This article provides a way to import routes to and from one virtual routing instance to another virtual routing instance, with the goal of enabling communication between the two routing tables.

Virtual routing instances can be used to divide an EX Series switch into multiple routing tables. This allows you to isolate L3 traffic without using multiple devices to segment the network.

To know more about virtual routing instances and what types of virtual routing instances exist for EX switches, refer to Virtual Routing Instances.

 

 

• Two VLANs are present in the switch. Routed VLAN Interfaces (RVI) are created for both VLANs to provide L3 GW services, and each RVI is mapped to a different routing table.

• For communication to occur between the two routing tables, one needs to ensure that the routing information is available in both routing tables. In other words, routing information must be leaked from one table to the other.

 

 

Topology

  ----------------------------------------------
  |                  EX- Switch                |
  -----------|--------------------------|-------
             |                          |
          SERVER-A                  SERVER-B

In this scenario, SERVER-A belongs to VLAN10 VLAN (vlan-id 10) with the L3 gateway IP address 10.0.0.1/24, which is part of the TEST-1 virtual routing instance.

SERVER-B belongs to VLAN20 (vlan-id 20) with the L3 gateway IP address 20.0.0.1/24, which is part of the TEST-2 virtual routing instance.

Non-ELS Junos Configuration

RVI configuration

set interfaces vlan unit 10 family inet address 10.0.0.1/24
set interfaces vlan unit 20 family inet address 20.0.0.1/24

VLAN configuration

set vlans VLAN10 vlan-id 10 l3-interface vlan.10
set vlans VLAN20 vlan-id 20 l3-interface vlan.20

Virtual-router routing instance configuration

set routing-instances TEST-1 instance-type virtual-router
set routing-instances TEST-1 interface vlan.10

set routing-instances TEST-2 instance-type virtual-router
set routing-instances TEST-2 interface vlan.20

Configure the policy-options policy to import from the primary routing table to the TEST routing table:

set policy-options policy-statement FROM-TEST-1 term t1 from instance TEST-1
set policy-options policy-statement FROM-TEST-1 term t1 from route-filter 10.0.0.0/24 orlonger
set policy-options policy-statement FROM-TEST-1 term t1 then accept
set policy-options policy-statement FROM-TEST-1 term t2 then reject

Configure the policy-options policy to import from the TEST routing table to the primary routing table:

set policy-options policy-statement FROM-TEST-2 term t1 from instance TEST-2
set policy-options policy-statement FROM-TEST-2 term t1 from route-filter 20.0.0.0/24 orlonger
set policy-options policy-statement FROM-TEST-2 term t1 then accept
set policy-options policy-statement FROM-TEST-2 term t2 then reject

Configure an import policy to import routes from the TEST-2 virtual routing instance to the TEST-1 virtual routing instance:

set routing-instances TEST-1 routing-options instance-import FROM-TEST-2

Configure an import policy to import routes from the TEST-1 virtual routing instance to the TEST-2 virtual routing instance:

set routing-instances TEST-2 routing-options instance-import FROM-TEST-1

Configure the switch ports:

set interfaces xe-0/1/0 unit 0 family ethernet-switching port-mode access vlan members VLAN10
set interfaces xe-0/1/2 unit 0 family ethernet-switching port-mode access vlan members VLAN20

Verification

{master:0}
root@ex4200> show route instance 
Instance             Type
         Primary RIB                                     Active/holddown/hidden
master               forwarding     
         inet.0                                          3/0/0
         inet6.0                                         1/0/0

TEST-1               virtual-router 
         TEST-1.inet.0                                   4/0/0
         TEST-1.inet6.0                                  1/0/0

TEST-2               virtual-router 
         TEST-2.inet.0                                   4/0/0
         TEST-2.inet6.0                                  1/0/0

__juniper_private1__ forwarding     
         __juniper_private1__.inet.0                     4/0/0

__juniper_private2__ forwarding     
         __juniper_private2__.inet.0                     0/0/1

__master.anon__      forwarding     

{master:0}
root@ex4200> show route table TEST-1.inet.0 

TEST-1.inet.0: 4 destinations, 4 routes (4 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

