Supported Platforms
Example: Using Virtual Routing Instances to Route Among VLANs on EX Series Switches
Virtual routing instances enable an EX Series switch to have multiple routing tables. With virtual routing instances, you can segment your network to isolate traffic without setting up additional devices.
In a large office, you might need multiple VLANs to properly manage your traffic. This example describes how to create a virtual routing instance associated with each VLAN for this large office:
Requirements
This example uses the following hardware and software components:
- One EX Series switch
- Junos OS Release 9.2 or later for EX Series switches
Before you create the virtual routing instances, make sure you have:
- Configured the necessary VLANs. See Configuring VLANs for EX Series Switches (CLI Procedure), Configuring VLANs for EX Series Switches (CLI Procedure), or Configuring VLANs for EX Series Switches (J-Web Procedure).
Overview and Topology
This configuration example shows a simple large office topology wherein a LAN is segmented into two VLANs, each of which is associated with an interface and a virtual routing instance.
For example, VLAN 1031 is associated with interface ge-0/0/3.1 and virtual routing instance r1. VLAN 1032 is associated with interface ge-0/0/3.2 and virtual routing instance r2.
This example also includes interfaces ge-0/0/1.0 and ge-0/0/2.0. Although these interfaces are not part of either VLAN, interface ge-0/0/1.0 is associated with virtual routing instance r1. while interface ge-0/0/2.0 is associated with virtual routing instance r2.
This example also shows how to use policy statements to import routes from virtual routing instance r1 to r2 and from virtual routing instance r2 to r1.
 | Note: On EX Series switches, importing directly connected routes from one virtual routing instance to another is not supported. (A directly connected route is a route that is created by specifying an IP address on one of the switch interfaces or for a VLAN.) For more information, including a workaround for this situation, see KB23027 - Exchanging (leaking) directly connected routes across routing instances is not supported. |
Configuration
CLI Quick Configuration
To quickly create and configure virtual routing instances, copy the following commands and paste them into the switch terminal window:
[edit] set interfaces ge-0/0/3 vlan-tagging set interfaces ge-0/0/3 unit 1 vlan-id 1031
family inet address 10.3.1.1/24 set interfaces ge-0/0/3 unit 2 vlan-id 1032
family inet address 10.4.1.1/24 set interfaces ge-0/0/1 unit 0 family inet address
10.1.1.1/24set interfaces ge-0/0/2 unit 0 family inet address
10.2.1.1/24set routing-instances r1 instance-type virtual-routerset routing-instances r1 interface ge-0/0/1.0set routing-instances r1 interface ge-0/0/3.1set routing-instances r1 routing-options instance-import
import-from-r2set routing-instances r2 instance-type virtual-routerset routing-instances r2 interface ge-0/0/2.0set routing-instances r2 interface ge-0/0/3.2set routing-instances r2 routing-options instance-import
import-from-r1set policy-options policy-statement import-from-r1
term 1 from instance r1 set policy-options policy-statement import-from-r1
term 1 then acceptset policy-options policy-statement import-from-r2
term 1 from instance r2set policy-options policy-statement import-from-r2
term 1 then accept Step-by-Step Procedure
To configure virtual routing instances:
- Create a VLAN-tagged interface:
[edit]user@switch# set interfaces ge-0/0/3 vlan-tagging - Create one or more logical interfaces on the interfaces
to be included in each virtual routing instance:
[edit]user@switch# set interfaces ge-0/0/3 unit 1 vlan-id 1031 family inet address 10.3.1.1/24user@switch# set interfaces ge-0/0/3 unit 2 vlan-id 1032 family inet address 10.4.1.1/24user@switch# set interfaces ge-0/0/1 unit 0 family inet address 10.1.1.1/24user@switch# set interfaces ge-0/0/2 unit 0 family inet address 10.2.1.1/24 - Create two virtual routing instances:
[edit]user@switch# set routing-instances r1 instance-type virtual-routeruser@switch# set routing-instances r2 instance-type virtual-router - Set the interfaces for the virtual routing instances:
[edit]user@switch# set routing-instances r1 interface ge-0/0/1.0user@switch# set routing-instances r1 interface ge-0/0/3.1user@switch# set routing-instances r2 interface ge-0/0/2.0user@switch# set routing-instances r2 interface ge-0/0/3.2 - Apply a policy to routes being imported into each of the
virtual routing instances:
[edit]user@switch# set routing-instances r1 routing-options instance-import import-from-r2user@switch# set routing-instances r2 routing-options instance-import import-from-r1 - Create a policy for importing routes from virtual routing
instance r1 to r2 and another policy for importing routes from virtual
routing instance r2 to r1:
[edit]user@switch# set policy-options policy-statement import-from-r1 term 1 from instance r1user@switch# set policy-options policy-statement import-from-r1 term 1 then acceptuser@switch# set policy-options policy-statement import-from-r2 term 1 from instance r2user@switch# set policy-options policy-statement import-from-r2 term 1 then accept
Results
Check the results of the configuration:
user@switch> show configuration interfaces {
ge-0/0/1 {
unit 0 {
family inet {
address 10.1.1.1/24;
}
}
}
ge-0/0/2 {
unit 0 {
family inet {
address 10.2.1.1/24;
}
}
}
ge-1/0/3 {
vlan-tagging;
unit 1 {
vlan-id 1031;
family inet {
address 10.3.1.1/24;
}
}
unit 2 {
vlan-id 1032;
family inet {
address 10.4.1.1/24;
}
}
}
}
policy-options {
policy-statement import-from-r1 {
term 1 {
from instance r1;
then accept;
}
}
policy-statement import-from-r2 {
term 1 {
from instance r2;
then accept;
}
}
}
routing-instances {
r1 {
instance-type virtual-router;
interface ge-0/0/1.0;
interface ge-0/0/3.1;
routing-options {
instance-import import-from-r2;
}
}
r2 {
instance-type virtual-router;
interface ge-0/0/2.0;
interface ge-0/0/3.2;
routing-options {
instance-import import-from-r1;
}
}
}
}
}Verification
To confirm that the configuration is working properly, perform these tasks:
Verifying That the Routing Instances Were Created
Purpose
Verify that the virtual routing instances were properly created on the switch.
Action
Use the show route instance command:
user@switch> show route instanceInstance Type
Primary RIB Active/holddown/hidden
master forwarding
inet.0 6/0/0
iso.0 1/0/0
inet6.0 2/0/0
...
r1 virtual-router
r1.inet.0 7/0/0
r2 virtual-router
r2.inet.0 7/0/0
Meaning
Each routing instance created is displayed, along with its type, information about whether it is active or not, and its primary routing table.
