[j-nsp] Filter based forwarding on Olive

Ioan Branet ioan.branet at gmail.com
Tue Sep 15 04:10:24 EDT 2009 

Hello Group,

I want to test the feature on Olive and it seems that is not ok.When I try
to ping R5 loopback from R3 I receive icmp unreachable from R1 where the
filter is applied.

It seems that the filter is seen as unknown when applied to em1.0 interface
on input.

If you have a working example with instance type forwarding or instance type
virtual router used with FBF it will help.



My topology looks like this:

R3 ----em0.0----R1---em2.0---R5

My configuration looks like this:

root at R1> show configuration firewall filter FBF
term 1 {
    then {
        routing-instance FBF;
    }
}

root at R1> show configuration routing-instances FBF
instance-type forwarding;
routing-options {
    static {
        route 0.0.0.0/0 next-hop 150.1.15.5;
    }
}

root at R1> show configuration routing-options
interface-routes {
    rib-group inet FBF;
}
rib-groups {
    FBF {
        import-rib [ inet.0 FBF.inet.0 ];
    }

root at R1> show configuration interfaces
em0 {
    unit 0 {
        family inet {
            address 150.1.12.1/24;
        }
        family mpls;
    }
}
em1 {
    unit 0 {
        family inet {
            filter {
                input FBF;
            }
            address 150.1.13.1/24;
        }
        family mpls;
    }
}
em2 {
    unit 0 {
        family inet {
            address 150.1.15.1/24;
        }
        family mpls;
    }
}
lo0 {
    unit 0 {
        family inet {
            address 1.1.1.1/32;
        }
    }
}

root at R3> show route 0.0.0.0

inet.0: 19 destinations, 28 routes (19 active, 0 holddown, 1 hidden)
+ = Active Route, - = Last Active, * = Both

0.0.0.0/0          *[Static/5] 03:08:35
                    > to 150.1.13.1 via em1.0

root at R3>

root at R1> show route 0.0.0.0

FBF.inet.0: 8 destinations, 8 routes (8 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

0.0.0.0/0          *[Static/5] 00:03:10
                    > to 150.1.15.5 via em2.0

root at R1> show route 5.5.5.5

FBF.inet.0: 8 destinations, 8 routes (8 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

0.0.0.0/0          *[Static/5] 00:03:16
                    > to 150.1.15.5 via em2.0


root at R1> show route forwarding-table destination 0.0.0.0
Routing table: default.inet
Internet:
Destination        Type RtRef Next hop           Type Index NhRef Netif
0.0.0.0/32         perm     0                    dscd    34     1

Routing table: __juniper_private1__.inet
Internet:
Destination        Type RtRef Next hop           Type Index NhRef Netif
0.0.0.0/32         perm     0                    dscd   114     1

Routing table: __juniper_private2__.inet
Internet:
Destination        Type RtRef Next hop           Type Index NhRef Netif
0.0.0.0/32         perm     0                    dscd   194     1

Routing table: FBF.inet
Internet:
Destination        Type RtRef Next hop           Type Index NhRef Netif
0.0.0.0/32         perm     0                    dscd   529     1

root at R1>

root at R1> show interfaces filters em1.0
Interface       Admin Link Proto Input Filter         Output Filter
em1.0           up    up   inet  unknown
                           mpls

root at R3> traceroute 5.5.5.5
traceroute to 5.5.5.5 (5.5.5.5), 30 hops max, 40 byte packets
 1  150.1.13.1 (150.1.13.1)  0.881 ms  0.671 ms  0.128 ms
 2  150.1.13.1 (150.1.13.1)  0.483 ms !H  0.694 ms !H  0.098 ms !H

root at R3> ping 5.5.5.5 source 150.1.13.3
PING 5.5.5.5 (5.5.5.5): 56 data bytes
36 bytes from 150.1.13.1: Destination Host Unreachable
Vr HL TOS  Len   ID Flg  off TTL Pro  cks      Src      Dst
 4  5  00 0054 6a0f   0 0000  40  01 638c 150.1.13.3  5.5.5.5

36 bytes from 150.1.13.1: Destination Host Unreachable
Vr HL TOS  Len   ID Flg  off TTL Pro  cks      Src      Dst
 4  5  00 0054 6a10   0 0000  40  01 638b 150.1.13.3  5.5.5.5

^C
--- 5.5.5.5 ping statistics ---
2 packets transmitted, 0 packets received, 100% packet loss


root at R1> ping routing-instance FBF 5.5.5.5 source 150.1.15.1
PING 5.5.5.5 (5.5.5.5): 56 data bytes
ping: sendto: Can't assign requested address
ping: sendto: Can't assign requested address
ping: sendto: Can't assign requested address
ping: sendto: Can't assign requested address
^C
--- 5.5.5.5 ping statistics ---
4 packets transmitted, 0 packets received, 100% packet loss

root at R1>

root at R1> show route forwarding-table destination 5.5.5.5
Routing table: default.inet
Internet:
Destination        Type RtRef Next hop           Type Index NhRef Netif
default            perm     0                    rjct    36     1

Routing table: __juniper_private1__.inet
Internet:
Destination        Type RtRef Next hop           Type Index NhRef Netif
default            perm     0                    rjct   116     1

Routing table: __juniper_private2__.inet
Internet:
Destination        Type RtRef Next hop           Type Index NhRef Netif
default            perm     0                    rjct   196     1

Routing table: FBF.inet
Internet:
Destination        Type RtRef Next hop           Type Index NhRef Netif
default            user     0 0:c:29:bb:f:be     ucst   547     4 em2.0
default            perm     0                    rjct   531     1

root at R1>





Thank you,
-- 
Ioan Branet
CCIE #23474 R&S

More information about the juniper-nsp mailing list