[j-nsp] route into inactive state

Thu Feb 26 11:51:54 EST 2009

Both of these suggestions will work but IMO given the requirements I  
would opt for the BGP routes in a separate routing instance. BTW, you  
don't want a vrf instance since it requires targets, etc. which are  
not needed here. A simple non-forwarding instance would work here  
given the requirements.

The reason I would go this way is that the forwarding plane for this  
router uses the default static route and I would rather leave this in  
inet.0 and put the non-forwarding routes in the other routing table.

FWIW,
Joe

Joseph Soricelli
JNCIE #14/ CCIE #4803
703-980-3999
joe at proteus.net

On Feb 26, 2009, at 8:39 AM, Bas Haakman wrote:

> Hi,
>
> juniper-nsp-bounces at puck.nether.net wrote on 26-02-2009 14:05:18:
>
>> On Thu, Feb 26, 2009 at 09:39:50AM +0200, fighter worker wrote:
>>> actually my case is little difference , iam taking here about full
>>> internet routing table i recieve from BGP peer and i dont want to  
>>> put
>>> these routes into routing table as i use a static default route with
>>> differenet next hop to be able to control my upload but at the same
>>> time i have some BGP customers who want to send to them the full
>>> routing table through BGP so i cant put all these routes to  
>>> discard as
>>> the traffic will be discarded
>>
>> Create a separate VRF routing-instance, and put your full-BGP
>> customers inside that.
>
> You can create a routing-instance where you import the router  
> interfaces
> and
> a default route. And then put an input firewall filter in place for  
> all
> customers
> with a next routing-instance statement in that way you can control the
> upstream traffic.
>
> routing instance should look like this:
>
> routing-instances upstream {
> instance-type forwarding;
> routing-options {
> static {
>  route 0.0.0.0/0 next-hop x.x.x.x;
> }
> }
> }
>
> create and apply the rib group to import also the interface into your
> upstream routing table:
>
> set interface-routes rib-group inet interfaces
> set rib-groups interfaces import-rib [inet.0 upstream.inet.0]
>
> create a firewall which you can apply in inbound direction on all  
> customer
> facing interfaces:
>
> firewall filter upstream-fbf
> term 1 {
> then routing-instance upstream;
> }
>
> bash
>
> ******** IMPORTANT NOTICE ********
> This e-mail (including any attachments) may contain information that  
> is
> confidential or otherwise protected from disclosure and it is intended
> only for the addressees. If you are not the intended recipient, please
> note that any copying, distribution or other use of information  
> contained
> in this e-mail (and its attachments) is not allowed. If you have  
> received
> this e-mail in error, kindly notify us immediately by telephone or e- 
> mail
> and delete the message (including any attachments) from your system.
>
> Please note that e-mail messages may contain computer viruses or other
> defects, may not be accurately replicated on other systems, or may be
> subject of unauthorized interception or other interference without the
> knowledge of sender or recipient. Tele2 only send and receive e- 
> mails on
> the basis that Tele2 is not responsible for any such computer viruses,
> corruption or other interference or any consequences thereof.
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp