Configuring Overlapping VPNs Using Automatic Route Export

A problem with multiple routing instances is how to export routes between routing instances. You can accomplish this in JUNOS software by configuring routing table groups for each routing instance that needs to export routes to other routing tables. For information on how to configure overlapping VPNs by using routing table groups, see Configuring Overlapping VPNs Using Routing Table Groups.

However, using routing table groups has limitations:

• Routing table group configuration is complex. You must define a unique routing table group for each routing instance that will export routes.
• You must also configure a unique routing table group for each protocol that will export routes.

To limit and sometimes eliminate the need to configure routing table groups in multiple routing instance topologies, you can use the functionality provided by the auto-export statement.

The auto-export statement is particularly useful for configuring overlapping VPNs—VPN configurations where more than one VRF routing instance lists the same community route target in its vrf-import policy. The auto-export statement finds out which routing tables to export routes from and import routes to by examining the existing policy configuration.

The auto-export statement automatically exports routes between the routing instances referencing a given route target community. When the auto-export statement is configured, a VRF target tree is constructed based on the vrf-import and vrf-export policies configured on the system. If a routing instance references a route target in its vrf-import policy, the route target is added to the import list for the target. If it references a specific route target in its vrf-export policy, the route target is added to the export list for that target. Route targets where there is a single importer that matches a single exporter or with no importers or exporters are ignored.

Changes to routing tables that export route targets are tracked. When a route change occurs, the routing instance’s vpn-export policy is applied to the route. If it is allowed, the route is imported to all the import tables (subject to the vrf-import policy) of the route targets set by the export policy.

The sections that follow describe how to configure overlapping VPNs by using the auto-export statement for inter-instance export in addition to routing table groups:

• Configuring Overlapping VPNs with BGP and Automatic Route Export
• Configuring Overlapping VPNs and Additional Tables
• Configuring Automatic Route Export for All VRF Instances

Copyright © 2008, Juniper Networks, Inc. All rights reserved. Trademark Notice.