JunOS 5.0R2.4 and Filter Based Forwarding (FBF) with M5

From: Kimmo Liikonen (kimmo-juniper-nsp@sneezy.phnet.fi)
Date: Thu Oct 25 2001 - 13:37:52 EDT

Hi All,

I am testing a Juniper M5 router and trying to get filter based forwarding
to work properly. The problem are interface routes, they aren't exported to
forwarding tables and traffic to interface addresses is going via default-
route. If I remove "filter input policy" from fe-0/2/3 interface then traffic
to interface addresses works fine.

Interface routes are exported to routing tables:

kimmo@test-core1> show route summary
Router ID: XXX.XXX.XXX.XXX

inet.0: 14 destinations, 14 routes (13 active, 0 holddown, 1 hidden)
              Direct: 7 routes, 6 active
               Local: 6 routes, 6 active
              Static: 1 routes, 1 active

test1-routing-table.inet.0: 14 destinations, 14 routes (13 active, 0
holddown, 1 hidden)
              Direct: 7 routes, 6 active
               Local: 6 routes, 6 active
              Static: 1 routes, 1 active

test2-routing-table.inet.0: 14 destinations, 14 routes (13 active, 0
holddown, 1 hidden)
              Direct: 7 routes, 6 active
               Local: 6 routes, 6 active
              Static: 1 routes, 1 active

But not to every forwarding table:

kimmo@test-core1> show route forwarding-table summary
Internet:
         user: 1 routes
         perm: 4 routes
         intf: 13 routes
         dest: 27 routes

Routing table:: test1-routing-table.inet
Internet:
         user: 1 routes
         perm: 4 routes

Routing table:: test2-routing-table.inet
Internet:
         user: 1 routes
         perm: 4 routes

Routing table:: inet6
Internet6:
         perm: 1 routes

Routing table:: ccc
MPLS:

According to the JunOS 5.0 documentation, configs should be right:

interfaces {
    fe-0/2/3 {
        unit 0 {
            family inet {
                no-redirects;
                filter {
                    input policy;
                }
                address 172.21.1.1/24;
                address 10.0.1.1/24;
            }
        }
    }
}

routing-options {
    interface-routes {
        rib-group inet common;
    }
    rib-groups {
        common {
            import-rib [ inet.0 test1-routing-table.inet.0
                test2-routing-table.inet.0 ];
        }
    }
}
 
firewall {
    filter policy {
        term 1 {
            from {
                source-address {
                    172.21.1.1/24;
                }
            }
            then {
                routing-instance test1-routing-table;
            }
        term 2 {
            from {
                source-address {
                   10.0.1.1/24;
                }
            }
            then {
                routing-instance test2-routing-table;
            }
        term default {
            then accept;
        }
    }
}
  
routing-instances {
    test1-routing-table {
        instance-type forwarding;
        routing-options {
            static {
                route 0.0.0.0/0 next-hop 172.21.0.1;
            }
        }
    }
    test2-routing-table {
        instance-type forwarding;
        routing-options {
            static {
                route 0.0.0.0/0 next-hop 10.0.0.1;
            }
        }
    }
}
 
Any hints are welcome, thanks.

Kimmo Liikonen / PHNet Internet Services

This archive was generated by hypermail 2b29 : Mon Aug 05 2002 - 10:42:37 EDT