RtoDto.net
Network/Security/Programming

Configuring virtual router

rtoodtoo junos March 6, 2013

srx_virtual_router

I just want to talk about briefly how you can configure a simple virtual router in Junos. For this I have drawn a physical and a logical view of my simple topology. In physical view, you can see that there is only one SRX but logically there are actually one virtual router connected from interface ge-0/0/2 to ge-0/0/3. There are different ways of connecting a virtual router to the physical one but I have chosen to use the physical interfaces to inter connect. These two interfaces can be connected over a switch or back to back.

[edit]
root@host# show routing-instances
custA {
    instance-type virtual-router;
    interface ge-0/0/2.0;
}

As it can be seen in the config, I have configured a virtual router instance named “custA” and assigned ge-0/0/2.0 interface to this VR but we must configure the interface under the main interfaces configuration stanza.

ge-0/0/2 {
    unit 0 {
        description custA-VR;
        family inet {
            address 172.29.1.2/24;
        }
    }
}
ge-0/0/3 {
    unit 0 {
        family inet {
            address 172.29.1.1/24;
        }
    }
}

If you look at this config, it may surprise you first if you don’t know that one of the interfaces belongs to a VR. It is because both of them are in the same subnet which you shouldn’t have under normal circumstances but it allows us connectivity when you have a VR. Now we can ping from custA virtual router to the physical router.

root@host> ping 172.29.1.1 routing-instance custA count 3 
PING 172.29.1.1 (172.29.1.1): 56 data bytes
64 bytes from 172.29.1.1: icmp_seq=0 ttl=64 time=1.952 ms
64 bytes from 172.29.1.1: icmp_seq=1 ttl=64 time=2.293 ms
64 bytes from 172.29.1.1: icmp_seq=2 ttl=64 time=2.274 ms

--- 172.29.1.1 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max/stddev = 1.952/2.173/2.293/0.156 ms

As you can see we can ping from routing instance (virtual router) to our physical box. Actually my real custA config in my lab is a bit different, I just stripped down some details for the sake of simplicity. My real config is below which also establishes a BGP peering between the two boxes. I hope this helps for those who are new to virtual router concept in Junos.


[edit]
root@host# show routing-instances
custA {
    instance-type virtual-router;
    interface ge-0/0/2.0;
    interface lo0.1;
    routing-options {
        static {
            route 0.0.0.0/0 next-hop 172.29.1.1;
        }
        router-id 10.2.2.1;
        autonomous-system 8501;
    }
    protocols {
        bgp {
            group ext_8500 {
                export all-nets;
                peer-as 8500;
                neighbor 172.29.1.1;
            }
        }
    }
}

PS: In my setup, SRX is in packet mode so there is no need to have any security policy.

About: rtoodtoo

Worked for more than 10 years as a Network/Support Engineer and also interested in Python, Linux, Security and SD-WAN // JNCIE-SEC #223 / RHCE / PCNSE

You have a feedback?

Discover more from RtoDto.net

Subscribe now to keep reading and get access to the full archive.

Continue reading