Mailing List Archive

R.N.,

Using auto-export is a lot more flexible than rib-groups both from a theoretical and experience point-of-view; rib-groups bring pain.

It's also easier to explain to others how the coupling between auto-export and policies work rather than try and explain how rib-groups import and export routes between VRFs (the configuration also changes depending on the protocol the route has been learned from).

Chris

Just an addendum, if you've got any IPVPN policies that once used a match on protocol bgp as well as a community, you'll need to remove that for routes you wish to import that are imported from the same node.


-----Original Message-----
From: MPLS Newbie [mailto:routernewbie@hotmail.com]
Sent: Thu 11/6/2003 6:56 PM
To: juniper-nsp@puck.nether.net
Cc:
Subject: [j-nsp] auto-export vs rib-groups
Dear List,

Can someone comment based on operational experience or router-geeking
experience regarding to using the knob of auto-export to exchange routes
among vrf's vs using rib-groups to achieve the same?

any pro's or con's?

Much appreciated.

Router Newbie

_________________________________________________________________
MSN Shopping upgraded for the holidays! Snappier product search...
http://shopping.msn.com

_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
http://puck.nether.net/mailman/listinfo/juniper-nsp





------------------------------------------------------------------------------
"This communication, including any attachments, is confidential.
If you are not the intended recipient, you should not read
it - please contact me immediately, destroy it, and do not
copy or use any part of this communication or disclose
anything about it. Thank you."
------------------------------------------------------------------------------

Agree with all but the 'flexible' part. Auto-export is way easier but it
moves ALL of the routes between the VRFs. Rib-groups require a lot of
thought and configuration, but you have the option of applying routing
policies to the groups which allows you fine-grained control over which
routes are shared and which are not. So, I would argue that rib-groups
are more flexible in the long run.

-joe

> -----Original Message-----
> From: juniper-nsp-bounces@puck.nether.net
> [mailto:juniper-nsp-bounces@puck.nether.net] On Behalf Of
> Chris Hellberg
> Sent: Thursday, November 06, 2003 3:08 AM
> To: MPLS Newbie; juniper-nsp@puck.nether.net
> Subject: RE: [j-nsp] auto-export vs rib-groups
>
>
> R.N.,
>
> Using auto-export is a lot more flexible than rib-groups both
> from a theoretical and experience point-of-view; rib-groups
> bring pain.
>
> It's also easier to explain to others how the coupling
> between auto-export and policies work rather than try and
> explain how rib-groups import and export routes between VRFs
> (the configuration also changes depending on the protocol the
> route has been learned from).
>
> Chris
>
> Just an addendum, if you've got any IPVPN policies that once
> used a match on protocol bgp as well as a community, you'll
> need to remove that for routes you wish to import that are
> imported from the same node.
>
>
> -----Original Message-----
> From: MPLS Newbie [mailto:routernewbie@hotmail.com]
> Sent: Thu 11/6/2003 6:56 PM
> To: juniper-nsp@puck.nether.net
> Cc:
> Subject: [j-nsp] auto-export vs rib-groups
> Dear List,
>
> Can someone comment based on operational experience or
> router-geeking
> experience regarding to using the knob of auto-export to
> exchange routes
> among vrf's vs using rib-groups to achieve the same?
>
> any pro's or con's?
>
> Much appreciated.
>
> Router Newbie
>
> _________________________________________________________________
> MSN Shopping upgraded for the holidays! Snappier product search...
> http://shopping.msn.com
>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp@puck.nether.net
> http://puck.nether.net/mailman/listinfo/junipe> r-nsp
>
>
>
>
>
>
>
> --------------------------------------------------------------
> ----------------
> "This communication, including any attachments, is confidential.
> If you are not the intended recipient, you should not read
> it - please contact me immediately, destroy it, and do not
> copy or use any part of this communication or disclose
> anything about it. Thank you."
> --------------------------------------------------------------
> ----------------
>
>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp@puck.nether.net
> http://puck.nether.net/mailman/listinfo/junipe> r-nsp
>

Hi R.N

It is not true that ALL routes are moved between VRFs when auto export
is used. In both the vrf and non-vrf implementation you can use
policies to control which routes are imported and exported and all
features of the policies are used. The only thing you cannot change
using the policies is the next-hop for obvious reasons.

In the VRF implementation the policies in vrf-import and vrf-export are
applied.
In the case of non-vrf instances instance-import and instance-export
policies are honoured

The benifits of auto-export is the reduction in the amount of
configuration required and the ease of understanding.

Gary

On Thursday, Nov 6, 2003, at 07:25 US/Pacific, Joe Soricelli wrote:

> Agree with all but the 'flexible' part. Auto-export is way easier but
> it
> moves ALL of the routes between the VRFs. Rib-groups require a lot of
> thought and configuration, but you have the option of applying routing
> policies to the groups which allows you fine-grained control over which
> routes are shared and which are not. So, I would argue that rib-groups
> are more flexible in the long run.
>
> -joe
>
>> -----Original Message-----
>> From: juniper-nsp-bounces@puck.nether.net
>> [mailto:juniper-nsp-bounces@puck.nether.net] On Behalf Of
>> Chris Hellberg
>> Sent: Thursday, November 06, 2003 3:08 AM
>> To: MPLS Newbie; juniper-nsp@puck.nether.net
>> Subject: RE: [j-nsp] auto-export vs rib-groups
>>
>>
>> R.N.,
>>
>> Using auto-export is a lot more flexible than rib-groups both
>> from a theoretical and experience point-of-view; rib-groups
>> bring pain.
>>
>> It's also easier to explain to others how the coupling
>> between auto-export and policies work rather than try and
>> explain how rib-groups import and export routes between VRFs
>> (the configuration also changes depending on the protocol the
>> route has been learned from).
>>
>> Chris
>>
>> Just an addendum, if you've got any IPVPN policies that once
>> used a match on protocol bgp as well as a community, you'll
>> need to remove that for routes you wish to import that are
>> imported from the same node.
>>
>>
>> -----Original Message-----
>> From: MPLS Newbie [mailto:routernewbie@hotmail.com]
>> Sent: Thu 11/6/2003 6:56 PM
>> To: juniper-nsp@puck.nether.net
>> Cc:
>> Subject: [j-nsp] auto-export vs rib-groups
>> Dear List,
>>
>> Can someone comment based on operational experience or
>> router-geeking
>> experience regarding to using the knob of auto-export to
>> exchange routes
>> among vrf's vs using rib-groups to achieve the same?
>>
>> any pro's or con's?
>>
>> Much appreciated.
>>
>> Router Newbie
>>
>> _________________________________________________________________
>> MSN Shopping upgraded for the holidays! Snappier product search...
>> http://shopping.msn.com
>>
>> _______________________________________________
>> juniper-nsp mailing list juniper-nsp@puck.nether.net
>> http://puck.nether.net/mailman/listinfo/junipe> r-nsp
>>
>>
>>
>>
>>
>>
>>
>> --------------------------------------------------------------
>> ----------------
>> "This communication, including any attachments, is confidential.
>> If you are not the intended recipient, you should not read
>> it - please contact me immediately, destroy it, and do not
>> copy or use any part of this communication or disclose
>> anything about it. Thank you."
>> --------------------------------------------------------------
>> ----------------
>>
>>
>> _______________________________________________
>> juniper-nsp mailing list juniper-nsp@puck.nether.net
>> http://puck.nether.net/mailman/listinfo/junipe> r-nsp
>>
>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp@puck.nether.net
> http://puck.nether.net/mailman/listinfo/juniper-nsp
>

But you can put a from protocol xyz in your import or export policy to choose the protocol types you want to appear in your VRF in combination with the auto-export statement.

One of the reasons why I chose to say rib-groups (which I neglected to mention) were less flexible is the fact you can't import directly-connected routes between VRFs - you have to do some static-route hackery.

-----Original Message-----
From: Joe Soricelli [mailto:jms@juniper.net]
Sent: Fri 11/7/2003 4:25 AM
To: Chris Hellberg; MPLS Newbie; juniper-nsp@puck.nether.net
Cc:
Subject: RE: [j-nsp] auto-export vs rib-groups
Agree with all but the 'flexible' part. Auto-export is way easier but it
moves ALL of the routes between the VRFs. Rib-groups require a lot of
thought and configuration, but you have the option of applying routing
policies to the groups which allows you fine-grained control over which
routes are shared and which are not. So, I would argue that rib-groups
are more flexible in the long run.

-joe

> -----Original Message-----
> From: juniper-nsp-bounces@puck.nether.net
> [mailto:juniper-nsp-bounces@puck.nether.net] On Behalf Of
> Chris Hellberg
> Sent: Thursday, November 06, 2003 3:08 AM
> To: MPLS Newbie; juniper-nsp@puck.nether.net
> Subject: RE: [j-nsp] auto-export vs rib-groups
>
>
> R.N.,
>
> Using auto-export is a lot more flexible than rib-groups both
> from a theoretical and experience point-of-view; rib-groups
> bring pain.
>
> It's also easier to explain to others how the coupling
> between auto-export and policies work rather than try and
> explain how rib-groups import and export routes between VRFs
> (the configuration also changes depending on the protocol the
> route has been learned from).
>
> Chris
>
> Just an addendum, if you've got any IPVPN policies that once
> used a match on protocol bgp as well as a community, you'll
> need to remove that for routes you wish to import that are
> imported from the same node.
>
>
> -----Original Message-----
> From: MPLS Newbie [mailto:routernewbie@hotmail.com]
> Sent: Thu 11/6/2003 6:56 PM
> To: juniper-nsp@puck.nether.net
> Cc:
> Subject: [j-nsp] auto-export vs rib-groups
> Dear List,
>
> Can someone comment based on operational experience or
> router-geeking
> experience regarding to using the knob of auto-export to
> exchange routes
> among vrf's vs using rib-groups to achieve the same?
>
> any pro's or con's?
>
> Much appreciated.
>
> Router Newbie
>
> _________________________________________________________________
> MSN Shopping upgraded for the holidays! Snappier product search...
> http://shopping.msn.com
>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp@puck.nether.net
> http://puck.nether.net/mailman/listinfo/junipe> r-nsp
>
>
>
>
>
>
>
> --------------------------------------------------------------
> ----------------
> "This communication, including any attachments, is confidential.
> If you are not the intended recipient, you should not read
> it - please contact me immediately, destroy it, and do not
> copy or use any part of this communication or disclose
> anything about it. Thank you."
> --------------------------------------------------------------
> ----------------
>
>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp@puck.nether.net
> http://puck.nether.net/mailman/listinfo/junipe> r-nsp
>





------------------------------------------------------------------------------
"This communication, including any attachments, is confidential.
If you are not the intended recipient, you should not read
it - please contact me immediately, destroy it, and do not
copy or use any part of this communication or disclose
anything about it. Thank you."
------------------------------------------------------------------------------

I may be reading this wrong but...

Both rib-groups and auto-export allow the importing of directly
connected routes. This is done in rib-groups using interface-routes
configuration which shares directly between routing instances. Without
these routes forwarding would obviously break.

Gary

On Thursday, Nov 6, 2003, at 11:56 US/Pacific, Chris Hellberg wrote:

