[j-nsp] JunOS QPPB

Rafal Szarecki (WA/EPO) rafal.szarecki at ericsson.com
Wed Jan 4 05:48:15 EST 2006


There is no possiblility to make 2 IP/MPLS lookups during single visit of given packet on IPII ASIC. 
- MAC adress lookup is done on PIC (except VPLS instance)
- If MPLS label is 0 or 3, then MPLS header is stripped by I/O manager on input. Then IP II will see MPLS payload (IP to lookup)
- if vrf-table-label is configured then  MPLS header is stripped by I/O manager on input. Then IP II will see MPLS payload (IP to lookup in VRF context). 
- if vt- lt- interfaces (vitrual tunnel, logical tunnel) are used, first lookup is dome for MPLS, MPLS Header is stripped, and packet is frowarder to vt/lt interface. So pacekt is going to Service PIC and commes back to IP II ASIC without MPLS header. hen IP II will see MPLS payload (IP to lookup in VRF context).

With other tunnels then MPLS the story is similar.

Rafał Szarecki JNCIE

skype me <callto://Rafal_Szarecki/> 



> -----Original Message-----
> From: juniper-nsp-bounces at puck.nether.net 
> [mailto:juniper-nsp-bounces at puck.nether.net] On Behalf Of 
> Elian Scrosoppi
> Sent: Wednesday, January 04, 2006 4:06 AM
> To: Dave McGaugh
> Cc: juniper-nsp at puck.nether.net
> Subject: RE: [j-nsp] JunOS QPPB
> 
> Dave,
> 
> In order to force a routing-lookup before applying the 
> firewall filter, i have test the following configuration but 
> results were unsuccesful:
> 
> (I'm ommiting some parts of the configuration because its too 
> long, but all is working)
> 
> --
> escrosoppi at ..> show configuration firewall filter CUSTOMER-IN term 1 {
>     then routing-instance A;
> }
> 
> 
> escrosoppi at ..> show configuration routing-instances A 
> instance-type vrf;
>     static {
>         route 0.0.0.0/0 next-table B.inet.0;
>     }
>     resolution;
> }
> 
> 
> escrosoppi at ..> show configuration routing-instances B 
> instance-type vrf;
>     static {
>         route 0.0.0.0/0 next-table inet.0;
>     }
>     forwarding-options {
>        family inet {
>           filter {
>                input CUSTOMER-IN2;
>         }
>     }
>   }
> }
> 
> escrosoppi at ..> show configuration firewall filter 
> CUSTOMER-IN2 term 1 {
>     from {
>         destination-class NAP-OUTPUT;
>     }
>     then {
>         policer 256Kbps;
>         count customer_output;
>         accept;
>     }
> 
> 
> I think i can force the famous recursive routing-lookup in 
> that way, but for now i cant do it. Any suggestion without 
> changing the configuration of my egress interfaces?
> 
> Thanks,
> Elian.
> 
> 
> 
> -----Mensaje original-----
> De:	Dave McGaugh [mailto:dmcgaugh at cac.washington.edu]
> Enviado el:	Mar 03/01/2006 05:38 p.m.
> Para:	Elian Scrosoppi
> CC:	juniper-nsp at puck.nether.net
> Asunto:	Re: [j-nsp] JunOS QPPB
> 
> 
> 
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net 
> http://puck.nether.net/mailman/listinfo/juniper-nsp
> 



More information about the juniper-nsp mailing list