[j-nsp] Interface policy route-map/next-hop
Neil Stirling
neil.stirling at nortelnetworks.com
Tue Apr 1 11:26:26 EST 2003
>From the notes;
If the packet has a source address of 10.0.0.0/24, then destination-based
forwarding occurs using the next-hop1-table.
If the packet has a source address of 10.0.1.0/24, then destination-based
forwarding occurs using the next-hop2-table.
If a packet does not match either of these conditions, then the packet is
accepted by the filter, and
then destination-based forwarding occurs using the standard inet.0 routing
table.
Try this;
interfaces {
fe-0/0/0 {
unit 0 {
family inet {
filter {
input next-hop; /* all data is matched on input HERE */
}
address 10.0.0.1/24 { /* preferred IP address */
preferred;
}
address 10.0.1.1/24; /* logical secondary */
}
}
}
}
routing-options {
interface-routes {
rib-group inet nh-group;
}
rib-groups {
nh-group {
import-rib [inet.0 next-hop1-table.inet.0
next-hop2-table.inet.0];
}
}
}
firewall {
family inet {
filter next-hop {
term one {
from {
source-address {
10.0.0.0/24;
}
}
then routing-instance next-hop1-table; /* selected routes
for SA 10.0.0.0/24 */
}
term two {
from {
source-address {
10.0.1.0/24;
}
}
then routing-instance next-hop2-table; /* selected routes
for SA 10.0.1.0/24 */
}
term default {
then {
accept; /* need this otherwise we will drop all other
routes !!*/
}
}
}
}
}
routing-instances {
next-hop1-table {
instance-type forwarding;
routing-options {
static {
route 0.0.0.0/0 nexthop 192.168.0.1; /*
static default route */
}
}
}
next-hop2-table {
instance-type forwarding;
routing-options {
static {
route 0.0.0.0/0 nexthop 192.168.1.1; /*
static default route */
}
}
}
}
------------------
It seems there has been a slight syntax change since the document
http://www.juniper.net/solutions/literature/white_papers/552003.pdf was
written (05/01).
routing-instances now have routing-options for static rather than directly
configured routes - quite logical.
Neil.
-----Original Message-----
From: Link King [mailto:king at kinger.net]
Sent: 31 March 2003 18:48
To: juniper-nsp at puck.nether.net
Subject: [j-nsp] Interface policy route-map/next-hop
Hi folks.
I'm in the process of converting Cisco configurations to Juniper and am
trying to setup a policy statement to set next-hop addresses on a physical
interface. Setup on Cisco as follows:
interface FastEthernet0/0
ip address 10.0.0.1 255.255.255.0
ip address 10.0.1.1 255.255.255.0 secondary
ip route-cache policy
ip policy route-map next-hop
!
access-list 10 permit 10.0.0.0 0.0.0.255
access-list 10 deny any
access-list 20 permit 10.0.1.0 0.0.0.255
access-list 20 deny any
!
route-map next-hop permit 10
match ip address 10
set ip next-hop 192.168.0.1
!
route-map next-hop permit 20
match ip address 20
set ip next-hop 192.168.1.1
I'm struggling with how to set this up on a Juniper M5 (running 5.6R1.3 if
that matters). Any help would be greatly appreciated. Thanks!
Link King
king at kinger.net
_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net
http://puck.nether.net/mailman/listinfo/juniper-nsp
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://puck.nether.net/pipermail/juniper-nsp/attachments/20030401/f7862c2f/attachment.htm
More information about the juniper-nsp
mailing list