On Mon, Mar 21, 2016 at 05:04:35PM +0100, Raphael Mazelier wrote: > I am currently evaluating how to migrate the internet dmz, and the > public pfx of my customers into VRF. > During the migration phase I have to leak pfx from vrf to the global table. > Don't ask why, but I cannot do the leaking on the PE-CE side as it > should normaly occur. > So I want to do leaking on the remote PE from pfx learned via mp-bgp > on the vrf to the global, and afaik it is not possible directly. > > I know that this topic have been discussed before, but if someone > have some hints on how to do this the cleanest way possible.
You can use rib-groups to do this. > - advertise twice the route in family inet in addition to inet-vpn, > in order to leak it with rib-group (since rib-group only work when > pfx is in a primary table) I don't think this is true. I'm doing this and it works. set routing-instances INTERNET protocols bgp family inet unicast rib-group INTERNET-to-MAIN-UCAST set routing-instances INTERNET protocols bgp family inet6 unicast rib-group INTERNET-to-MAIN-UCAST6 set routing-options rib-groups INTERNET-to-MAIN-UCAST import-rib INTERNET.inet.0 set routing-options rib-groups INTERNET-to-MAIN-UCAST import-rib inet.0 set routing-options rib-groups INTERNET-to-MAIN-UCAST6 import-rib INTERNET.inet6.0 set routing-options rib-groups INTERNET-to-MAIN-UCAST6 import-rib inet6.0 _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp