device manager should program route target import/export rules as needed
| Affects | Status | Importance | Assigned to | Milestone | ||
|---|---|---|---|---|---|---|
| Juniper Openstack | Status tracked in Trunk | |||||
| Trunk |
Fix Committed
|
High
|
Sachin Bansal | |||
Bug Description
Here's what we need to do in order to import/export routes between VRFs.
I added the static routes and lo0.* local/direct routes for testing. As shown
further below, they get leaked to the other instance.
The auto-export statement can be added unconditionally for every instance.
It doesn't hurt even if there's nothing to export/import to/from other instances.
The not so nice part is that the configuration is based on import and export
targets, not based on connection between the RIs. IOW, the import policies
for the VRFs need to explicitly include targets for other instances to which
we have a connection.
-Nischal
root@a5-mx80-1# show routing-instances
nsheth-test1 {
instance-type vrf;
interface lo0.101;
vrf-import nsheth-
vrf-export nsheth-
vrf-
routing-options {
static {
route 192.168.100.0/24 discard;
}
auto-export {
family inet {
}
}
}
}
nsheth-test2 {
instance-type vrf;
interface lo0.102;
vrf-import nsheth-
vrf-export nsheth-
vrf-
routing-options {
static {
route 192.168.200.0/24 discard;
}
auto-export {
family inet {
}
}
}
}
root@a5-mx80-1# show policy-options
policy-statement nsheth-test1-export {
term t1 {
then {
accept;
}
}
}
policy-statement nsheth-test1-import {
term t1 {
from community [ comm1 comm2 ];
then accept;
}
then reject;
}
policy-statement nsheth-test2-export {
term t1 {
then {
accept;
}
}
}
policy-statement nsheth-test2-import {
term t1 {
from community [ comm2 comm1 ];
then accept;
}
then reject;
}
community comm1 members target:64512:1;
community comm2 members target:64512:2;
[edit]
root@a5-mx80-1# run show route table nsheth-test
nsheth-
+ = Active Route, - = Last Active, * = Both
192.168.1.0/24 *[Direct/0] 01:01:05
192.168.1.250/32 *[Local/0] 01:01:05
192.168.2.0/24 *[Direct/0] 00:15:12
192.168.2.250/32 *[Local/0] 00:15:12
192.168.100.0/24 *[Static/5] 00:19:08
192.168.200.0/24 *[Static/5] 00:15:12
nsheth-
+ = Active Route, - = Last Active, * = Both
192.168.1.0/24 *[Direct/0] 00:15:12
192.168.1.250/32 *[Local/0] 00:15:12
192.168.2.0/24 *[Direct/0] 01:01:05
192.168.2.250/32 *[Local/0] 01:01:05
192.168.100.0/24 *[Static/5] 00:15:12
192.168.200.0/24 *[Static/5] 00:19:08
[edit]
root@a5-mx80-1# show routing-instances | display set
set routing-instances nsheth-test1 instance-type vrf
set routing-instances nsheth-test1 interface lo0.101
set routing-instances nsheth-test1 vrf-import nsheth-test1-import
set routing-instances nsheth-test1 vrf-export nsheth-test1-export
set routing-instances nsheth-test1 vrf-table-label
set routing-instances nsheth-test1 routing-options static route 192.168.100.0/24 discard
set routing-instances nsheth-test1 routing-options auto-export family inet unicast
set routing-instances nsheth-test2 instance-type vrf
set routing-instances nsheth-test2 interface lo0.102
set routing-instances nsheth-test2 vrf-import nsheth-test2-import
set routing-instances nsheth-test2 vrf-export nsheth-test2-export
set routing-instances nsheth-test2 vrf-table-label
set routing-instances nsheth-test2 routing-options static route 192.168.200.0/24 discard
set routing-instances nsheth-test2 routing-options auto-export family inet unicast
[edit]
root@a5-mx80-1# show policy-options | display set
set policy-options policy-statement nsheth-test1-export term t1 then community add comm1
set policy-options policy-statement nsheth-test1-export term t1 then accept
set policy-options policy-statement nsheth-test1-import term t1 from community comm1
set policy-options policy-statement nsheth-test1-import term t1 from community comm2
set policy-options policy-statement nsheth-test1-import term t1 then accept
set policy-options policy-statement nsheth-test1-import then reject
set policy-options policy-statement nsheth-test2-export term t1 then community add comm2
set policy-options policy-statement nsheth-test2-export term t1 then accept
set policy-options policy-statement nsheth-test2-import term t1 from community comm2
set policy-options policy-statement nsheth-test2-import term t1 from community comm1
set policy-options policy-statement nsheth-test2-import term t1 then accept
set policy-options policy-statement nsheth-test2-import then reject
set policy-options community comm1 members target:64512:1
set policy-options community comm2 members target:64512:2
| Changed in juniperopenstack: | |
| status: | New → In Progress |
| OpenContrail Admin (ci-admin-f) wrote A change has been merged | #1 |
| Changed in juniperopenstack: | |
| status: | In Progress → Fix Committed |
| Changed in juniperopenstack: | |
| importance: | Undecided → High |
| milestone: | none → r2.20-fcs |
| information type: | Proprietary → Public |
Reviewed: https:/
Committed: http://
Submitter: Zuul
Branch: master
commit f91ef00226392cd
Author: Sachin Bansal <email address hidden>
Date: Tue Nov 25 17:28:20 2014 -0800
Program network policies on MX
Program contrail network policies on MX by creating import/export policy rules on MX.
We create an import and an export rule for each VRF being programmed on MX. We add the corresponding route targets to the appropriate policy statements. We also derive import/export route targets from routing instance connections.
Added unit test case for this.
Change-Id: I308e534a9a9533
Closes-Bug: 1395943