[j-nsp] Offlist: Missing route in routing-instance

Thomas Mangin thomas.mangin at exa-networks.co.uk
Wed Nov 15 13:33:15 EST 2006 

Krasimir Avramski wrote:
> Yes, it is not good. So, I  suspect that this routing instance not defined in logical router ( main or other ) in context where filter applied.

This router is running 7.1R3 and all you can get is :

thomas.mangin at m7i-4.u3.tcw.uk# edit logical-routers dsl ?
Possible completions:
  <[Enter]>            Execute this command
> interfaces           Interface configuration
> policy-options       Routing policy option configuration
> protocols            Routing protocol configuration
> routing-instances    Routing instance configuration
> routing-options      Protocol-independent routing option configuration
  |                    Pipe through a command
[edit]

So it is not possible to setup the firewall/filters in the logical
router. It is possible under later JunOS ?

(I know I need to update anyway :( ...)

Thomas

------

firewall {
  filter destination-route {
    term to-surfprotect {
        from {
            destination-address {
               [...]
            }
        }
        then {
            routing-instance to-surfprotect-web-return; ##
'to-surfprotect-web-return' is not defined
        }
    }
    [...]
    term default {
        then accept;
    }
}

}

logical-route {
  dsl {
    interfaces {
        [...]
        lt-1/2/0 {
            unit 2 {
                description "to parent M7i";
                encapsulation ethernet;
                peer-unit 1;
                family inet {
                    filter {
                        input destination-route;
                    }
                    address 82.219.2.13/30;
                }
                family iso;
            }
        }
    }
  routing-instances {
    to-surfprotect-web-return {
        instance-type forwarding;
        routing-options {
            static {
                route 0.0.0.0/0 next-hop 82.219.2.81;
            }
        }
    }
  routing-options {
    interface-routes {
        rib-group inet if-rib;
    }
    static {
        route 0.0.0.0/0 next-hop 82.219.2.14;
        [...]
    }
    rib-groups {
        if-rib {
            import-rib [ inet.0 inet.2 to-surfprotect-web-return.inet.0
]; # snipped some here
        }
        isis-rib {
            export-rib inet.0;
            import-rib [ inet.0 inet.2 ];
        }
    }
    [...]
  }
}

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 186 bytes
Desc: OpenPGP digital signature
Url : https://puck.nether.net/pipermail/juniper-nsp/attachments/20061115/6f436547/attachment.bin

More information about the juniper-nsp mailing list