Virtual Routing Instances
Understanding Virtual Routing Instances on EX Series Switches
Virtual routing instances allow administrators to divide a Juniper Networks EX Series Ethernet Switch into multiple independent virtual routers, each with its own routing table. Splitting a device into many virtual routing instances isolates traffic traveling across the network without requiring multiple devices to segment the network.
You can use virtual routing instances to isolate customer traffic on your network and to bind customer-specific instances to customer-owned interfaces.
Virtual routing and forwarding (VRF) is often used in conjunction with Layer 3 subinterfaces, allowing traffic on a single physical interface to be differentiated and associated with multiple virtual routers. Each logical Layer 3 subinterface can belong to only one routing instance.
EX Series switches support IPv4 and IPv6 unicast and multicast VRF traffic. See Feature Explorer for details on VRF support by switch per Junos OS release.
See Also
Configuring Virtual Routing Instances on EX Series Switches
Use virtual routing and forwarding (VRF) to divide an EX Series switch into multiple virtual routing instances. VRF allows you to isolate traffic traversing the network without using multiple devices to segment your network. VRF is supported on all Layer 3 interfaces.
Before you begin, make sure to set up your VLANs. See Configuring VLANs for EX Series Switches, Configuring VLANs for EX Series Switches with ELS Support (CLI Procedure), or Configuring VLANs for EX Series Switches (J-Web Procedure).
To configure virtual routing instances:
Example: Using Virtual Routing Instances to Route Among VLANs on EX Series Switches
Virtual routing instances allow each EX Series switch to have multiple routing tables on a device. With virtual routing instances, you can segment your network to isolate traffic without setting up additional devices.
This example describes how to create virtual routing instances:
Requirements
This example uses the following hardware and software components:
One EX Series switch
Junos OS Release 9.2 or later for EX Series switches
Before you create the virtual routing instances, make sure you have:
Configured the necessary VLANs. See Configuring VLANs for EX Series Switches, Configuring VLANs for EX Series Switches with ELS Support (CLI Procedure), or Configuring VLANs for EX Series Switches (J-Web Procedure).
Overview and Topology
In a large office, you may need multiple VLANs to properly manage your traffic. This configuration example shows a simple topology wherein a LAN is segmented into two VLANs, each of which is associated with an interface and a virtual routing instance, on the EX Series switch. This example also shows how to use policy statements to import routes from one of the virtual routing instances to the other.
Configuration
CLI Quick Configuration
To quickly create and configure virtual routing instances, copy the following commands and paste them into the switch terminal window:
[edit] set interfaces ge-0/0/3 vlan-tagging set interfaces ge-0/0/3 unit 0 vlan-id 1030 family inet address 10.1.1.1/24 set interfaces ge-0/0/3 unit 1 vlan-id 1031 family inet address 10.1.1.1/24 set interfaces ge-0/0/1 unit 0 family inet address 10.11.1.1/24 set interfaces ge-0/0/2 unit 0 family inet address 10.12.1.1/24 set routing-instances r1 instance-type virtual-router set routing-instances r1 interface ge-0/0/1.0 set routing-instances r1 interface ge-0/0/3.0 set routing-instances r1 routing-options instance-import import-from-r2 set routing-instances r2 instance-type virtual-router set routing-instances r2 interface ge-0/0/2.0 set routing-instances r2 interface ge-0/0/3.1 set routing-instances r2 routing-options instance-import import-from-r1 set policy-options policy-statement import-from-r1 term 1 from instance r1 set policy-options policy-statement import-from-r1 term 1 then accept set policy-options policy-statement import-from-r2 term 1 from instance r2 set policy-options policy-statement import-from-r2 term 1 then accept
Procedure
Step-by-Step Procedure
To configure virtual routing instances:
Create a VLAN-tagged interface:
[edit]user@switch# set interfaces ge-0/0/3 vlan-tagging
Create one or more subinterfaces on the interfaces to be included in each routing instance:
