[j-nsp] PBR Cisco vs Juniper
Bosco.Sachanandani at orange.co.in
Bosco.Sachanandani at orange.co.in
Tue Mar 8 23:45:40 EST 2005
Hi Pedro,
I had done a similar configuration sometime back using Interface routes
and RIB-groups and it is working fine. Thanks for pointing out a
different method using a policy-statement as you had mentioned below.
However, my original requirement was to import an interface from a VRF
into the forwarding instance. This is because this interface had a
private IP address and I did not want it to show up in inet., hence
thought of putting it in a VRF.
It still does NOT work when I try to import this from the VRF. Anyone
wanna enlighten me why this is NOT allowed or where exactly I am going
wrong here? I am curious to know why not. I am using Junos 6.4.
policy-statement import-direct-from-VRF {
term a {
from {
instance TEST_VRF;
protocol direct;
interface ds-0/1/1:0.0;
}
then accept;
}
term b {
then reject;
}
}
SMTP_fbf_VRF {
description "Send traffic to ISPA router using TEST_VRF";
instance-type forwarding;
routing-options {
static {
route 0.0.0.0/0 next-hop 10.254.254.1;
}
instance-import import-direct-from-VRF;
}
}
boscos at srmum1-re0# commit check
error: [edit routing-instances SMTP_fbf_VRF routing-options
instance-import]
error: policy references a vrf instance
error: configuration check-out failed
-----Original Message-----
From: juniper-nsp-bounces at puck.nether.net
[mailto:juniper-nsp-bounces at puck.nether.net] On Behalf Of Pedro Roque
Marques
Sent: Thursday, October 21, 2004 3:13 AM
To: Edson Cardoso
Cc: juniper-nsp at puck.nether.net
Subject: Re: [j-nsp] PBR Cisco vs Juniper
Edson Cardoso writes:
> All, I'm facing some problems trying to convert the Cisco conf below
> to Junos world...The problem is how can I change the next-hop based on
> source-address.... Here is the Cisco conf:
> interface GigabitEthernet 0/0/0
> ip policy route-map noc
>
> access-list 51 permit 200.221.31.106
> access-list 51 permit 200.221.62.0 0.0.0.255 access-list 51 permit
> 200.221.64.0 0.0.0.31 access-list 51 permit 200.221.136.0 0.0.3.255
> access-list 51 permit 200.221.160.0 0.0.15.255 access-list 51 permit
> 200.147.208.0 0.0.15.255
>
> route-map noc permit 20
> match ip address 51
> set ip default next-hop 200.221.31.121
> Any help ??
start with:
interface ge-0/0/0 unit 0 family inet filter input noc
firewall filter noc {
term a {
from destination-prefix-list 51;
then routing-instance noc;
}
}
routing-instances {
noc {
instance-type forwarding;
routing-options static route 0/0 next-hop 200.221.31.121 resolve;
}
}
Now if the interface torwards the noc address doesn't really have
anything else you can add that interface to the noc instance and be done
w/ it.
Otherwise... for instance, if it is in a shared media, you are going to
have to add something like:
policy-options policy-statement import-direct-rt-to-noc {
term a {
from {
instance master;
protocol direct;
interface <x>;
}
then accept;
}
then reject;
}
routing-instances noc routing-options {
instance-import import-direct-rt-to-noc; }
Or you can also do it via a rib-group that applies to interface-routes
(exercise left to the reader).
cheers,
Pedro.
_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net
http://puck.nether.net/mailman/listinfo/juniper-nsp
More information about the juniper-nsp
mailing list