[j-nsp] DHCP interface as next hop
Tore Anderson
tore.anderson at redpill-linpro.com
Thu Nov 29 02:53:32 EST 2012
* Aaron Dewell
> I haven't found an answer to this question (except for Cisco options
> which doesn't help me). I want to configure a static route to a DHCP
> interface on an SRX240. Here's the scenario:
>
> ge-0/0/0 connected to CX111 (4G modem/DHCP)
> t1-0/1/0 connected to an L3VPN (with BGP)
> st0.0 should connect over ge-0/0/0
>
> The t1 is considered trusted, so we do not want to form the IPSec
> tunnel over it. There is a default route coming in via BGP on the
> T1. The goal:
>
> Statically route the IPSec tunnel endpoint over the 4G modem as a
> /32
> Statically route 0/0 over st0.0 (and set precedence to >170, or set
> BGP down to 4)
> Receive 0/0 from BGP over the T1 (or alternately not, with no need to
> alter precedence, and use two next-hops for one static 0/0)
>
> The purpose is to have the tunnel up but not used until the T1 or BGP
> over it goes away.
>
> However, I cannot set ge-0/0/0.0 as the next-hop because it's not a
> point to point interface. I cannot set an IP address as the next-hop
> because I don't know when it will change.
>
> Any ideas on how to address that?
I have no idea if this can be done or will work, but here's a suggestion
at least:
Configure a static link network (e.g., 192.0.2.10/31) on ge-0/0/0.0
in parallel with the DHCP client. Add a static ARP entry for 192.0.2.11
pointing to the CX111's MAC address. Use 192.0.2.11 address as the next
hop for the static route to the remote IPSEC tunnel endpoint.
Best regards,
--
Tore Anderson
Redpill Linpro AS - http://www.redpill-linpro.com/
More information about the juniper-nsp
mailing list