[[nsp] Filter based forwarding]
joshua.ej.smith at usa.net
Tue Nov 4 15:18:09 EST 2003
look at policy based routing
white paper -
config - http://snurl.com/2u63 (snipped for clarity)
Blaz Zupan <blaz at inlimbo.org> wrote:
> Does IOS offer something like filter based forwarding in JunOS? With JunOS
> can use filter based forwarding to classify packets based on source or
> destination IP address, TCP/UDP port or other packet header properties and
> an alternative routing instance (VRF in Cisco speak) to route those packets.
> am aware of the IOS feature called "MPLS VPN - VRF Selection based on
> IP Address" which is available in 12.2(18)S, but I need to select packets
> based not only on source IP address, but also on IP protocol and
> With JunOS we plan to use this feature to shut off worm infected or
> abused customer boxes (cable or ADSL). Instead of simply nullrouting them
> then trying to reach them on the phone, we will filter all their traffic
> except for traffic to TCP port 80, which we redirect to a special MPLS Layer
> VPN. This VPN's default route points to a FreeBSD box that does some magic
> display an informational page to customers (explanation why their internet
> connection is not working) and offers them help (instructions, virus
> protection software download, ad-aware, etc.).
> Some of our POPs use Cisco equipment and we'd like to implement the same
> solution there as well. I know I could probably do this using WCCP, but
> would require some additional software and configuration on the FreeBSD box
> which I would like to avoid as I'd like to keep it as simple as possible.
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> archive at http://puck.nether.net/pipermail/cisco-nsp/
"Walk with me through the Universe,
And along the way see how all of us are Connected.
Feast the eyes of your Soul,
On the Love that abounds.
In all places at once, seemingly endless,
Like your own existence."
- Stephen Hawking -
More information about the cisco-nsp