[j-nsp] PBR Cisco vs Juniper

Tue Mar 8 23:45:40 EST 2005

Hi Pedro,

I had done a similar configuration sometime back using Interface routes
and RIB-groups and it is working fine. Thanks for pointing out a
different method using a policy-statement as you had mentioned below.

However, my original requirement was to import an interface from a VRF
into the forwarding instance. This is because this interface had a
private IP address and I did not want it to show up in inet., hence
thought of putting it in a VRF.

It still does NOT work when I try to import this from the VRF. Anyone
wanna enlighten me why this is NOT allowed or where exactly I am going
wrong here? I am curious to know why not. I am using Junos 6.4.

policy-statement import-direct-from-VRF {
    term a {
        from {
            instance TEST_VRF;
            protocol direct;
            interface ds-0/1/1:0.0;
        }
        then accept;
    }
    term b {
        then reject;
    }
}

SMTP_fbf_VRF {
    description "Send traffic to ISPA router using TEST_VRF";
    instance-type forwarding;
    routing-options {
        static {
            route 0.0.0.0/0 next-hop 10.254.254.1;
        }
        instance-import import-direct-from-VRF;
    }
}

boscos at srmum1-re0# commit check 

error: [edit routing-instances SMTP_fbf_VRF routing-options
instance-import]
error: policy references a vrf instance
error: configuration check-out failed

-----Original Message-----
From: juniper-nsp-bounces at puck.nether.net
[mailto:juniper-nsp-bounces at puck.nether.net] On Behalf Of Pedro Roque
Marques
Sent: Thursday, October 21, 2004 3:13 AM
To: Edson Cardoso
Cc: juniper-nsp at puck.nether.net
Subject: Re: [j-nsp] PBR Cisco vs Juniper

Edson Cardoso writes:

> All, I'm facing some problems trying to convert the Cisco conf below 
> to Junos world...The problem is how can I change the next-hop based on

> source-address.... Here is the Cisco conf:

> interface GigabitEthernet 0/0/0
> ip policy route-map noc
>  
> access-list 51 permit 200.221.31.106
> access-list 51 permit 200.221.62.0 0.0.0.255 access-list 51 permit 
> 200.221.64.0 0.0.0.31 access-list 51 permit 200.221.136.0 0.0.3.255 
> access-list 51 permit 200.221.160.0 0.0.15.255 access-list 51 permit 
> 200.147.208.0 0.0.15.255
>  
> route-map noc permit 20
>   match ip address 51
>   set ip default next-hop 200.221.31.121

> Any help ??

start with:

interface ge-0/0/0 unit 0 family inet filter input noc

firewall filter noc {
    term a {
        from destination-prefix-list 51;
        then routing-instance noc;
    }
}

routing-instances {
   noc {
       instance-type forwarding;
       routing-options static route 0/0 next-hop 200.221.31.121 resolve;
   }
}

Now if the interface torwards the noc address doesn't really have
anything else you can add that interface to the noc instance and be done
w/ it.

Otherwise... for instance, if it is in a shared media, you are going to
have to add something like:

policy-options policy-statement import-direct-rt-to-noc {
    term a {
        from {
            instance master;
            protocol direct;
            interface <x>;
        }
        then accept;
    }
    then reject;
}

routing-instances noc routing-options {
                  instance-import import-direct-rt-to-noc; }

Or you can also do it via a rib-group that applies to interface-routes
(exercise left to the reader).

cheers,
  Pedro.
_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net
http://puck.nether.net/mailman/listinfo/juniper-nsp