[j-nsp] Help - Filter on Juniper M7i router

ganesh nagpure gnagpure_mtnl at yahoo.com
Mon Jun 19 02:51:41 EDT 2006


Hi,

I have configured follwoing filter on Juniper M7i
router. Will it create any impact on Traffic flowing /
slow performance via Gi_VRF.



interfaces {
    fe-0/0/0 {
        description "Gi - port ";
        vlan-tagging;
        link-mode full-duplex;
        unit 0 {
            description "Gi to GiR1 CGSN";
            vlan-id 20;
            family inet {
                address 10.110.0.4/29;
            }       
        }           
        unit 1 {    
            vlan-id 25;
            family inet {
                address 10.112.2.17/29;
            }       
        }           



routing-instances { 
    Gi_VRF {        
        instance-type virtual-router;
        interface fe-0/0/0.0;
        interface fe-0/0/0.1;
        routing-options {
            autonomous-system 65010;
        }           
        forwarding-options {
            family inet {
                filter {
                    input protect_RE_from_apn;
                }   
            }       
        }           
        protocols { 
            bgp {   
                description "Peers with CGSN GiR1 and
GiR2";
                log-updown;
                export advertise-default-route;
                peer-as 65001;
                group CGSN_GiR1/2 {
                    type external;
                    neighbor 10.110.0.1;
                }   
                group CGSN_GiFirewall1/2 {
                    type external;
                    description "Peers with GiFw1 and
GiFw2";
                    log-updown;
                    peer-as 65005;
                    neighbor 10.112.2.19;
                }   
            }       
        }           
    }               
}                   


policy-options {    
    prefix-list apn-ip-ranges {
        10.100.0.0/16;
        10.101.0.0/16;
        10.102.0.0/16;
        10.103.0.0/16;
    }               
    prefix-list interface-ip {
        10.112.2.4/32;
        10.112.2.17/32;
        10.112.2.43/32;
    }               
    prefix-list except-src-list {
        10.111.0.16/28;
        10.112.0.0/24;
    }               
    prefix-list fxp-ip {
        10.112.0.9/32;
        10.112.2.2/32;
    }               




firewall {          
    filter protect_RE_from_apn {
        term deny-all-from-apn {
            from {  
                source-prefix-list {
                    apn-ip-ranges;
                }   
                destination-prefix-list {
                    interface-ip;
                }   
            }       
            then {  
                count count-deny-apn;
                reject;
            }       
        }           
        term allow-all-else {
            then accept;
        }           




If yes please suggest best possible option.

Thanks & Regards
Ganesh

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam
protection around 
http://mail.yahoo.com 

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 


More information about the juniper-nsp mailing list