[j-nsp] Help - Filter on Juniper M7i router
ganesh nagpure
gnagpure_mtnl at yahoo.com
Mon Jun 19 02:51:41 EDT 2006
Hi,
I have configured follwoing filter on Juniper M7i
router. Will it create any impact on Traffic flowing /
slow performance via Gi_VRF.
interfaces {
fe-0/0/0 {
description "Gi - port ";
vlan-tagging;
link-mode full-duplex;
unit 0 {
description "Gi to GiR1 CGSN";
vlan-id 20;
family inet {
address 10.110.0.4/29;
}
}
unit 1 {
vlan-id 25;
family inet {
address 10.112.2.17/29;
}
}
routing-instances {
Gi_VRF {
instance-type virtual-router;
interface fe-0/0/0.0;
interface fe-0/0/0.1;
routing-options {
autonomous-system 65010;
}
forwarding-options {
family inet {
filter {
input protect_RE_from_apn;
}
}
}
protocols {
bgp {
description "Peers with CGSN GiR1 and
GiR2";
log-updown;
export advertise-default-route;
peer-as 65001;
group CGSN_GiR1/2 {
type external;
neighbor 10.110.0.1;
}
group CGSN_GiFirewall1/2 {
type external;
description "Peers with GiFw1 and
GiFw2";
log-updown;
peer-as 65005;
neighbor 10.112.2.19;
}
}
}
}
}
policy-options {
prefix-list apn-ip-ranges {
10.100.0.0/16;
10.101.0.0/16;
10.102.0.0/16;
10.103.0.0/16;
}
prefix-list interface-ip {
10.112.2.4/32;
10.112.2.17/32;
10.112.2.43/32;
}
prefix-list except-src-list {
10.111.0.16/28;
10.112.0.0/24;
}
prefix-list fxp-ip {
10.112.0.9/32;
10.112.2.2/32;
}
firewall {
filter protect_RE_from_apn {
term deny-all-from-apn {
from {
source-prefix-list {
apn-ip-ranges;
}
destination-prefix-list {
interface-ip;
}
}
then {
count count-deny-apn;
reject;
}
}
term allow-all-else {
then accept;
}
If yes please suggest best possible option.
Thanks & Regards
Ganesh
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam
protection around
http://mail.yahoo.com
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
More information about the juniper-nsp
mailing list