[j-nsp] Filter based forwarding and SCU/DCU

Ioan Branet ioan.branet at gmail.com
Wed Oct 7 09:40:40 EDT 2009


            }Hello,

Does anyone configured filter based forwarding using a filter on which you
match traffic using source-class ussage ?

I want to forward traffic matching  particular source-class to a specific
routing-instance.

It seems that these 2 features do not work toghether according to:
http://www.juniper.net/techpubs/software/junos/junos72/swconfig72-policy/html/firewall-config33.html

The topology looks like this

R1-----R2----Customer router 1
                     |
                     |
                 Customer router 2


R1 and R2 are both ISP routers, R2 is the router on which I configure FBF
and SCU/DCU.

I want the metro traffic matched by community metro to be forwarded to
Customer router 2 IP address and all other traffic to be forwarded normaly.

R2 has EBGP session with Customer router 1.

THe FBF filter should be configured inbound on the link R1-R2 on R2.

Configuration

routing-instances {
    INSTANCE {
        instance-type forwarding;
        routing-options {
            static {
                route 0.0.0.0/0 nexthop Customer router 2 ;
            }

routing-options {
    forwarding-table {
        export SCU_DCU

}
    interface-routes {
        rib-group inet RIB_GROUP;
    }
    rib-groups {
        RIB_GROUP {
            import-rib [ inet.0 INSTANCE.inet.0 ];
        }
    }


protocols {
    bgp {
        group R2-CUSTOMER1  {
            type external;


                }
            }
            neighbor   Customer router 1 {
                peer-as1 ;

  community PEER members  2:1;
    community METRO members 2:2;
    community NATIONAL members 2:3;

policy-statement SCU_DCU {
        term  PEER {
            from {
                protocol bgp;
                community PEER;
            }
            then {
                destination-class DCU-PEER;
                source-class SCU-PEER;
                next policy;
            }
        }
        term METRO {
            from {
                protocol bgp;
                community METRO;
            }
            then {
                destination-class DCU-METRO;
                source-class SCU-METRO;
                next policy;
            }
        }
        term NATIONAL {
            from {
                protocol bgp;
                community NATIONAL;
            }
            then {
                destination-class DCU-NATIONAL;
                source-class SCU-NATIONAL;
                next policy;
            }
        }

            }
        }
        term REMAINING {
            then {
                destination-class DCU-REMAINING;
                source-class SCU-REMAINING;
                next policy;
            }

filter CUSTOMER_SCU {
        term CUSTOMER-SCU-INTERNATIONAL {
            from {
                source-class SCU-REMAINING;
            }
            then {
                policer  SCU-INTERNATIONAL;
                routing-instance INSTANCE;

            accept;

          term 2 then accept

CUSTOMER_SCU filter is applied outbound on the interface between R2 and
Custmer-router 1.


On the interface between R1 and R2 on R2 I apply :

family inet {
        accounting {
            source-class-usage {
                input;

Any alternative if this solution does not work?
How to forward traffic on differnet next-hops by matching communities/as
path/scu/dcu ?


Thank you,
Ioan


More information about the juniper-nsp mailing list