[j-nsp] policy based routing, rib-groups and issues...

Bill Petrisko billp at wjp.net
Tue Oct 26 15:16:23 EDT 2004 

On Tue, Oct 26, 2004 at 05:16:59AM -0700, Andrew Ramsey wrote:
> 1.  Put a counter on the filter "servers-to-peerX" to check for packets
> coming in.

Added term to count at the top of the policy, and all packets from 
the interface ge7/0/1.1 appear to be counted, no matter what the
destination.

Added line to count in the same term (private-only) before sending
to routing instance peerX.inet.0.  These packets get counted as 
well.

> 2.  Put a filter and counter on the interface to "peerX" (in/out) to
> check for packets leaving/into the router

Packets from the server never reach the peer interface.

Packets directly pinged from the router itself do reach the .26
peer interface.  (Using default inet.0 routing table.)

> The static route "route 0.0.0.0/0 next-table inet.0" looks like it's
> defeating the purpose of what you're trying to achieve.  You should
> remove it - I don't think it's causing you a problem though since you
> have this:
> 
> 192.168.90.0/24     *[BGP/170] 00:15:03, MED 0, localpref 400
>                       AS path: 23059 I
>                     > to 192.168.91.26 via ge-7/0/0.3

Removing the static route 0.0.0.0/0 has no effect on the issue.
I will leave it removed for now.

> I think it looks like you're in good shape in the "server" to "peerX"
> direction.  What about the other way?  Is there a route for the "server"
> in peerX.inet.0?

Yep, "server" is one half of a /30 that is an interface route,
all interface routes are imported into peerX.inet.0 (as shown
by a 'show route table peerX'.)

The odd part is that it seems that the router itself has no idea
how to route using this rib.  Even a manual traceroute or ping
using 'routing-instance' to use the direct rib do not work:

root at jr3.phx3-LABROUTER> ping 192.168.91.26 source 192.168.91.25 routing-instance peerX
--- 192.168.91.26 ping statistics ---
8 packets transmitted, 0 packets received, 100% packet loss

(And firewall filter counter does not increase either.)

Is is almost like everything directed to this rib goes into a
black hole....

Possibly juniper bug?  We are on an old release of code (5.6R2.4)
on this lab router.

Thanks for the help
bill

More information about the juniper-nsp mailing list