[j-nsp] PBR JUNOS

[Stefan Fouant]

> -----Original Message-----
> From: juniper-nsp-bounces at puck.nether.net [mailto:juniper-nsp-
> bounces at puck.nether.net] On Behalf Of Muhammad Farooq
> Sent: Wednesday, January 20, 2010 9:15 AM
> To: juniper-nsp at puck.nether.net
> Subject: [j-nsp] PBR JUNOS
> 
> 
> Experts,
> 
> 
> I have a PBR question.
> 
> Suppose I have a following firewall filter..
> 
> term 1 {
> from destination-port [http https]
> }
> 
> then routing-instance test;
> 
> term 2 {
> then accept;
> 
> routing-instance test {
> instance-type forwarding;
> {
> routing-option static route 0/0 next-hop 192.168.1.1/30
> }
> }
> interface fe-2/0/0 {
> unit 0 {
> family inet {
> address 192.168.1.2/30
> }
> }
> }
> 
> Now if interface fe-2/0/0 goes down and route removed form routing
> table. Then what will be the flow of HTTP and HTTPS traffic. Traffic
> will be droped or will match to term 2?
> 
> or can we bypass PBR in case interface fe-2/0/0 goes down?
>        Thanks in advance

I've done just such a configuration in the past.  There are a lot of
different ways to skin this cat, but to answer your question, if fe-2/0/0
goes down, it will be dropped.  Not because it meets term 2 however, in fact
it will never be processed by term 2 because it has already matched against
term 1.  It will be dropped because there will be no available route in the
test routing-instance.  Probably the easiest way around this problem is to
configure a floating static route that points to next-table inet.0, in the
event the first static towards 192.168.1.1 goes down.

HTHs.

Stefan Fouant, CISSP, JNCIE-M/T
www.shortestpathfirst.net
GPG Key ID: 0xB5E3803D