[nsp] Filter based forwarding

Blaz Zupan blaz at inlimbo.org
Tue Nov 4 14:13:02 EST 2003


Does IOS offer something like filter based forwarding in JunOS? With JunOS you
can use filter based forwarding to classify packets based on source or
destination IP address, TCP/UDP port or other packet header properties and use
an alternative routing instance (VRF in Cisco speak) to route those packets. I
am aware of the IOS feature called "MPLS VPN - VRF Selection based on Source
IP Address" which is available in 12.2(18)S, but I need to select packets
based not only on source IP address, but also on IP protocol and destination
port.

With JunOS we plan to use this feature to shut off worm infected or otherwise
abused customer boxes (cable or ADSL). Instead of simply nullrouting them and
then trying to reach them on the phone, we will filter all their traffic
except for traffic to TCP port 80, which we redirect to a special MPLS Layer 3
VPN. This VPN's default route points to a FreeBSD box that does some magic to
display an informational page to customers (explanation why their internet
connection is not working) and offers them help (instructions, virus
protection software download, ad-aware, etc.).

Some of our POPs use Cisco equipment and we'd like to implement the same
solution there as well. I know I could probably do this using WCCP, but this
would require some additional software and configuration on the FreeBSD box
which I would like to avoid as I'd like to keep it as simple as possible.


More information about the cisco-nsp mailing list