Junos Basics – Routing Instances

Here’s one that I use every day at work. We have multiple customers coming into the same router, and, as luck would have it, they all use 192.168.1.0/24 (OK…not really but it might happen). That means we have to separate them into their own routing instance, or virtual router, so pass traffic to their firewall.  Think VRF lite on a Cisco router.  Let’s conflagrate.

First, we configure the instance as a virtual-router.

There are a handful of instance types, and, to tell the truth, I’ve never cared to really look into them all.  Let’s use the good ol’ “beyond the scope of this document” excuse on that one so I look a little more prepared.

In practice, the virtual-router type creates a new routing table to isolate traffic on the same router.  It’s pretty worthless to just create it and not do anything with it, so let’s take some of our interfaces and shove them into the new routing instance.

Not hard.  So, let’s add some static routes and some OSPF config to make it even more functional.  With the base routing table, you just configure those under routing-options and protocols.  It’s the same here, but you just shove that config under the routing instance tree.  Something like this.

Now we have a new routing instance with 3 interfaces in it along with a static routes and OSPF.  Great.  Let’s see what the routing table looks like now. A show route does that job.

Now the CUST1 table shows up.  Looks like we already have an OSPF route, too.  That turned out better than I thought.

With routing instances, you’ll have to look at adding instance or routing-instance to your show commands to limit output to just a single instance.  For example, show ospf neighbor instance X and show interfaces terse routing-instance X.  Contextual help for the win!

NOTE:  I’m going to leave it at that, but you may have to add more to this config to make it work.  For example, on the SRX platform in flow-based processing mode (the default), you’ll have to create security zones for each interface along with appropriate policies and host-inbound-traffic.  This is twice in one post that I’m claiming this is beyond the scope of this document.  🙂

Send any Halloween candy questions to me.

Aaron Conaway

I shake my head around sometimes and see what falls out. That's what lands on these pages.

More Posts

Follow Me:
Twitter

6 comments for “Junos Basics – Routing Instances

  1. October 31, 2012 at 8:37 pm

    Why not “instance-type vrf”? I understand you may not be using it for VPN type instances. But, you probably are more familiar than I am with Junos. Any downside to just doing VRF to begin with? Just in case, later on you decide to do VPN type services?

    Thanks

  2. October 31, 2012 at 8:46 pm

    I have no idea, Yandy. 🙂 The logic makes perfect sense to me, but I’ll never use VPN stuff, so I’ve never cared to try.

  3. Ryan
    August 5, 2014 at 7:28 pm

    So a virtual router and a routing-instance are the same! And why is this so easy but reading the Junos kb is like reading a bad translation of ancient Greek?

    So, as you allude, your example COULD be like a vrf or vrf lite. nice. Anything else on this? Thanks.

  4. keith
    August 14, 2014 at 5:04 am

    the designation virtual-router is a type of routing instance (there are 8 types available; not on all systems). Each type designed to fill a specific need. The instance type virtual-router would be the equivalent of the vrf lite. The instance type vrf is specifically designed for VPN using BGP, instance type forwarding more specifically designed for filter based forwarding and so forth

  5. samson
    August 14, 2014 at 7:30 am

    Great post ! Keep up the good work

  6. ddv
    January 12, 2017 at 1:38 am

Leave a Reply

Your email address will not be published. Required fields are marked *