[j-nsp] policy based routing
Thomas Salmen
tsalmen at orcon.net.nz
Fri Mar 17 00:35:54 EST 2006
Hi Ray,
Here's an example that works for me:
/* firewall filter applied to ingress interface */
thomas at nct_ar3# show firewall filter interface_ingress
term user1_policy {
from {
source-address {
192.168.1.0/24;
}
}
then routing-instance user1_instance;
}
term accept_all {
then {
accept;
}
}
thomas at nct_ar3# show interfaces
ge-0/3/0 {
description "Access Interface";
vlan-tagging;
mtu 9000;
unit 400 {
description "Customer Interface";
vlan-id 400;
family inet {
filter {
input interface_ingress;
}
address 10.1.1.177/30;
}
}
unit 500 {
description "Destination Interface";
vlan-id 500;
family inet {
address 172.1.1.1/30;
}
}
}
/* routing instance */
thomas at nct_ar3# show routing-instances
user1_instance {
instance-type forwarding;
routing-options {
static {
route 0.0.0.0/0 next-hop 172.1.1.2;
}
}
}
/* need to import interface routes into routing instance to resolve next-hop
address */
thomas at nct_ar3# show routing-options
interface-routes {
rib-group inet interfaces;
}
rib-groups {
interfaces {
import-rib [ inet.0 user1_instance.inet.0 ];
}
}
Hope this helps.
Thomas
>
> I'm new to junos so please bare with me. I'm used to c routers where I
> was able to forward traffic based on source address (ie, bypassing
> destination based routing). What's junos equivalent?
>
> Thanks,
>
> Ray.
>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> http://puck.nether.net/mailman/listinfo/juniper-nsp
More information about the juniper-nsp
mailing list