Discussion:
[j-nsp] FBF - set next-hop?
Luca Salvatore
2012-12-17 00:05:18 UTC
Permalink
Hi Guys,

I need to do some filter based forwarding on a MX10. It's pretty simple, all I want to do is grab traffic from one subnet and send somewhere else.
The issue is that on this MX I only have the default routing instance configured, and it seems the only options I have for FBF is to send traffic to another routing instance.

So is it possible for me to somehow send traffic from one subnet, to a next hop address in the same routing instance?

Thanks
Luca.
Ben Dale
2012-12-17 00:12:54 UTC
Permalink
Hi Luca,
Post by Luca Salvatore
So is it possible for me to somehow send traffic from one subnet, to a next hop address in the same routing instance?
Yes - FBF uses a routing-instance of type forwarding-instance to perform next-hop look-up - think of it not as a VR, merely an alternative routing table to consult. The resolved next-hop interface can still be part of your default routing-instance.

Cheers,

Ben
Luca Salvatore
2012-12-17 00:23:57 UTC
Permalink
Oh right, so I create a new routing-instance type forwarding, then add my relevant interfaces into that, and the interfaces can still exist in the global instance?


Luca


-----Original Message-----
From: Ben Dale [mailto:bdale at comlinx.com.au]
Sent: Monday, 17 December 2012 11:13 AM
To: Luca Salvatore
Cc: juniper-nsp at puck.nether.net
Subject: Re: [j-nsp] FBF - set next-hop?

Hi Luca,
Post by Luca Salvatore
So is it possible for me to somehow send traffic from one subnet, to a next hop address in the same routing instance?
Yes - FBF uses a routing-instance of type forwarding-instance to perform next-hop look-up - think of it not as a VR, merely an alternative routing table to consult. The resolved next-hop interface can still be part of your default routing-instance.

Cheers,

Ben
Ben Dale
2012-12-17 00:44:45 UTC
Permalink
Post by Luca Salvatore
Oh right, so I create a new routing-instance type forwarding, then add my relevant interfaces into that, and the interfaces can still exist in the global instance?
Not quite - you can't define the same interface twice in two different instances, so you use rib-groups to import interface routes into the forwarding-instance.

You configure any static routes etc. under the forwarding-instance in the normal way.

There is a guide below for the SRX which should give you a good start:

http://kb.juniper.net/InfoCenter/index?page=content&id=KB17223

Just ignore the security bits for M/MX.
Post by Luca Salvatore
Luca
-----Original Message-----
From: Ben Dale [mailto:bdale at comlinx.com.au]
Sent: Monday, 17 December 2012 11:13 AM
To: Luca Salvatore
Cc: juniper-nsp at puck.nether.net
Subject: Re: [j-nsp] FBF - set next-hop?
Hi Luca,
Post by Luca Salvatore
So is it possible for me to somehow send traffic from one subnet, to a next hop address in the same routing instance?
Yes - FBF uses a routing-instance of type forwarding-instance to perform next-hop look-up - think of it not as a VR, merely an alternative routing table to consult. The resolved next-hop interface can still be part of your default routing-instance.
Cheers,
Ben
Alex Arseniev
2012-12-17 12:06:52 UTC
Permalink
There are 2 ways to do what You are asking for:
Classic FBF, works in every JUNOS release and across most platforms
http://www.juniper.net/techpubs/en_US/junos/topics/example/firewall-filter-option-filter-based-forwarding-example.html
New-way FBF (resembling CSCO PBR), supported from JUNOS 12.2 on MX with Trio
cards only
https://www.juniper.net/techpubs/en_US/junos12.2/information-products/topic-collections/release-notes/12.2/topic-66800.html#jd0e6825
http://www.juniper.net/techpubs/en_US/junos12.2/topics/topic-map/filter-based-forwarding-policy-based-routing.html
HTH
Thanks
Alex

----- Original Message -----
From: "Luca Salvatore" <Luca at ninefold.com>
To: <juniper-nsp at puck.nether.net>
Sent: Monday, December 17, 2012 12:05 AM
Subject: [j-nsp] FBF - set next-hop?
Post by Luca Salvatore
Hi Guys,
I need to do some filter based forwarding on a MX10. It's pretty simple,
all I want to do is grab traffic from one subnet and send somewhere else.
The issue is that on this MX I only have the default routing instance
configured, and it seems the only options I have for FBF is to send
traffic to another routing instance.
So is it possible for me to somehow send traffic from one subnet, to a
next hop address in the same routing instance?
Thanks
Luca.
_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
Loading...