[j-nsp] PBR Cisco vs Juniper

Edson Cardoso ecardoso at qos.com.br
Thu Oct 21 11:29:16 EDT 2004


Tnks all for help .. :)

-----Original Message-----
From: Pedro Roque Marques [mailto:roque at juniper.net] 
Sent: Wednesday, October 20, 2004 18:43
To: Edson Cardoso
Cc: juniper-nsp at puck.nether.net
Subject: Re: [j-nsp] PBR Cisco vs Juniper


Edson Cardoso writes:

> All, I'm facing some problems trying to convert the Cisco conf below
> to Junos world...The problem is how can I change the next-hop based
> on source-address.... Here is the Cisco conf:

> interface GigabitEthernet 0/0/0
> ip policy route-map noc
>  
> access-list 51 permit 200.221.31.106
> access-list 51 permit 200.221.62.0 0.0.0.255
> access-list 51 permit 200.221.64.0 0.0.0.31
> access-list 51 permit 200.221.136.0 0.0.3.255
> access-list 51 permit 200.221.160.0 0.0.15.255
> access-list 51 permit 200.147.208.0 0.0.15.255
>  
> route-map noc permit 20
>   match ip address 51
>   set ip default next-hop 200.221.31.121

> Any help ??

start with:

interface ge-0/0/0 unit 0 family inet filter input noc

firewall filter noc {
    term a {
        from destination-prefix-list 51;
        then routing-instance noc;
    }
}

routing-instances {
   noc {
       instance-type forwarding;
       routing-options static route 0/0 next-hop 200.221.31.121 resolve;
   }
}

Now if the interface torwards the noc address doesn't really have
anything else you can add that interface to the noc instance and be
done w/ it.

Otherwise... for instance, if it is in a shared media, you are going
to have to add something like:

policy-options policy-statement import-direct-rt-to-noc {
    term a {
        from {
            instance master;
            protocol direct;
            interface <x>;
        }
        then accept;
    }
    then reject;
}

routing-instances noc routing-options {
                  instance-import import-direct-rt-to-noc;
}

Or you can also do it via a rib-group that applies to interface-routes
(exercise left to the reader).

cheers,
  Pedro.



More information about the juniper-nsp mailing list