
set routing-instances L3VPN_(groupname)  protocols bgp group GLOBAL cluster 192.168.0.
set routing-instances L3VPN_(groupname)  protocols bgp group GLOBAL neighbor 83.151.126.49

 Configure import export policies

 set policy-options policy-statement (groupname) _SOURCE_ROUTES term SOURCE_ROUTES from prefix-list (groupname) _SOURCE_ROUTES
set policy-options policy-statement (groupname) _SOURCE_ROUTES term SOURCE_ROUTES then community delete DELETE_ALL
set policy-options policy-statement (groupname) _SOURCE_ROUTES term SOURCE_ROUTES then next-hop self
set policy-options policy-statement (groupname) _SOURCE_ROUTES term SOURCE_ROUTES then accept

 set policy-options prefix-list (groupname) _SOURCE_ROUTES xxx.xxx.xxx.xxx/30
set policy-options prefix-list (groupname) _SOURCE_ROUTES yyy.yyy.yyy.yyy/30

 ###################################################################

 Verify bgp is established and you are learning routes in the global and vrf  tables.

 show bgp neighbor 1.1.1.1 
show bgp neighbor 1.1.1.2

 show bgp summary | match 1.1.1.1 
show bgp summary | match 1.1.1.2

 show route receive-protocol bgp 1.1.1.1
show route receive-protocol bgp 1.1.1.1

 show route receive-protocol bgp 1.1.1.2

Comments

Post a Comment

Popular posts from this blog

Image
VXLAN - GNS3 (VEOS \ IOU_L3)  Images:  Spine - IOU - i86bi_linux-adventerprisek9-ms.152-4.M1" Leaf -  vEOS - 4.13.16M-3213248.41316M.1   This was my first crack at configuring VXLAN i used a combination of vEOS and IOS because that is closest to what I run in my production environment. The actual vxlan configuration is very easy its more about making sure the underlying connectivity is in place. You can build the same lab in GNS3 using the CSR router and EIGRP which should be simpler (I had some issues with route summarization). The most important thing to confirm before starting on the vxlan configuration is that you have full reachability between all the loopbacks. Anyway it worked for me next step is doing this with EVPN. ################# ## SPINE-1 ## ################# conf t ## GENERAL ## hostname SPINE-1 ip multicast-routing ## INTERFACES ## int e0/1 ip addr 10.0.11.1 255.255.255.252 int e0/2 ip add...
Read more

Configure OSPF Juniper SRX

Quick page to remind me how to configure OSPF on SRX's as its been a while. ############# # R1 # ############# set interfaces ge-0/0/0 unit 0 family inet address 10.0.0.1/30 set interfaces ge-0/0/1 unit 0 family inet address 192.168.0.1/24 set interfaces lo0 unit 0 family inet address 1.1.1.1/32 set routing-options router-id 1.1.1.1 set protocols ospf area 0.0.0.0 interface ge-0/0/0.0 set security zones security-zone TRUST interfaces ge-0/0/0.0 host-inbound-traffic system-services ping set security zones security-zone TRUST interfaces ge-0/0/0.0 host-inbound-traffic system-services traceroute set security zones security-zone TRUST interfaces ge-0/0/0.0 host-inbound-traffic system-services ssh set security zones security-zone TRUST interfaces ge-0/0/0.0 host-inbound-traffic protocols ospf set security zones security-zone TRUST address-book address BAML 159.5.153.0/24 set security zones security-zone TRUST host-inbound-traffic system-services all se...
Read more

Upgrading JUNOS via USB

I borrowed this guide from Juniper but keeping it here incase i cannot find it going forward. You need to have a fat32 or smaller than 4gb partitioned USB flash disk.  Enter the shell as root: user@switch> start shell user root Password: root@switch% Before inserting the USB device, perform the following: root@% ls /dev/da* /dev/da0 /dev/da0s1c /dev/da0s2a /dev/da0s3 /dev/da0s3e /dev/da0s1 /dev/da0s1f /dev/da0s2c /dev/da0s3c /dev/da0s1a /dev/da0s2 /dev/da0s2f /dev/da0s3d Insert the USB drive in the USB port. The following output will be displayed: root@% umass1: TOSHIBA TransMemory, rev 2.00/1.00, addr 3 da2 at umass-sim1 bus 1 target 0 lun 0 da2: <TOSHIBA TransMemory 5.00> Removable Direct Access SCSI-0 device da2: 40.000MB/s transfers da2: 983MB (2013184 512 byte sectors: 64H 32S/T 983C) root@% ls /dev/da* /dev/da0 /dev/da0s1c /dev/da0s2a /dev/da0s3 /dev/da0s3e /dev/da0s1 /dev/da0s1f /dev/da0s2c /dev/da0s3c /dev/da2 /dev/da0s1a /dev/da...
Read more