Technical Documentation

Configuring Policy-Based Export for Routing Instances

Configuring policy-based export simplifies the process of exchanging route information between routing instances.

Exporting routing information between routing instances typically is accomplished by configuring separate routing table groups for each instance. The use of policy-based export reduces the configuration needed for exporting routes between multiple routing instances by eliminating the configuration of separate routing table groups for each instance.

Policy-based export is particularly useful in the following two cases:

  • Overlapping VPNs—VPN configurations in which more than one VRF has the same route target
  • Nonforwarding instances—Multilevel IGPs using multiple routing instances

    Note: The instance-export and instance-import statements are not valid for VRF instances. The auto-export statement is valid for VRF and non-VRF instances. The instance-import statement automatically enables auto-export for non-VRF instances.

For detailed information about configuring overlapping VPNs and nonforwarding instances, see the Junos VPNs Configuration Guide.

For sample configurations, see the following sections:

Example: Configuring Policy-Based Export for an Overlapping VPN

In Layer 3 VPNs, a CE router is often a member of more than one VPN. Figure 1 illustrates the topology for the configuration example in this section. The configurations in this section illustrate local connectivity between CE routers connected to the same PE router using BGP.

The configuration statements enable the VPN AB Router CE2 to communicate with the VPN A Router CE1 and the VPN B Router CE3, both directly connected to the Router PE1. VPN routes that originate from the remote PE routers (the PE2 Router, in this case) are placed in a global Layer 3 VPN routing table (bgp.l3vpn.inet.0) and routes with appropriate route targets are imported into the routing tables, as dictated by the VRF import policy configuration.

Figure 1: Configuration of Policy-Based Export for an Overlapping VPN

Image g017003.gif

Configuring Router PE1

This section describes how to configure Router PE1 in the backbone entity for this overlapping VPN by means of policy-based export.

Configure the routing instances for VPN-A, VPN-AB, and VPN-B:

[edit]routing-instances {VPN-A {instance-type vrf;interface fe-1/0/0.0;route-distinguisher 10.255.14.175:3;vrf-export A-out;vrf-import A-in;routing-options {auto-export;static {route 1.1.1.1/32 next-hop fe-1/0/0.0;route 1.1.1.2/32 next-hop fe-1/0/0.0;}}}VPN-AB {instance-type vrf;interface fe-1/1/0.0;route-distinguisher 10.255.14.175:9;vrf-export AB-out;vrf-import AB-in;routing-options {auto-export;static {route 1.1.3.1/32 next-hop fe-1/1/0.0;route 1.1.3.2/32 next-hop fe-1/1/0.0;}}VPN-B {instance-type vrf;interface fe-1/0/2.0;route-distinguisher 10.255.14.175:9;vrf-export B-out;vrf-import B-in;routing-options {auto-export;static {route 1.1.2.1/32 next-hop fe-1/0/2.0;route 1.1.2.2/32 next-hop fe-1/0/2.0;}}}}}

Configuring Router PE2

The configuration for Router PE2 is the same as that for Router PE1; however, the interface names might differ.

Example: Configuring Policy-Based Export for a Nonforwarding Instance

This example shows how to use the instance-import and instance-export statements to control route export between multiple instances. This is equivalent to using the vrf-import and vrf-export statements for VPNs, except these are with nonforwarding instances, not VRF instances.

There are two nonforwarding instances: data and voice. The following is the configuration for a PE router.

Configure the routing instances for data and voice:

[edit]routing-instances {data {instance-type no-forwarding;interface t3-0/1/3.0;routing-options {instance-import data-import;auto-export;protocols {ospf {export accept;area 0.0.0.0 {interface all;}}}}voice {instance-type no-forwarding;interface t3-0/1/0.0;routing-options {instance-import voice-import;auto-export;}protocols {ospf {export accept;area 0.0.0.0 {interface all;}}}}}}

Configure a master policy:

[edit]policy-options {policy-statement master-import {term a {from instance master;then {tag 11;accept;}}term b {from instance data;then {tag 10;accept;}}}}

Configure policies for each instance:

[edit]policy-options {policy-statement data-import {term a {from {instance master;tag 10;then accept;}}term b {then reject;}}policy-statement voice-import {term a {from {instance master;protocol ospf;tag 11;}}term b {then reject;}}}

Related Topics

Published: 2010-07-02