[j-nsp] Filter based forwarding
Chris Evans
chrisccnpspam2 at gmail.com
Wed Dec 2 23:07:29 EST 2009
Here is where I'm coming up with 'master', as you can see below 'master' is
valid. In either case, the src is 192.168.1.210 and destination is
172.16.1.140.. If create another routing-instance such as PBR2 and put
ge-1/3/0 into it and apply the firewall filter, it works properly.. It just
seems that you cannot call the default inet.0 within the firewall filter as
there is no really no instance defined.
root at JuniperM7i# show routing-instances
PBR {
instance-type virtual-router;
interface ge-0/1/0.0;
routing-options {
static {
route 0.0.0.0/0 next-table inet.0;
}
}
}
master {
instance-type virtual-router;
}
[edit]
root at JuniperM7i# commit check
[edit routing-instances]
'master'
RT Instance: master is a reserved instance name
error: configuration check-out failed
root at JuniperM7i> show route instance
Instance Type
Primary RIB
Active/holddown/hidden
PBR virtual-router
PBR.inet.0 3/0/0
__juniper_private1__ forwarding
__juniper_private1__.inet.0 3/0/1
__juniper_private1__.inet6.0 4/0/0
__juniper_private2__ forwarding
__juniper_private2__.inet.0 0/0/1
__master.anon__ forwarding
master forwarding
inet.0 7/0/0
inet.1 5/0/0
inet6.0 2/0/0
On Wed, Dec 2, 2009 at 10:44 PM, Nilesh Khambal <nkhambal at juniper.net>wrote:
> What is the destination for the forward traffic? Is it one of the
> connected IPs on ge-0/1/0? I suspect if the problem is with forward traffic
> rather than return traffic. Can you specify what will be the source and
> destination for the forward and return traffic?
>
> master.inet.0 is not the same as inet.0. “inet.0” refers to the default
> routing table for IPv4 lookup. “master.inet.0” refers to the IPv4 routing
> table for routing-instance name “master” which you don’t have it configured.
>
> Thanks,
> Nilesh.
>
>
>
>
> On 12/2/09 7:39 PM, "Chris Evans" <chrisccnpspam2 at gmail.com> wrote:
>
> Yes, you are correct.. it doesn't make it back to the source. I don't have
> any active routing protocols at all, so I pasted them all. We're just
> relying on the default route and directly connected routes. If I set the
> next-hop table to 'master.inet.0' it doesn't install the 0.0.0.0/0 <
> http://0.0.0.0/0> route into PBR.inet.0 at all..
>
> root at JuniperM7i> show route extensive table inet.0
>
> inet.0: 7 destinations, 7 routes (7 active, 0 holddown, 0 hidden)
> Restart Complete
> 0.0.0.0/0 <http://0.0.0.0/0> (1 entry, 1 announced)
> TSI:
> KRT in-kernel 0.0.0.0/0 <http://0.0.0.0/0> -> {192.168.1.1}
> *Static Preference: 5
> Next hop type: Router, Next hop index: 614
> Next-hop reference count: 3
> Next hop: 192.168.1.1 via ge-1/3/0.0, selected
> State: <Active Int Ext>
> Age: 1:26:03
> Task: RT
> Announcement bits (1): 0-KRT
> AS path: I
>
> 192.168.1.0/24 <http://192.168.1.0/24> (1 entry, 0 announced)
> *Direct Preference: 0
> Next hop type: Interface
> Next-hop reference count: 1
> Next hop: via ge-1/3/0.0, selected
> State: <Active Int>
> Age: 1:26:03
> Task: IF
> AS path: I
>
> 192.168.1.252/32 <http://192.168.1.252/32> (1 entry, 0 announced)
> *Local Preference: 0
> Next hop type: Local
> Next-hop reference count: 6
> Interface: ge-1/3/0.0
> State: <Active NoReadvrt Int>
> Age: 1:26:03
> Task: IF
> AS path: I
>
>
>
> root at JuniperM7i> show route extensive table PBR.inet.0
>
> PBR.inet.0: 3 destinations, 3 routes (3 active, 0 holddown, 0 hidden)
> 0.0.0.0/0 <http://0.0.0.0/0> (1 entry, 1 announced)
> TSI:
> KRT in-kernel 0.0.0.0/0 <http://0.0.0.0/0> -> {Table}
> *Static Preference: 5
> Next table: inet.0
> Next-hop reference count: 3
> State: <Active Int Ext>
> Age: 22
> Task: RT
> Announcement bits (1): 0-KRT
> AS path: I
>
> 172.16.1.128/25 <http://172.16.1.128/25> (1 entry, 0 announced)
> *Direct Preference: 0
> Next hop type: Interface
> Next-hop reference count: 1
> Next hop: via ge-0/1/0.0, selected
> State: <Active Int>
> Age: 3:52:19
> Task: IF
> AS path: I
>
> 172.16.1.129/32 <http://172.16.1.129/32> (1 entry, 0 announced)
> *Local Preference: 0
> Next hop type: Local
> Next-hop reference count: 6
> Interface: ge-0/1/0.0
> State: <Active NoReadvrt Int>
> Age: 3:52:20
> Task: IF
> AS path: I
>
>
>
>
>
> On Wed, Dec 2, 2009 at 10:26 PM, Nilesh Khambal <nkhambal at juniper.net>
> wrote:
> So, are you saying that by adding a default route pointing to the inet.0
> table (default routing table) the return traffic is not getting routed to
> via inet.0 via appropriate egress interface?
>
> Is there any another more specific route in PBR.inet.0 for the return
> traffic destination?
>
> Is there a route for the return traffic destination in inet.0 point to the
> correct egress interface?
>
> Can you post “show route a.b.c.d extensive table PBR.inet.0” and then “show
> route a.b.c.d extensive”?
>
> Thanks,
> Nilesh
>
>
> On 12/2/09 7:21 PM, "Chris Evans" <chrisccnpspam2 at gmail.com> wrote:
>
> Just tried that, no dice.. I also tried 'master.inet.0' with no luck.
>
> If I pull the interfaces out of the global routing instance, I can
> successfully use a firewall filter to forward how I need it to.
> Unfortunately it just doens't work with interfaces are in the default
> instance..
>
> Thanks
>
> Chris
>
>
> On Wed, Dec 2, 2009 at 10:11 PM, Nilesh Khambal <nkhambal at juniper.net>
> wrote:
>
>
>
> On 12/2/09 7:10 PM, "Nilesh Khambal" <nkhambal at juniper.net> wrote:
>
> > - set virtual-router PBR routing-options static route 0.0.0.0/0 <
> http://0.0.0.0/0> <http://0.0.0.0/0> next-table
> > inet.0
>
> Sorry the syntax should be
>
> - set routing-instances PBR routing-options static route 0.0.0.0/0 <
> http://0.0.0.0/0> <http://0.0.0.0/0>
> next-table inet.0
>
> Thanks,
> Nilesh.
>
>
>
>
>
>
More information about the juniper-nsp
mailing list