I just found this excellent post that describes how rib-groups and auto-export work, including the differences between them. I don't think auto-export will work for going to the main/default inet.0 table (it relies on route-distinguishers, so it only works between VRFs), but "instance-import/export" may work instead if you'd rather not use rib-groups:
http://forums.juniper.net/t5/TheRoutingChurn/Using-rib-groups-or-auto-export-for-route-leaking/ba-p/202349 On Wed, Jan 14, 2015 at 10:52:40AM -0500, Chuck Anderson wrote: > I do this with rib-groups directly, not auto-export. You need to > mention both the VRF and inet.0 tables in the rib-group, with the VRF > one first (primary table): > > Main routing-options: > > routing-options { > rib-groups { > vrf_and_inet0 { > import-rib [ vrf.inet.0 inet.0 ]; > import-policy my_pol; > } > } > } > > You also need to add the rib-group to the direct routes, and BGP > protocol (and/or OSPF or whatever the PE-CE protocol is) inside the > VRF: > > routing-instances vrf { > routing-options { > interface-routes { > rib-group { > inet vrf_and_inet0; > } > } > } > protocols { > bgp { > family inet { > unicast { > rib-group vrf_and_inet0; > } > } > } > } > } > > Add other families and/or multicast as needed. > > On Wed, Jan 14, 2015 at 04:01:50PM +0100, Tom Eichhorn wrote: > > Hi Dave & j-nsp, > > > > I tried your example, > > but it does not work - and I am a little bit helpless: > > > > http://0bin.net/paste/lpH6zV8Pk2EXnI9L#F5xzmKZTpl9hA5QjZipHfz83-xdG6qexK4MGyM6SSCU > > > > I also tried having an "accept all" import policy, but that doesn't > > changed anything. > > > > Thanks for your help, > > Tom > > > > PS: This is a MX running 12.3R5.7 > > > > Am 14/01/15 um 11:37 schrieb Dave Bell: > > >rib-groups is indeed the simplest way to do this. Something like this > > >should work for you: > > > > > >routing-options { > > > rib-groups { > > > import_inet0 { > > > import-rib inet.0; > > > import-policy my_pol; > > > } > > >} > > > > > >policy-options { > > > policy-statement my_pol { > > > term 10 { > > > from { > > > route-filter a.b.c.d/32 exact; > > > } > > > then accept; > > > } > > > term 30 { > > > then reject; > > > } > > > } > > >} > > >routing-instances { > > > my_instance { > > > routing-options { > > > static { > > > route 0.0.0.0/0 next-table inet.0; > > > } > > > auto-export { > > > family inet { > > > unicast { > > > rib-group import_inet0; > > > } > > > } > > > } > > > } > > >} > > > > > >On 14 January 2015 at 09:31, Tom Eichhorn <t...@wirkbetrieb.net> wrote: > > >>Hi Guys, > > >> > > >>I am currently facing a problem, > > >>to which I do not have currently a clean solution: > > >> > > >>I have routes in some L3 VPN vrf, and I need to merge some of them to > > >>inet.0, > > >>but I have no real clue how to do that. > > >> > > >>RIB-groups would only merge all, and tbh, I never understood rib-groups > > >>and > > >>the > > >>documentation is a little bit unclear how they work. > > >> > > >>My current solution is having a lt-interface between the inet.0 and > > >>vrf.inet.0 and speaking BGP, > > >>but that limits the traffic volume to one PFE (yes, I could have > > >>lt-interfaces on each PFE and do ECMP, but > > >>that would be that dirty...) > > >> > > >>I tried also instance-import under routing-options, but that doesn't work > > >>for some reason, instance-export > > >>in the vrf is not supported - this only works for virtual routers, but not > > >>VRFs... > > >> > > >>I also tried some bad hacks on the bgp configuration, e.g. deleting the > > >>vrf-community before importing etc, > > >>but all of that also did not work :( > > >> > > >>Any hint or idea? > > >> > > >>Thanks, > > >>Tom > > >> > > >>PS: For the other way round, getting the default route to the VRF, I > > >>simply > > >>use a next-table inet.0 route in the vrf. _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp