[j-nsp] policy based routing, rib-groups and issues...

Bill Petrisko billp at wjp.net
Wed Oct 27 10:49:18 EDT 2004


On Wed, Oct 27, 2004 at 07:22:25AM -0700, Andrew Ramsey wrote:
> 
> firewall {
>     filter servers-to-peerX {
>         term private-only {
>             then routing-instance peerX.inet.0; <======here
>         }
>         term all-other {
>             then accept;
>         }
>     }
> }
> 
> Can you change the "then routing-instance peerX.inet.0" to "then
> routing-instance peerX"

Yes, that appears to have fixed the issue.  
Thanks for the keen eye!

I have been tearing my hair out over this one, as this was
my first rib/routing-instance attempt.....

Also note that my trick you were wondering about below (or was that
someone else?)--

routing-instances {
    peerX {
        instance-type forwarding;
        routing-options {
            static {
                route 0.0.0.0/0 next-table inet.0;
            }
        }
    }
}

Does have the desired effect I was looking for.  This installs
a route in peerX.inet.0, pointing default route to inet.0.

Meaning, once no routes are matched in peerX.inet.0, it dumps
the packet back into inet for "normal" forwarding.  Neat trick
for forcing users to a subset of routes, and then back into inet.0
if none match:

root at jr3.phx3-LABROUTER> show route table peerX 

peerX.inet.0: 11 destinations, 11 routes (10 active, 0 holddown, 1 hidden)
+ = Active Route, - = Last Active, * = Both

0.0.0.0/0          *[Static/5] 00:05:11
                      to table inet.0
192.168.90.0/24     *[BGP/170] 00:05:03, MED 0, localpref 400
                      AS path: 23059 I
                    > to 192.168.91.26 via ge-7/0/0.3


thanks again for the help!

bill



More information about the juniper-nsp mailing list