10.0.0.0/24        *[Direct/0] 00:10:09
                    > via vlan.10
10.0.0.1/32        *[Local/0] 00:10:09
                      Local via vlan.10
20.0.0.0/24        *[Direct/0] 00:08:00
                    > via vlan.20
20.0.0.1/32        *[Local/0] 00:08:00
                      Local via vlan.20

{master:0}
root@ex4200> show route table TEST-2.inet.0    

TEST-2.inet.0: 4 destinations, 4 routes (4 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

10.0.0.0/24        *[Direct/0] 00:08:03
                    > via vlan.10
10.0.0.1/32        *[Local/0] 00:08:03
                      Local via vlan.10
20.0.0.0/24        *[Direct/0] 00:12:06
                    > via vlan.20
20.0.0.1/32        *[Local/0] 00:12:06
                      Local via vlan.20

{master:0}
root@ex4200> show route forwarding-table table TEST-1 
Routing table: TEST-1.inet
Internet:
Destination        Type RtRef Next hop           Type Index    NhRef Netif
default            perm     0                    rjct     1313     1
0.0.0.0/32         perm     0                    dscd     1311     1
10.0.0.0/24        intf     0                    rslv     1355     1 vlan.10
10.0.0.0/32        dest     0 10.0.0.0           recv     1349     1 vlan.10
10.0.0.1/32        intf     0 10.0.0.1           locl     1350     3
10.0.0.1/32        dest     0 10.0.0.1           locl     1350     3
10.0.0.10/32       dest     0 50:c5:8d:b7:f6:9b  ucst     1345     1 vlan.10
10.0.0.255/32      dest     0 10.0.0.255         bcst     1348     1 vlan.10
20.0.0.0/24        user     0                    rtbl     1365     3
20.0.0.1/32        user     0 20.0.0.1           locl     1309     3
224.0.0.0/4        perm     0                    mdsc     1312     1
224.0.0.1/32       perm     0 224.0.0.1          mcst     1315     1
255.255.255.255/32 perm     0                    bcst     1320     1

{master:0}
root@ex4200> show route forwarding-table table TEST-2    
Routing table: TEST-2.inet
Internet:
Destination        Type RtRef Next hop           Type Index    NhRef Netif
default            perm     0                    rjct     1359     1
0.0.0.0/32         perm     0                    dscd     1357     1
10.0.0.0/24        user     0                    rtbl     1323     3
10.0.0.1/32        user     0 10.0.0.1           locl     1350     3
20.0.0.0/24        intf     0                    rslv     1310     1 vlan.20
20.0.0.0/32        dest     0 20.0.0.0           recv     1308     1 vlan.20
20.0.0.1/32        intf     0 20.0.0.1           locl     1309     3
20.0.0.1/32        dest     0 20.0.0.1           locl     1309     3
20.0.0.10/32       dest     0 b0:c6:9a:d8:81:b3  ucst     1356     1 vlan.20
20.0.0.255/32      dest     0 20.0.0.255         bcst     1307     1 vlan.20
224.0.0.0/4        perm     0                    mdsc     1358     1
224.0.0.1/32       perm     0 224.0.0.1          mcst     1361     1
255.255.255.255/32 perm     0                    bcst     1362     1

{master:0}
root@ex4200> show ethernet-switching table 
Ethernet-switching table: 6 entries, 2 learned, 0 persistent entries
  VLAN              MAC address       Type         Age Interfaces
  VLAN10            *                 Flood          - All-members
  VLAN10            00:26:88:76:79:81 Static         - Router
  VLAN10            50:c5:8d:b7:f6:9b Learn       2:06 xe-0/1/0.0
  VLAN20            *                 Flood          - All-members
  VLAN20            00:26:88:76:79:81 Static         - Router
  VLAN20            b0:c6:9a:d8:81:b3 Learn       1:44 xe-0/1/2.0

Here another EX4200 device is used to emulate SERVER-A and SERVER-B connected to switch EX4200. We can therefore ping the GWs and also from 1 server to the other:

