-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi Kimmo,
- From a brief check, your config looks OK. I've certainly had FBF
running successfully on an M5 in our lab. It looks to me like you're
not actually using 5.0R2.4 (inet6??? ;-). I had some issues with
interface groups which were fixed in 5.0R2.4 (not in 5.0R1) but you
don't appear to be using them.
Regards,
Guy
> -----Original Message-----
> From: Kimmo Liikonen [mailto:kimmo-juniper-nsp@sneezy.phnet.fi]
> Sent: Thursday, October 25, 2001 6:38 PM
> To: juniper-nsp@puck.nether.net
> Subject: JunOS 5.0R2.4 and Filter Based Forwarding (FBF) with M5
>
>
> Hi All,
>
> I am testing a Juniper M5 router and trying to get filter
> based forwarding
> to work properly. The problem are interface routes, they
> aren't exported to
> forwarding tables and traffic to interface addresses is going
> via default-
> route. If I remove "filter input policy" from fe-0/2/3
> interface then traffic
> to interface addresses works fine.
>
> Interface routes are exported to routing tables:
>
> kimmo@test-core1> show route summary
> Router ID: XXX.XXX.XXX.XXX
>
> inet.0: 14 destinations, 14 routes (13 active, 0 holddown, 1
> hidden)
> Direct: 7 routes, 6 active
> Local: 6 routes, 6 active
> Static: 1 routes, 1 active
>
> test1-routing-table.inet.0: 14 destinations, 14 routes (13 active,
> 0 holddown, 1 hidden)
> Direct: 7 routes, 6 active
> Local: 6 routes, 6 active
> Static: 1 routes, 1 active
>
> test2-routing-table.inet.0: 14 destinations, 14 routes (13 active,
> 0 holddown, 1 hidden)
> Direct: 7 routes, 6 active
> Local: 6 routes, 6 active
> Static: 1 routes, 1 active
>
> But not to every forwarding table:
>
> kimmo@test-core1> show route forwarding-table summary
> Internet:
> user: 1 routes
> perm: 4 routes
> intf: 13 routes
> dest: 27 routes
>
> Routing table:: test1-routing-table.inet
> Internet:
> user: 1 routes
> perm: 4 routes
>
> Routing table:: test2-routing-table.inet
> Internet:
> user: 1 routes
> perm: 4 routes
>
> Routing table:: inet6
> Internet6:
> perm: 1 routes
>
> Routing table:: ccc
> MPLS:
>
> According to the JunOS 5.0 documentation, configs should be right:
>
> interfaces {
> fe-0/2/3 {
> unit 0 {
> family inet {
> no-redirects;
> filter {
> input policy;
> }
> address 172.21.1.1/24;
> address 10.0.1.1/24;
> }
> }
> }
> }
>
> routing-options {
> interface-routes {
> rib-group inet common;
> }
> rib-groups {
> common {
> import-rib [ inet.0 test1-routing-table.inet.0
> test2-routing-table.inet.0 ];
> }
> }
> }
>
> firewall {
> filter policy {
> term 1 {
> from {
> source-address {
> 172.21.1.1/24;
> }
> }
> then {
> routing-instance test1-routing-table;
> }
> term 2 {
> from {
> source-address {
> 10.0.1.1/24;
> }
> }
> then {
> routing-instance test2-routing-table;
> }
> term default {
> then accept;
> }
> }
> }
>
> routing-instances {
> test1-routing-table {
> instance-type forwarding;
> routing-options {
> static {
> route 0.0.0.0/0 next-hop 172.21.0.1;
> }
> }
> }
> test2-routing-table {
> instance-type forwarding;
> routing-options {
> static {
> route 0.0.0.0/0 next-hop 10.0.0.1;
> }
> }
> }
> }
>
> Any hints are welcome, thanks.
>
> Kimmo Liikonen / PHNet Internet Services
>
-----BEGIN PGP SIGNATURE-----
Version: PGP 7.0.1
iQA/AwUBO9kbRY3dwu/Ss2PCEQLzMQCfZfH3PU+jDb5DJNARH3EmMQyDy2EAoL3q
tExgk18ixnG3TRS6P5gxO6BV
=4tg2
-----END PGP SIGNATURE-----
--------------------------------------------------------
Don't miss the 28th Telindus International Symposium on
Thursday, 25 October 2001, Brussels Expo, Belgium.
Check out the programme and register now for free:
http://www.telindussymposium.com
--------------------------------------------------------
This archive was generated by hypermail 2b29 : Mon Aug 05 2002 - 10:42:37 EDT