[j-nsp] Question on SCU/DSU

Stefan Fouant sfouant at shortestpathfirst.net
Sat Jul 23 23:19:43 EDT 2011 

Hi there,

SCU/DCU is not for policy-based routing but rather for accounting of traffic that matches certain source prefixes or destination prefixes.

If what you are trying to accomplish is policy-based routing, what you want to look into is Filter-Based Forwarding (FBF) on Junos platforms.  With FBF, you can implement a firewall filter and match on any of the normal parameters you would normally use (IP Source, Dest, Proto, Port, etc.) and then direct traffic into a routing instance of your choosing by using the 'then routing-instance' action.

HTHs.

Stefan Fouant
JNCIE-M, JNCIE-ER, JNCIE-SEC, JNCI
Technical Trainer, Juniper Networks
http://www.shortestpathfirst.net
http://www.twitter.com/sfouant

Sent from my iPad

On Jul 23, 2011, at 5:20 PM, cc loo <mobile.ccloo at gmail.com> wrote:

> Hey folks,
> 
> I have some problems understanding SCU/DSU so some clarification would help
> here !
> 
> I'm trying to do some policy-based-routing base on source prefixes.
> 
> So when a packet enters my router, it would like to tag it with a class
> (local,transit-customers,upstream). Then i would like to send it to another
> routing-instance (default route it to a proxy actually), base on the class
> tagged
> 
> 
> I have some configs here
> 
> ### this is to tag packets to see what kind of customers
> policy-statement identify-prefixes {
>    term 1 {
>        from {
>            protocol [ ospf static direct local ];   ### my access customers
>        }
>        then {
>            destination-class dcu-ospf;
>            source-class scu-ospf;
>            accept;
>        }
>    }
>    term 2 {
>        from {
>            protocol bgp;
>            community [ 12345:1304 12345:1305 12345:1307 12345:1308
> 12345:1400 ];  ### my transit customers
>        }
>        then {
>            destination-class dcu-bgp;
>            source-class scu-bgp;
>            accept;
>        }
>    }
>    term 3 {
>        from protocol bgp;
>        then {
>            destination-class dcu-all-others;   ### anything else
>            source-class scu-all-others;
>            accept;
>        }
>    }
> }
> 
> 
> Now i read the official docs that i have to enable a input and a output
> interface. (access interface and upstream interface)
> But i don't quite understand the direction of the interface.
> 
> What i'm trying to find out is what class a packet belongs to when it enters
> the route. Base on that i'll inspect the packet's class to decide if i want
> to forward it to the proxy or not.
> Hope someone can shed some light on this, its giving me heaps of headache.
> The more i read the more confusing it gets
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp

More information about the juniper-nsp mailing list