Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

Configure VRF Route Leaking for Session Smart Routers

Virtual Routing and Forwarding (VRF) instances enable you to configure multiple routing instances for a single router. For a Session Smart Router deployed as a WAN Edge, you can configure VRF Route Leaking (propagation), which is the intentional sharing of route information across VRF instances. You may want to use VRF Route Leaking so that traffic can be shared or balanced across VRF instances, or maybe you want to share a default route to the internet that can be adopted by each VRF.

Configure VRF Route Leaking on the Session Smart Router

  1. From the left menu of the Juniper Mist portal, select Organization > WAN Edge Templates and select the WAN Edge Template for the Session Smart Router hub device.
  2. Configure your LAN segments if you have not already done so.

  3. From the Custom VR tile, select the Add Custom VR (virtual router) button.
  4. Give your VR a Name, then, in the Networks field, select the appropriate LAN segment.

  5. Click Add at the bottom of the window.
  6. Continue adding Custom VRs for any other LAN segments you wish to propogate routes to.
  7. Repeat the above steps on the Spoke side.

    Note that the above steps are all it takes to configure VRF route propagation across VRF instances.

Configure a Routing Policy to Propagate Routes from the Default Instance

If you want to propagate routes from the default instance to other instances, you must create a Routing Policy and then set that policy as the import policy on the BGP peer. Typically, this policy is associated with a hub (in a hub-to-spoke use case).

  1. Navigate to the ROUTING POLICIES tile.
  2. Select Add Routing Policy.
  3. In the Routing Policy window, enter the appropriate information for route redistribution.

    • Name — Enter the name of the policy.

    • Select Add Terms from the righthand side of the window and enter the policy conditions.

      • Prefix — This is the route that you want to propagate to other instances from the default instance. For example, 0.0.0.0/0 will redistribute the default route only, while 0.0.0.0/0-32 will redistribute all routes.

      • Protocol — select None.

        Then — Select Accept. This is the action to apply when the condition is fulfilled.

      • Add Action — Select Add Target VRs to enable route propagation based on the target VR. Select the Custom VR you created earlier, or select multiple target VRs separated by a comma.

      • Select the checkbox at the top righthand corner of the Add Terms section of the window.

      • Click Add at the bottom of the window to save the routing policy.
  4. Navigate to the BGP tile and select the BGP neighbor (peer) that you want to assign the routing policy you just created to.
  5. In the Edit BGP Group window, scroll down for the Import field, then select the routing policy you just created. This assigns the import policy to the BGP peer. When routes are received from the peer, they will be leaked to the target VRFs defined in the policy.
  6. Click Save.

    At this point, the routes will be propagated so that all other sites in the VRFs learn them. Note that the export policy can be configured here in the BGP Group configuration or can be configured separately.

Configure an Application Policy to Steer Traffic

In order to steer traffic from the VRF tenant toward the selected gateway (to create the forwarding plane), you must create an Application Policy. This policy allows the traffic to flow from the VRF toward the next hop of the leaked route.

  1. Navigate to the WAN Edge Template of the hub device.
  2. From the APPLICATION POLICIES tile, select Add Application Policy.
  3. In the Application/Destination field, add the destination application matching the prefix you entered in the routing policy previously. For example, if the default route was leaked to the VRF, then the application assigned should include the 0.0.0.0/0 prefix for steering.

    Note:

    The spoke may also need an application policy configured to allow traffic to flow toward the leaked targets.

    For more information on how to configure application policies for the Session Smart Router, see Configure Application Policies on Session Smart Routers.