Chris, Thanks for your help. The interface routes did the trick. I forgot those in my previous try with rib-groups.
I do want to mention that when you configure a rib-group for a certain bgp group. The learned routes from neighbors within that bgp group will be placed in inet.0. Although your rib-policy configured in your your rib-group might reject all routes. I did not expect this to happen but it works for us. Regards, Mark Meijerink SARA Chris Spears wrote: > The vrf-import/export policies are only for vpn route distribution. > AFAIK, you have to use rib-groups to go between a routing-instance > (vrf/l3vpn/virtual-router) and master. Use one rib-group to put the > AMS-IX routes into the vrf, and apply another to your routing protocols > in the VRF (or to auto-export) in order to dump routes back to inet.0. > Just don't forget interface-routes so you can resolve next-hops. > > -- > Chris > > > Mark Meijerink wrote: >> Hi there, >> >> I have been working on dynamic leaking of routes between the global routing >> table and the vrf routing table based on communities. But I have failed to >> make it work. I have already seen multiple examples but those did not work >> for me. I will give s short description of what we are trying to achieve >> and I hope you can point me in the right direction. >> >> In the global routing table we have our peerings with AMS-IX peers and iBGP >> peerings with two core routers. The AMS-IX routes are given a certain >> community. We want to create a vrf with customers which only have AMS-IX >> connectivity. So we want to dynamically leak routes into the vrf based on the >> community. In the vrf we have BGP sessions with the customers and the routes >> we learn from them are tagged with a certain community as well. These >> routes must be dynamically leaked into the global routing table. We are >> looking for a way to dynamically leak routes in two directions. >> >> I have tried using rib-groups and tried to make it work using the vrf-import >> and vrf-export policies. Could you please let me know how I can make the >> setup as explained above work. The difficulty we are introducing is that we >> want to leak dynamically and not static. Thanks in advance for your reply >> and advice. >> >> Regards, >> Mark Meijerink >> SARA >> >> >> >> ------------------------------------------------------------------------ >> >> _______________________________________________ >> juniper-nsp mailing list juniper-nsp@puck.nether.net >> https://puck.nether.net/mailman/listinfo/juniper-nsp >
signature.asc
Description: OpenPGP digital signature
_______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp