Junos Basics – Routing Instances
Here’s one that I use every day at work. We have multiple customers coming into the same router, and, as luck would have it, they all use 192.168.1.0/24 (OK…not really but it might happen). That means we have to separate them into their own routing instance, or virtual router, so pass traffic to their firewall. Think VRF lite on a Cisco router. Let’s conflagrate.
First, we configure the instance as a virtual-router.
set routing-instances CUST1 instance-type virtual-router
There are a handful of instance types, and, to tell the truth, I’ve never cared to really look into them all. Let’s use the good ol’ “beyond the scope of this document” excuse on that one so I look a little more prepared.
In practice, the virtual-router type creates a new routing table to isolate traffic on the same router. It’s pretty worthless to just create it and not do anything with it, so let’s take some of our interfaces and shove them into the new routing instance.
set routing-instances CUST1 interface ge-0/0/0.100 set routing-instances CUST1 interface ge-0/0/0.150 set routing-instances CUST1 interface vlan.200
Not hard. So, let’s add some static routes and some OSPF config to make it even more functional. With the base routing table, you just configure those under routing-options and protocols. It’s the same here, but you just shove that config under the routing instance tree. Something like this.
set routing-instances CUST1 routing-options static route 192.168.0.0/16 \ next-hop 10.1.100.1 set routing-instances CUST1 protocols ospf export REDIST-INTO-OSPF set routing-instances CUST1 protocols ospf area 0.0.0.0 interface ge-0/0/0.100 set routing-instances CUST1 protocols ospf area 0.0.0.0 interface vlan.200 set routing-instances CUST1 protocols ospf area 0.0.0.150 interface ge-0/0/0.150
Now we have a new routing instance with 3 interfaces in it along with a static routes and OSPF. Great. Let’s see what the routing table looks like now. A show route does that job.
inet.0: 6 destinations, 6 routes (3 active, 0 holddown, 3 hidden) + = Active Route, - = Last Active, * = Both ...SNIP... CUST1.inet.0: 15 destinations, 16 routes (16 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both 192.168.1.0/24 *[OSPF/150] 1w5d 14:49:47, metric 0, tag 0 > to 10.1.100.1 via ge-0/0/0.100 ...SNIP...
Now the CUST1 table shows up. Looks like we already have an OSPF route, too. That turned out better than I thought.
With routing instances, you’ll have to look at adding instance or routing-instance to your show commands to limit output to just a single instance. For example, show ospf neighbor instance X and show interfaces terse routing-instance X. Contextual help for the win!
NOTE: I’m going to leave it at that, but you may have to add more to this config to make it work. For example, on the SRX platform in flow-based processing mode (the default), you’ll have to create security zones for each interface along with appropriate policies and host-inbound-traffic. This is twice in one post that I’m claiming this is beyond the scope of this document. 🙂
Send any Halloween candy questions to me.
- Generating Network Diagrams from Netbox with Pynetbox - August 23, 2023
- Out-of-band Management – Useful Beyond Catastrophe - July 13, 2023
- Overlay Management - July 12, 2023
Why not “instance-type vrf”? I understand you may not be using it for VPN type instances. But, you probably are more familiar than I am with Junos. Any downside to just doing VRF to begin with? Just in case, later on you decide to do VPN type services?
Thanks
I have no idea, Yandy. 🙂 The logic makes perfect sense to me, but I’ll never use VPN stuff, so I’ve never cared to try.
So a virtual router and a routing-instance are the same! And why is this so easy but reading the Junos kb is like reading a bad translation of ancient Greek?
So, as you allude, your example COULD be like a vrf or vrf lite. nice. Anything else on this? Thanks.
the designation virtual-router is a type of routing instance (there are 8 types available; not on all systems). Each type designed to fill a specific need. The instance type virtual-router would be the equivalent of the vrf lite. The instance type vrf is specifically designed for VPN using BGP, instance type forwarding more specifically designed for filter based forwarding and so forth
Great post ! Keep up the good work
https://www.juniper.net/techpubs/en_US/junos13.3/topics/concept/routing-instances-overview.html for an overview of types of routing instances.
Hey, this was a great explanation and summary of routing-instances. I couldn’t quite figure out what the deal was with routing instances, and now (at least in principle), I do. Thanks for taking the time to compose and post this – it helped a lot.