[[nsp] Filter based forwarding]

joshua sahala joshua.ej.smith at usa.net
Tue Nov 4 15:18:09 EST 2003 

look at policy based routing

white paper - 
http://www.cisco.com/warp/public/cc/techno/protocol/tech/plicy_wp.htm

config - http://snurl.com/2u63 (snipped for clarity)

/joshua

Blaz Zupan <blaz at inlimbo.org> wrote:

> Does IOS offer something like filter based forwarding in JunOS? With JunOS
you
> can use filter based forwarding to classify packets based on source or
> destination IP address, TCP/UDP port or other packet header properties and
use
> an alternative routing instance (VRF in Cisco speak) to route those packets.
I
> am aware of the IOS feature called "MPLS VPN - VRF Selection based on
Source
> IP Address" which is available in 12.2(18)S, but I need to select packets
> based not only on source IP address, but also on IP protocol and
destination
> port.
> 
> With JunOS we plan to use this feature to shut off worm infected or
otherwise
> abused customer boxes (cable or ADSL). Instead of simply nullrouting them
and
> then trying to reach them on the phone, we will filter all their traffic
> except for traffic to TCP port 80, which we redirect to a special MPLS Layer
3
> VPN. This VPN's default route points to a FreeBSD box that does some magic
to
> display an informational page to customers (explanation why their internet
> connection is not working) and offers them help (instructions, virus
> protection software download, ad-aware, etc.).
> 
> Some of our POPs use Cisco equipment and we'd like to implement the same
> solution there as well. I know I could probably do this using WCCP, but
this
> would require some additional software and configuration on the FreeBSD box
> which I would like to avoid as I'd like to keep it as simple as possible.
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
> 



"Walk with me through the Universe,
 And along the way see how all of us are Connected.
 Feast the eyes of your Soul,
 On the Love that abounds.
 In all places at once, seemingly endless,
 Like your own existence."
     - Stephen Hawking -

More information about the cisco-nsp mailing list