[j-nsp] route into inactive state

Bas Haakman bas.haakman at tele2.com
Thu Feb 26 08:39:03 EST 2009 

Hi,

juniper-nsp-bounces at puck.nether.net wrote on 26-02-2009 14:05:18:

> On Thu, Feb 26, 2009 at 09:39:50AM +0200, fighter worker wrote:
> > actually my case is little difference , iam taking here about full
> > internet routing table i recieve from BGP peer and i dont want to put
> > these routes into routing table as i use a static default route with
> > differenet next hop to be able to control my upload but at the same
> > time i have some BGP customers who want to send to them the full
> > routing table through BGP so i cant put all these routes to discard as
> > the traffic will be discarded
> 
> Create a separate VRF routing-instance, and put your full-BGP 
> customers inside that.

You can create a routing-instance where you import the router interfaces 
and
a default route. And then put an input firewall filter in place for all 
customers
with a next routing-instance statement in that way you can control the 
upstream traffic. 

routing instance should look like this:

routing-instances upstream {
instance-type forwarding;
 routing-options {
 static {
  route 0.0.0.0/0 next-hop x.x.x.x;
 }
}
}

create and apply the rib group to import also the interface into your 
upstream routing table:

set interface-routes rib-group inet interfaces
set rib-groups interfaces import-rib [inet.0 upstream.inet.0]

create a firewall which you can apply in inbound direction on all customer 
facing interfaces:

firewall filter upstream-fbf
term 1 {
 then routing-instance upstream;
}

bash

******** IMPORTANT NOTICE ********
This e-mail (including any attachments) may contain information that is 
confidential or otherwise protected from disclosure and it is intended 
only for the addressees. If you are not the intended recipient, please 
note that any copying, distribution or other use of information contained 
in this e-mail (and its attachments) is not allowed. If you have received 
this e-mail in error, kindly notify us immediately by telephone or e-mail 
and delete the message (including any attachments) from your system.

Please note that e-mail messages may contain computer viruses or other 
defects, may not be accurately replicated on other systems, or may be 
subject of unauthorized interception or other interference without the 
knowledge of sender or recipient. Tele2 only send and receive e-mails on 
the basis that Tele2 is not responsible for any such computer viruses, 
corruption or other interference or any consequences thereof.

More information about the juniper-nsp mailing list