[edit]user@switch# set interfaces ge-0/0/3 unit 0 vlan-id 1030 family inet address 10.1.1.1/24 user@switch# set interfaces ge-0/0/3 unit 1 vlan-id 1031 family inet address 10.1.1.1/24 user@switch# set interfaces ge-0/0/1 unit 0 family inet address 10.11.1.1/24 user@switch# set interfaces ge-0/0/2 unit 0 family inet address 10.12.1.1/24
Create two virtual routing instances:
[edit]user@switch# set routing-instances r1 instance-type virtual-router user@switch# set routing-instances r2 instance-type virtual-router
Set the interfaces for the virtual routing instances:
[edit]user@switch# set routing-instances r1 interface ge-0/0/1.0 user@switch# set routing-instances r1 interface ge-0/0/3.0 user@switch# set routing-instances r2 interface ge-0/0/2.0 user@switch# set routing-instances r2 interface ge-0/0/3.1
Apply a policy to routes being imported into each of the virtual routing instances:
[edit]user@switch# set routing-instances r1 routing-options instance-import import-from-r2 user@switch# set routing-instances r2 routing-options instance-import import-from-r1
Create a policy that imports routes from routing instances r1 to r2 and another policy that imports routes from routing instances r2 to r1:
[edit]user@switch# set policy-options policy-statement import-from-r1 term 1 from instance r1 user@switch# set policy-options policy-statement import-from-r1 term 1 then accept user@switch# set policy-options policy-statement import-from-r2 term 1 from instance r2 user@switch# set policy-options policy-statement import-from-r2 term 1 then accept
Results
Check the results of the configuration:
user@switch> show configuration
interfaces {
ge-0/0/1 {
unit 0 {
family inet {
address 10.11.1.1/24;
}
}
}
ge-0/0/2 {
unit 0 {
family inet {
address 10.12.1.1/24;
}
}
}
ge-1/0/3 {
vlan-tagging;
unit 0 {
vlan-id 1030;
family inet {
address 10.1.1.1/24;
}
}
unit 1 {
vlan-id 1031;
family inet {
address 10.1.1.1/24;
}
}
}
}
policy-options {
policy-statement import-from-r1 {
term 1 {
from instance r1;
then accept;
}
}
policy-statement import-from-r2 {
term 1 {
from instance r2;
then accept;
}
}
}
routing-instances {
r1 {
instance-type virtual-router;
interface ge-0/0/1.0;
interface ge-0/0/3.0;
routing-options {
instance-import import-from-r2;
}
}
r2 {
instance-type virtual-router;
interface ge-0/0/2.0;
interface ge-0/0/3.1;
routing-options {
instance-import import-from-r1;
}
}
}
}
}Verification
To confirm that the configuration is working properly, perform these tasks:
Verifying That the Routing Instances Were Created
Purpose
Verify that the virtual routing instances were properly created on the switch.
Action
Use the show route
instance command:
user@switch> show route instance
Instance Type
Primary RIB Active/holddown/hidden
master forwarding
inet.0 6/0/0
iso.0 1/0/0
inet6.0 2/0/0
...
r1 virtual-router
r1.inet.0 7/0/0
r2 virtual-router
r2.inet.0 7/0/0
Meaning
Each routing instance created is displayed, along with its type, information about whether it is active or not, and its primary routing table.
Verifying That Virtual Routing Instances Are Working on EX Series Switches
Purpose
After creating a virtual routing instance, make sure it is set up properly.
Action
Use the
show route instancecommand to list all of the routing instances and their properties:user@switch> show route instance Instance Type Primary RIB Active/holddown/hidden master forwarding inet.0 3/0/0 __juniper_private1__ forwarding __juniper_private1__.inet.0 1/0/3 __juniper_private2__ forwarding instance1 forwarding r1 virtual-router r1.inet.0 1/0/0 r2 virtual-router r2.inet.0 1/0/0Use the
show route forwarding-tablecommand to view the forwarding table information for each routing instance:user@switch> show route forwarding-table Routing table: r1.inet Internet: Destination Type RtRef Next hop Type Index NhRef Netif default perm 0 rjct 539 2 0.0.0.0/32 perm 0 dscd 537 1 10.1.1.0/24 ifdn 0 rslv 579 1 ge-0/0/3.0 10.1.1.0/32 iddn 0 10.1.1.0 recv 577 1 ge-0/0/3.0 10.1.1.1/32 user 0 rjct 539 2 10.1.1.1/32 intf 0 10.1.1.1 locl 578 2 10.1.1.1/32 iddn 0 10.1.1.1 locl 578 2 10.1.1.255/32 iddn 0 10.1.1.255 bcst 576 1 ge-0/0/3.0 233.252.0.1/32 perm 0 233.252.0.1 mcst 534 1 255.255.255.255/32 perm 0 bcst 535 1
Meaning
The output confirms that the virtual routing instances are created and the links are up and displays the routing table information.