[j-nsp] "low route" with BGP examples?
Thomas Mangin
thomas.mangin at exa-networks.co.uk
Tue Oct 18 17:48:14 EDT 2005
Pedro Roque Marques wrote:
>> However, I fail to see how flow are useful in that setup as we are not
>> using them in filters but to tag routes.
>
> flow routes are used for traffic filtering.
This can be done with scu, could someone give me the advantage of using
flow against something like this.
groups {
transit-interface {
interfaces {
<*> {
unit <*> {
family inet {
rpf-check {
mode loose;
}
filter {
input external-incoming-transit;
}
}
}
}
}
}
}
routing-options {
aggregate {
route 10.0.0.0/24 community 1234:1234;
}
forwarding-table {
export tag-to-scu;
unicast-reverse-path feasible-paths;
}
}
firewall {
filter external-incoming-transit {
...
term originate-deny {
from {
source-class originate;
}
then {
count deny-spoof-originate;
discard;
}
}
...
term default-allow {
then accept;
}
}
policy-options {
policy-statement tag-to-scu {
term is-orginated-here {
from community originate;
then source-class originate;
}
...
}
policy-statement originate {
term tag {
from {
protocol aggregate;
community originate;
}
then {
community delete originate;
accept;
}
}
}
community originate members 1234:1234;
}
--
Exa Networks Limited - UK - AS30740 - www.exa-networks.co.uk
nic-handle : MANG-RIPE website : thomas.mangin.me.uk
GPG key ID : 0xFB8B81A1 PGP key : /pgp.html
Inoc-DBA # : 30740*TOM Office # : +44 (0) 845 145 1234
More information about the juniper-nsp
mailing list