Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

Generating Next-Generation MVPN VRF Import and Export Policies Overview

In Junos OS, the policy module is responsible for VPN routing and forwarding (VRF) route import and export decisions. You can configure these policies explicitly, or Junos OS can generate them internally for you to reduce user-configured statements and simplify configuration. Junos OS generates all necessary policies for supporting next-generation multicast virtual private network (MVPN) import and export decisions. Some of these policies affect normal VPN unicast routes.

The system gives a name to each internal policy it creates. The name of an internal policy starts and ends with a “__” notation. Also the keyword internal is added at the end of each internal policy name. You can display these internal policies using the show policy command.

Policies That Support Unicast BGP-MPLS VPN Services

A Juniper Networks provider edge (PE) router requires a vrf-import and a vrf-export policy to control unicast VPN route import and export decisions for a VRF. You can configure these policies explicitly at the [edit routing-instances routing-instance-name vrf-import import_policy_name] and [edit routing-instances routing-instance-name vrf-export export_policy_name] hierarchy level. Alternately, you can configure only the route target for the VRF at the [edit routing-instances routing-instance-name vrf-target] hierarchy level, and Junos OS then generates these policies automatically for you. Routers referenced in this topic are shown in Understanding Next-Generation MVPN Network Topology.

The following list identifies the automatically generated policy names and where they are applied:

Policy: vrf-import

Naming convention: __vrf-import-<routing-instance-name>-internal__

Applied to: VPN-IPv4 routes in the bgp.l3vpn.0 table

Policy: vrf-export

Naming convention: __vrf-export-<routing-instance-name>-internal__

Applied to: Local VPN routes in the <routing-instance-name>.inet.0 table

Use the show policy __vrf-import-vpna-internal__ command to verify that Router PE1 has created the following vrf-import and vrf-export policies based on a vrf-target of target:10:1. In this example, we see that the vrf-import policy is constructed to accept a route if the route target of the route matches target:10:1. Similarly, a route is exported with a route target of target:10:1.

The values in this example are as follows:

  • Internal import policy name: __vrf-import-vpna-internal__

  • Internal export policy name: __vrf-export-vpna-internal__

  • RT community used in both import and export policies: __vrf-community-vpna-common-internal__

  • RT value: target:10:1

Policies That Support Next-Generation MVPN Services

When you configure the mvpn statement at the [edit routing-instances routing-instance-name protocols] hierarchy level, Junos OS automatically creates three new internal policies: one for export, one for import, and one for handling Type 4 routes. Routers referenced in this topic are shown in Understanding Next-Generation MVPN Network Topology.

The following list identifies the automatically generated policy names and where they are applied:

Policy 1: This policy is used to attach rt-import and src-as extended communities to VPN-IPv4 routes.

Policy name: __vrf-mvpn-export-inet-<routing-instance-name>-internal__

Applied to: All routes in the <routing-instance-name>inet.0 table

Use the show policy __vrf-mvpn-export-inet-vpna-internal__ command to verify that the following export policy is created on Router PE1. Router PE1 adds rt-import:10.1.1.1:64 and src-as:65000:0 communities to unicast VPN routes through this policy.

The values in this example are as follows:

  • Policy name: __vrf-mvpn-export-inet-vpna-internal__

  • rt-import community name: __vrf-mvpn-community-rt_import-vpna-internal__

  • rt-import community value: rt-import:10.1.1.1:64

  • src-as community name: __vrf-mvpn-community-src_as-vpna-internal__

  • src-as community value: src-as:65000:0

Policy 2: This policy is used to import C-Mmulticast routes from the bgp.mvpn.0 table to the <routing-instance-name>.mvpn.0 table.

Policy name: __vrf-mvpn-import-cmcast-<routing-instance-name>-internal__

Applied to: C-multicast (MVPN) routes in the bgp.mvpn.0 table

Use the show policy __vrf-mvpn-import-cmcast-vpna-internal__ command to verify that the following import policy is created on Router PE1. The policy accepts those C-multicast MVPN routes carrying a route target of target:10.1.1.1:64 and installs them in the vpna.mvpn.0 table.

The values in this example are as follows:

  • Policy name: __vrf-mvpn-import-cmcast-vpna-internal__

  • C-multicast import RT community: __vrf-mvpn-community-rt_import-target-vpna-internal__

  • Community value: target:10.1.1.1:64

Policy 3: This policy is used for importing Type 4 routes and is created by default even if a selective provider tunnel is not configured. The policy affects only Type 4 routes received from receiver PE routers.

Policy name: __vrf-mvpn-import-cmcast-leafAD-global-internal__

Applied to: Type 4 routes in the bgp.mvpn.0 table

Use the show policy __vrf-mvpn-import-cmcast-leafAD-global-internal__ command to verify that the following import policy is created on Router PE1.

Related Documentation