[j-nsp] Per next-hop or MAC
accounting/firewall/policeronsameinterface
Jiri Sane
jiri.sane at kolumbus.fi
Fri Sep 2 01:53:27 EDT 2005
Harshit,
The rib-group is configured, yes, and the forwarding works fine when I apply
something like this to my wan input direction. I just cant get it to work
with scu.
term foofoo {
from {
source-address 12.12.12.12/32;
}
then {
log;
count foo;
routing-instance foo-forward;
}
Thanks,
--
Jiri
> Did you try configuring a rib-group as described in step #3 of
> this link:
>
> http://www.juniper.net/techpubs/software/junos/junos73/swconfig73-routin
> g/html/instance-config18.html
>
> Harshit
>> Rafal,
>>
>> I have been trying to do something very similar myself, but instead of
>> applying a policy to class-matched traffic, I need to forward it to
>> particular host (10.0.10.1). I've had no luck with setting
>> firewall rule
>> like this to output direction of my "lan-interface" (like in
>> Kevin's setup)
>>
>> term foo {
>> from {
>> source-class bar-source;
>> }
>> then {
>> log;
>> count foo;
>> routing-instance foo-forward;
>> }
>>
>> along with
>>
>> routing-instances {
>> foo-forward {
>> instance-type forwarding;
>> routing-options {
>> static {
>> route 0.0.0.0/0 next-hop 10.0.10.1;
>> }
>> }
>>
>> Without "then routing-instance" I can see that all correct traffic is
>> matched but when "then routing-instance" is applied, logging stops and
>> foo-count goes crazy (hundreds of megs in seconds on a box with like
>> 10Mbit/s traffic) I would quess this to-be-forwarded traffic
>> loops between
>> output firewall filter and routing-instance?
>> Any suggestions of how this shoud/could be achieved?
>>
>> Thanks,
>>
>> --
>> Jiri
More information about the juniper-nsp
mailing list