> But you can put a from protocol xyz in your import or export policy to
> choose the protocol types you want to appear in your VRF in
> combination with the auto-export statement.
>
> One of the reasons why I chose to say rib-groups (which I neglected to
> mention) were less flexible is the fact you can't import
> directly-connected routes between VRFs - you have to do some
> static-route hackery.
>
> -----Original Message-----
> From: Joe Soricelli [mailto:jms@juniper.net]
> Sent: Fri 11/7/2003 4:25 AM
> To: Chris Hellberg; MPLS Newbie; juniper-nsp@puck.nether.net
> Cc:
> Subject: RE: [j-nsp] auto-export vs rib-groups
> Agree with all but the 'flexible' part. Auto-export is way easier but
> it
> moves ALL of the routes between the VRFs. Rib-groups require a lot of
> thought and configuration, but you have the option of applying routing
> policies to the groups which allows you fine-grained control over which
> routes are shared and which are not. So, I would argue that rib-groups
> are more flexible in the long run.
>
> -joe
>
>> -----Original Message-----
>> From: juniper-nsp-bounces@puck.nether.net
>> [mailto:juniper-nsp-bounces@puck.nether.net] On Behalf Of
>> Chris Hellberg
>> Sent: Thursday, November 06, 2003 3:08 AM
>> To: MPLS Newbie; juniper-nsp@puck.nether.net
>> Subject: RE: [j-nsp] auto-export vs rib-groups
>>
>>
>> R.N.,
>>
>> Using auto-export is a lot more flexible than rib-groups both
>> from a theoretical and experience point-of-view; rib-groups
>> bring pain.
>>
>> It's also easier to explain to others how the coupling
>> between auto-export and policies work rather than try and
>> explain how rib-groups import and export routes between VRFs
>> (the configuration also changes depending on the protocol the
>> route has been learned from).
>>
>> Chris
>>
>> Just an addendum, if you've got any IPVPN policies that once
>> used a match on protocol bgp as well as a community, you'll
>> need to remove that for routes you wish to import that are
>> imported from the same node.
>>
>>
>> -----Original Message-----
>> From: MPLS Newbie [mailto:routernewbie@hotmail.com]
>> Sent: Thu 11/6/2003 6:56 PM
>> To: juniper-nsp@puck.nether.net
>> Cc:
>> Subject: [j-nsp] auto-export vs rib-groups
>> Dear List,
>>
>> Can someone comment based on operational experience or
>> router-geeking
>> experience regarding to using the knob of auto-export to
>> exchange routes
>> among vrf's vs using rib-groups to achieve the same?
>>
>> any pro's or con's?
>>
>> Much appreciated.
>>
>> Router Newbie
>>
>> _________________________________________________________________
>> MSN Shopping upgraded for the holidays! Snappier product search...
>> http://shopping.msn.com
>>
>> _______________________________________________
>> juniper-nsp mailing list juniper-nsp@puck.nether.net
>> http://puck.nether.net/mailman/listinfo/junipe> r-nsp
>>
>>
>>
>>
>>
>>
>>
>> --------------------------------------------------------------
>> ----------------
>> "This communication, including any attachments, is confidential.
>> If you are not the intended recipient, you should not read
>> it - please contact me immediately, destroy it, and do not
>> copy or use any part of this communication or disclose
>> anything about it. Thank you."
>> --------------------------------------------------------------
>> ----------------
>>
>>
>> _______________________________________________
>> juniper-nsp mailing list juniper-nsp@puck.nether.net
>> http://puck.nether.net/mailman/listinfo/junipe> r-nsp
>>
>
>
>
>
>
> -----------------------------------------------------------------------
> -------
> "This communication, including any attachments, is confidential.
> If you are not the intended recipient, you should not read
> it - please contact me immediately, destroy it, and do not
> copy or use any part of this communication or disclose
> anything about it. Thank you."
> -----------------------------------------------------------------------
> -------
>
>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp@puck.nether.net
> http://puck.nether.net/mailman/listinfo/juniper-nsp
>

Chris.Hellberg@telecom.co.nz (Chris Hellberg) writes:

> One of the reasons why I chose to say rib-groups (which I neglected to mention) were less flexible is the fact you can't import directly-connected routes between VRFs - you have to do some static-route hackery.
>

perhaps i'm not understanding what you mean but you can apply a
rib-group to direct routes...

routing-options {
interface-routes {
rib-group inet <name>;
}
}

This can be the same rib-group that you use w/ other protocols to leak
routes between instances...

Still for the overlapping VPN scenario i believe auto-export gives you
the same functionality w/ much less configuration.

The difference between the two is that rib-groups are applied to
routes received by a protocol before that route is added to the
routing-table and thus before path selection.

auto-export is applied after path selection and only "exports" the
active path.

Pedro.

I think you have to do interface-routes to get those in with rib-groups.




-----Original Message-----
From: juniper-nsp-bounces@puck.nether.net
[mailto:juniper-nsp-bounces@puck.nether.net] On Behalf Of Chris Hellberg
Sent: Thursday, November 06, 2003 11:56 AM
To: Joe Soricelli; MPLS Newbie; juniper-nsp@puck.nether.net
Subject: RE: [j-nsp] auto-export vs rib-groups

But you can put a from protocol xyz in your import or export policy to
choose the protocol types you want to appear in your VRF in combination
with the auto-export statement.

One of the reasons why I chose to say rib-groups (which I neglected to
mention) were less flexible is the fact you can't import
directly-connected routes between VRFs - you have to do some
static-route hackery.

-----Original Message-----
From: Joe Soricelli [mailto:jms@juniper.net]
Sent: Fri 11/7/2003 4:25 AM
To: Chris Hellberg; MPLS Newbie; juniper-nsp@puck.nether.net
Cc:
Subject: RE: [j-nsp] auto-export vs rib-groups
Agree with all but the 'flexible' part. Auto-export is way easier but it
moves ALL of the routes between the VRFs. Rib-groups require a lot of
thought and configuration, but you have the option of applying routing
policies to the groups which allows you fine-grained control over which
routes are shared and which are not. So, I would argue that rib-groups
are more flexible in the long run.

