Junos Basics – Routing Instances

Here’s one that I use every day at work. We have multiple customers coming into the same router, and, as luck would have it, they all use 192.168.1.0/24 (OK…not really but it might happen). That means we have to separate them into their own routing instance, or virtual router, so pass traffic to their firewall.  Think VRF lite on a Cisco router.  Let’s conflagrate.

First, we configure the instance as a virtual-router.

There are a handful of instance types, and, to tell the truth, I’ve never cared to really look into them all.  Let’s use the good ol’ “beyond the scope of this document” excuse on that one so I look a little more prepared.

In practice, the virtual-router type creates a new routing table to isolate traffic on the same router.  It’s pretty worthless to just create it and not do anything with it, so let’s take some of our interfaces and shove them into the new routing instance.

Not hard.  So, let’s add some static routes and some OSPF config to make it even more functional.  With the base routing table, you just configure those under routing-options and protocols.  It’s the same here, but you just shove that config under the routing instance tree.  Something like this.

Now we have a new routing instance with 3 interfaces in it along with a static routes and OSPF.  Great.  Let’s see what the routing table looks like now. A show route does that job.

Now the CUST1 table shows up.  Looks like we already have an OSPF route, too.  That turned out better than I thought.

With routing instances, you’ll have to look at adding instance or routing-instance to your show commands to limit output to just a single instance.  For example, show ospf neighbor instance X and show interfaces terse routing-instance X.  Contextual help for the win!

NOTE:  I’m going to leave it at that, but you may have to add more to this config to make it work.  For example, on the SRX platform in flow-based processing mode (the default), you’ll have to create security zones for each interface along with appropriate policies and host-inbound-traffic.  This is twice in one post that I’m claiming this is beyond the scope of this document.  :)

Send any Halloween candy questions to me.

Aaron Conaway

I like to lean my head to the left, hit it with the palm of my right hand, and document what knowledge falls out.

More Posts - Website

5 comments for “Junos Basics – Routing Instances

  1. October 31, 2012 at 20:37

    Why not “instance-type vrf”? I understand you may not be using it for VPN type instances. But, you probably are more familiar than I am with Junos. Any downside to just doing VRF to begin with? Just in case, later on you decide to do VPN type services?

    Thanks

  2. October 31, 2012 at 20:46

    I have no idea, Yandy. :) The logic makes perfect sense to me, but I’ll never use VPN stuff, so I’ve never cared to try.

  3. Ryan
    August 5, 2014 at 19:28

    So a virtual router and a routing-instance are the same! And why is this so easy but reading the Junos kb is like reading a bad translation of ancient Greek?

    So, as you allude, your example COULD be like a vrf or vrf lite. nice. Anything else on this? Thanks.

  4. keith
    August 14, 2014 at 05:04

    the designation virtual-router is a type of routing instance (there are 8 types available; not on all systems). Each type designed to fill a specific need. The instance type virtual-router would be the equivalent of the vrf lite. The instance type vrf is specifically designed for VPN using BGP, instance type forwarding more specifically designed for filter based forwarding and so forth

  5. samson
    August 14, 2014 at 07:30

    Great post ! Keep up the good work

Leave a Reply

Your email address will not be published. Required fields are marked *