{master:0}
root@SERVER-A> ping rapid 10.0.0.1     
PING 10.0.0.1 (10.0.0.1): 56 data bytes
!!!!!
--- 10.0.0.1 ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max/stddev = 1.205/1.437/1.726/0.203 ms

{master:0}
root@SERVER-A> ping rapid 20.0.0.1    
PING 20.0.0.1 (20.0.0.1): 56 data bytes
!!!!!
--- 20.0.0.1 ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max/stddev = 1.224/1.404/1.645/0.161 ms

{master:0}
root@SERVER-A> ping rapid 20.0.0.10   
PING 20.0.0.10 (20.0.0.10): 56 data bytes
!!!!!
--- 20.0.0.10 ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max/stddev = 2.430/2.570/2.919/0.180 ms

{master:0}
root@SERVER-B> ping rapid 20.0.0.1     
PING 20.0.0.1 (20.0.0.1): 56 data bytes
!!!!!
--- 20.0.0.1 ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max/stddev = 1.206/1.420/1.932/0.262 ms

{master:0}
root@SERVER-B> ping rapid 10.0.0.1    
PING 10.0.0.1 (10.0.0.1): 56 data bytes
!!!!!
--- 10.0.0.1 ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max/stddev = 1.203/1.386/1.637/0.144 ms

{master:0}
root@SERVER-B> ping rapid 10.0.0.10   
PING 10.0.0.10 (10.0.0.10): 56 data bytes
!!!!!
--- 10.0.0.10 ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max/stddev = 2.277/2.594/3.364/0.400 ms

Note: The non-ELS syntax in this article (interface VLAN) will be deprecated. Devices that support ELS Junos can be found in Enhanced Layer 2 Software (ELS).

ELS Junos Configuration

To configure an ELS device for route leaking as described in this article, refer to the example below:

RVI configuration:

set interfaces irb unit 10 family inet address 10.0.0.1/24
set interfaces irb unit 20 family inet address 20.0.0.1/24 

VLAN configuration:

set vlans VLAN10 vlan-id 10 l3-interface irb.10
set vlans VLAN20 vlan-id 20 l3-interface irb.20

Virtual-router routing instance configuration:

set routing-instances TEST-1 instance-type virtual-router
set routing-instances TEST-1 interface irb.10

set routing-instances TEST-2 instance-type virtual-router
set routing-instances TEST-2 interface irb.20

Configure the policy-options policy to import from the primary routing table to the TEST routing table:

set policy-options policy-statement FROM-TEST-1 term t1 from instance TEST-1
set policy-options policy-statement FROM-TEST-1 term t1 from route-filter 10.0.0.0/24 orlonger
set policy-options policy-statement FROM-TEST-1 term t1 then accept
set policy-options policy-statement FROM-TEST-1 term t2 then reject

Configure the policy-options policy to import from the TEST routing table to the primary routing table:

set policy-options policy-statement FROM-TEST-2 term t1 from instance TEST-2
set policy-options policy-statement FROM-TEST-2 term t1 from route-filter 20.0.0.0/24 orlonger
set policy-options policy-statement FROM-TEST-2 term t1 then accept
set policy-options policy-statement FROM-TEST-2 term t2 then reject

Configure an import policy to import routes from the TEST-2 virtual routing instance to the TEST-1 virtual routing instance:

set routing-instances TEST-1 routing-options instance-import FROM-TEST-2

Configure an import policy to import routes from the TEST-1 virtual routing instance to the TEST-2 virtual routing instance:

set routing-instances TEST-2 routing-options instance-import FROM-TEST-1

Configure the switch ports:

set interfaces xe-0/1/0 unit 0 family ethernet-switching interface-mode access vlan members VLAN10
set interfaces xe-0/1/2 unit 0 family ethernet-switching interface-mode access vlan members VLAN20

 

2020-11-20: Article updated to reflect both ELS and non-ELS configuration; wording changed about virtual routing instances (as opposed to only VRF which is one type of virtual routing instance); reference to TechDoc, verification steps, and switch port configuration added