-joe

> -----Original Message-----
> From: juniper-nsp-bounces@puck.nether.net
> [mailto:juniper-nsp-bounces@puck.nether.net] On Behalf Of
> Chris Hellberg
> Sent: Thursday, November 06, 2003 3:08 AM
> To: MPLS Newbie; juniper-nsp@puck.nether.net
> Subject: RE: [j-nsp] auto-export vs rib-groups
>
>
> R.N.,
>
> Using auto-export is a lot more flexible than rib-groups both
> from a theoretical and experience point-of-view; rib-groups
> bring pain.
>
> It's also easier to explain to others how the coupling
> between auto-export and policies work rather than try and
> explain how rib-groups import and export routes between VRFs
> (the configuration also changes depending on the protocol the
> route has been learned from).
>
> Chris
>
> Just an addendum, if you've got any IPVPN policies that once
> used a match on protocol bgp as well as a community, you'll
> need to remove that for routes you wish to import that are
> imported from the same node.
>
>
> -----Original Message-----
> From: MPLS Newbie [mailto:routernewbie@hotmail.com]
> Sent: Thu 11/6/2003 6:56 PM
> To: juniper-nsp@puck.nether.net
> Cc:
> Subject: [j-nsp] auto-export vs rib-groups
> Dear List,
>
> Can someone comment based on operational experience or
> router-geeking
> experience regarding to using the knob of auto-export to
> exchange routes
> among vrf's vs using rib-groups to achieve the same?
>
> any pro's or con's?
>
> Much appreciated.
>
> Router Newbie
>
> _________________________________________________________________
> MSN Shopping upgraded for the holidays! Snappier product search...
> http://shopping.msn.com
>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp@puck.nether.net
> http://puck.nether.net/mailman/listinfo/junipe> r-nsp
>
>
>
>
>
>
>
> --------------------------------------------------------------
> ----------------
> "This communication, including any attachments, is confidential.
> If you are not the intended recipient, you should not read
> it - please contact me immediately, destroy it, and do not
> copy or use any part of this communication or disclose
> anything about it. Thank you."
> --------------------------------------------------------------
> ----------------
>
>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp@puck.nether.net
> http://puck.nether.net/mailman/listinfo/junipe> r-nsp
>





------------------------------------------------------------------------
------
"This communication, including any attachments, is confidential.
If you are not the intended recipient, you should not read
it - please contact me immediately, destroy it, and do not
copy or use any part of this communication or disclose
anything about it. Thank you."
------------------------------------------------------------------------
------


_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
http://puck.nether.net/mailman/listinfo/juniper-nsp

Pedro,

I should have mentioned this was done on JunOS 5.3 which would not import direct routes at the time.

Another thing I should mention that even on 5.6 which imports direct routes without a problem (just tested it), with any software revision, if you've got a common management-type VPN which you want to import a number of different VRF routes to, the rib-group for the configuration for that central VRF is awful - one big ugly rib-group line.

Regards,

Chris

> -----Original Message-----
> From: Pedro Roque Marques [mailto:roque@juniper.net]
> Sent: Friday, 7 November 2003 10:56
> To: Chris Hellberg
> Cc: Joe Soricelli; MPLS Newbie; juniper-nsp@puck.nether.net
> Subject: Re: [j-nsp] auto-export vs rib-groups
>
>
> Chris.Hellberg@telecom.co.nz (Chris Hellberg) writes:
>
> > One of the reasons why I chose to say rib-groups (which I
> neglected to mention) were less flexible is the fact you
> can't import directly-connected routes between VRFs - you
> have to do some static-route hackery.
> >
>
> perhaps i'm not understanding what you mean but you can apply a
> rib-group to direct routes...
>
> routing-options {
> interface-routes {
> rib-group inet <name>;
> }
> }
>
> This can be the same rib-group that you use w/ other protocols to leak
> routes between instances...
>
> Still for the overlapping VPN scenario i believe auto-export gives you
> the same functionality w/ much less configuration.
>
> The difference between the two is that rib-groups are applied to
> routes received by a protocol before that route is added to the
> routing-table and thus before path selection.
>
> auto-export is applied after path selection and only "exports" the
> active path.
>
> Pedro.
>
>

------------------------------------------------------------------------------
"This communication, including any attachments, is confidential.
If you are not the intended recipient, you should not read
it - please contact me immediately, destroy it, and do not
copy or use any part of this communication or disclose
anything about it. Thank you."
------------------------------------------------------------------------------