[j-nsp] SRX policy action to inject a route in a table??

Doug Hanks dhanks at juniper.net
Fri Mar 18 19:30:12 EDT 2011


I'm not aware of any roadmap features that will do this, as we have an existing method to do this today.  It's easy enough to divert ingress traffic into a different routing-instance with FBF, then just apply stateful policy to it.

Doug

-----Original Message-----
From: juniper-nsp-bounces at puck.nether.net [mailto:juniper-nsp-bounces at puck.nether.net] On Behalf Of Clarke Morledge
Sent: Friday, March 18, 2011 6:57 AM
To: Stefan Fouant
Cc: 'juniper-nsp'
Subject: Re: [j-nsp] SRX policy action to inject a route in a table??


On Thu, 17 Mar 2011, Stefan Fouant wrote:

> Hi Clarke, Doug's suggestion of using a firewall-filter with an action of
> then routing-instance is probably the cleanest way to do this.  We call this
> Filter-Based Forwarding or FBF in Juniper speak but this is no different
> from Policy-Based Routing (PBR) on other vendor platforms.  Firewall-filters
> (stateless) are processed before stateful services so this wouldn't be an
> action that you find under the 'security policies' stanza of the
> configuration hierarchy, but rather would be configured under
> 'firewall-filters'.

Hi, Stefan,

Yes, the firewall filter idea is a good one, but I was hoping to leverage 
some of the more stateful and/or "screen" functions that the SRX has to 
achieve the same thing.

The event script concept is intriguing, but the challenge is how to 
trigger the event appropriately.

Clarke Morledge
College of William and Mary
Information Technology - Network Engineering
Jones Hall (Room 18)
Williamsburg VA 23187
_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp



More information about the juniper-nsp mailing list