[j-nsp] policy based routing
Ray Mihm
ray.mihm at gmail.com
Fri Mar 17 00:38:23 EST 2006
Thanks very much.
Ray.
On 3/16/06, Thomas Salmen <tsalmen at orcon.net.nz> wrote:
>
> Hi Ray,
>
> Here's an example that works for me:
>
>
> /* firewall filter applied to ingress interface */
> thomas at nct_ar3# show firewall filter interface_ingress
> term user1_policy {
> from {
> source-address {
> 192.168.1.0/24;
> }
> }
> then routing-instance user1_instance;
> }
> term accept_all {
> then {
> accept;
> }
> }
>
> thomas at nct_ar3# show interfaces
> ge-0/3/0 {
> description "Access Interface";
> vlan-tagging;
> mtu 9000;
> unit 400 {
> description "Customer Interface";
> vlan-id 400;
> family inet {
> filter {
> input interface_ingress;
> }
> address 10.1.1.177/30;
> }
> }
> unit 500 {
> description "Destination Interface";
> vlan-id 500;
> family inet {
> address 172.1.1.1/30;
> }
> }
> }
>
> /* routing instance */
> thomas at nct_ar3# show routing-instances
> user1_instance {
> instance-type forwarding;
> routing-options {
> static {
> route 0.0.0.0/0 next-hop 172.1.1.2;
> }
> }
> }
>
> /* need to import interface routes into routing instance to resolve next-hop
> address */
> thomas at nct_ar3# show routing-options
> interface-routes {
> rib-group inet interfaces;
> }
> rib-groups {
> interfaces {
> import-rib [ inet.0 user1_instance.inet.0 ];
> }
> }
>
>
> Hope this helps.
>
> Thomas
>
> >
> > I'm new to junos so please bare with me. I'm used to c routers where I
> > was able to forward traffic based on source address (ie, bypassing
> > destination based routing). What's junos equivalent?
> >
> > Thanks,
> >
> > Ray.
> >
> > _______________________________________________
> > juniper-nsp mailing list juniper-nsp at puck.nether.net
> > http://puck.nether.net/mailman/listinfo/juniper-nsp
>
>
>
More information about the juniper-nsp
mailing list