VPNs
-
New ARI-TS routing protocol type for IPsec VPN traffic selector routes (MX-SPC3, SRX Series firewalls, and vSRX running iked process)—Starting in Junos OS Release 22.2R1, when an IPsec negotiation is completed using a traffic selector configuration, the routes are installed as auto route insertion for traffic selectors (ARI-TS) routes instead of static routes.
Starting in Junos OS Release 22.2R1, ARI routes are considered as a routing protocol. These routes are installed with the same route preference and metric as in the previous implementation. With this approach, you can change the default route preference of the ARI-TS routes without impacting other routing protocols. You can also change the default preference value of the ARI-TS protocol per traffic selector to override the global option.
As ARI-TS is a new protocol, you may need to update routing policy statements depending on the configuration.
-
To modify the default preference value with a global scope for an ARI-TS route, use the
set protocol ipsec-traffic-selector preference pref-value
command. -
To modify the preference value at each traffic selector level—that is, to configure a local preference value for an ARI-TS route, use the
set security ipsec vpn vpn-name traffic-selector ts-name preference pref-value
command. -
To add the ARI-TS protocol as the policy option along with the existing protocols such as BGP and OSFP, use the
set policy-options policy-statement policy_name term term_name from protocol ari-ts
command.
If you've configured the preference values at both global and local levels, the local preference value takes precedence.
[See Understanding Traffic Selectors in Route-Based VPNs, ipsec-traffic-selector, and traffic-selector.]
-