[j-nsp] Filter based forwarding

Nilesh Khambal nkhambal at juniper.net
Wed Dec 2 22:44:45 EST 2009 

What is the destination for the forward traffic? Is it one  of the connected IPs on ge-0/1/0? I suspect if the problem is with forward traffic rather than return traffic. Can you specify what will be the source and destination for the forward and return traffic?

master.inet.0 is not the same as inet.0.  “inet.0” refers to the default routing table for IPv4 lookup. “master.inet.0” refers to the IPv4 routing table for routing-instance name “master” which you don’t have it configured.

Thanks,
Nilesh.




On 12/2/09 7:39 PM, "Chris Evans" <chrisccnpspam2 at gmail.com> wrote:

Yes, you are correct.. it doesn't make it back to the source. I don't have any active routing protocols at all, so I pasted them all. We're just relying on the default route and directly connected routes. If I set the next-hop table to 'master.inet.0' it doesn't install the 0.0.0.0/0 <http://0.0.0.0/0>  route into PBR.inet.0 at all..

root at JuniperM7i> show route extensive table inet.0

inet.0: 7 destinations, 7 routes (7 active, 0 holddown, 0 hidden)
Restart Complete
0.0.0.0/0 <http://0.0.0.0/0>  (1 entry, 1 announced)
TSI:
KRT in-kernel 0.0.0.0/0 <http://0.0.0.0/0>  -> {192.168.1.1}
        *Static Preference: 5
                Next hop type: Router, Next hop index: 614
                Next-hop reference count: 3
                Next hop: 192.168.1.1 via ge-1/3/0.0, selected
                State: <Active Int Ext>
                Age: 1:26:03
                Task: RT
                Announcement bits (1): 0-KRT
                AS path: I

192.168.1.0/24 <http://192.168.1.0/24>  (1 entry, 0 announced)
        *Direct Preference: 0
                Next hop type: Interface
                Next-hop reference count: 1
                Next hop: via ge-1/3/0.0, selected
                State: <Active Int>
                Age: 1:26:03
                Task: IF
                AS path: I

192.168.1.252/32 <http://192.168.1.252/32>  (1 entry, 0 announced)
        *Local  Preference: 0
                Next hop type: Local
                Next-hop reference count: 6
                Interface: ge-1/3/0.0
                State: <Active NoReadvrt Int>
                Age: 1:26:03
                Task: IF
                AS path: I



root at JuniperM7i> show route extensive table PBR.inet.0

PBR.inet.0: 3 destinations, 3 routes (3 active, 0 holddown, 0 hidden)
0.0.0.0/0 <http://0.0.0.0/0>  (1 entry, 1 announced)
TSI:
KRT in-kernel 0.0.0.0/0 <http://0.0.0.0/0>  -> {Table}
        *Static Preference: 5
                Next table: inet.0
                Next-hop reference count: 3
                State: <Active Int Ext>
                Age: 22
                Task: RT
                Announcement bits (1): 0-KRT
                AS path: I

172.16.1.128/25 <http://172.16.1.128/25>  (1 entry, 0 announced)
        *Direct Preference: 0
                Next hop type: Interface
                Next-hop reference count: 1
                Next hop: via ge-0/1/0.0, selected
                State: <Active Int>
                Age: 3:52:19
                Task: IF
                AS path: I

172.16.1.129/32 <http://172.16.1.129/32>  (1 entry, 0 announced)
        *Local  Preference: 0
                Next hop type: Local
                Next-hop reference count: 6
                Interface: ge-0/1/0.0
                State: <Active NoReadvrt Int>
                Age: 3:52:20
                Task: IF
                AS path: I





On Wed, Dec 2, 2009 at 10:26 PM, Nilesh Khambal <nkhambal at juniper.net> wrote:
So, are you saying that by adding a default route pointing to the inet.0 table (default routing table) the return traffic is not getting  routed to via inet.0 via appropriate egress interface?

Is there any another more specific route in PBR.inet.0 for the return traffic destination?

Is there a route for the return traffic destination in inet.0 point to the correct egress interface?

Can you post “show route a.b.c.d extensive table PBR.inet.0” and then “show route a.b.c.d extensive”?

Thanks,
Nilesh


On 12/2/09 7:21 PM, "Chris Evans" <chrisccnpspam2 at gmail.com> wrote:

Just tried that, no dice.. I also tried 'master.inet.0' with no luck.

If I pull the interfaces out of the global routing instance, I can successfully use a firewall filter to forward how I need it to. Unfortunately it just doens't work with interfaces are in the default instance..

Thanks

Chris


On Wed, Dec 2, 2009 at 10:11 PM, Nilesh Khambal <nkhambal at juniper.net> wrote:



On 12/2/09 7:10 PM, "Nilesh Khambal" <nkhambal at juniper.net> wrote:

> - set virtual-router PBR routing-options static route 0.0.0.0/0 <http://0.0.0.0/0>  <http://0.0.0.0/0>  next-table
>   inet.0

Sorry the syntax should be

- set routing-instances PBR routing-options static route 0.0.0.0/0 <http://0.0.0.0/0>  <http://0.0.0.0/0>
  next-table inet.0

Thanks,
Nilesh.

More information about the juniper-nsp mailing list