[j-nsp] Per next-hop or MAC
accounting/firewall/policeronsameinterface
Harshit Kumar
harshit at juniper.net
Thu Sep 1 18:56:00 EDT 2005
Did you try configuring a rib-group as described in step #3 of
this link:
http://www.juniper.net/techpubs/software/junos/junos73/swconfig73-routin
g/html/instance-config18.html
Harshit
> Rafal,
>
> I have been trying to do something very similar myself, but instead of
> applying a policy to class-matched traffic, I need to forward it to
> particular host (10.0.10.1). I've had no luck with setting
> firewall rule
> like this to output direction of my "lan-interface" (like in
> Kevin's setup)
>
> term foo {
> from {
> source-class bar-source;
> }
> then {
> log;
> count foo;
> routing-instance foo-forward;
> }
>
> along with
>
> routing-instances {
> foo-forward {
> instance-type forwarding;
> routing-options {
> static {
> route 0.0.0.0/0 next-hop 10.0.10.1;
> }
> }
>
> Without "then routing-instance" I can see that all correct traffic is
> matched but when "then routing-instance" is applied, logging stops and
> foo-count goes crazy (hundreds of megs in seconds on a box with like
> 10Mbit/s traffic) I would quess this to-be-forwarded traffic
> loops between
> output firewall filter and routing-instance?
> Any suggestions of how this shoud/could be achieved?
>
> Thanks,
>
> --
> Jiri
>
>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> http://puck.nether.net/mailman/listinfo/juniper-nsp
>
More information about the juniper-nsp
mailing list