[j-nsp] DHCP interface as next hop

Jonathan Lassoff jof at thejof.com
Thu Nov 29 04:27:27 EST 2012


On Wed, Nov 28, 2012 at 4:45 PM, Aaron Dewell <aaron.dewell at gmail.com>wrote:

>
> Hey all,
>
> I haven't found an answer to this question (except for Cisco options which
> doesn't help me).  I want to configure a static route to a DHCP interface
> on an SRX240.  Here's the scenario:
>
> ge-0/0/0 connected to CX111 (4G modem/DHCP)
> t1-0/1/0 connected to an L3VPN (with BGP)
> st0.0 should connect over ge-0/0/0
>
> The t1 is considered trusted, so we do not want to form the IPSec tunnel
> over it.  There is a default route coming in via BGP on the T1.  The goal:
>
> Statically route the IPSec tunnel endpoint over the 4G modem as a /32
> Statically route 0/0 over st0.0 (and set precedence to >170, or set BGP
> down to 4)
> Receive 0/0 from BGP over the T1 (or alternately not, with no need to
> alter precedence, and use two next-hops for one static 0/0)
>
> The purpose is to have the tunnel up but not used until the T1 or BGP over
> it goes away.


Not sure about your routing setup and how you tag routes, but what about
running DHCP on the modem and letting default point out that path?

Then, setup your far end to only announce an "internal" table (whatever
routes are appropriate for your application) via your T1/BGP path.
Exclude the IPSec tunnel endpoint space.

Setup your IPSec tunnel and run a routing protocol over it, de-preferencing
those routes below that of the T1/BGP path routes.

That way, under normal operation you'll take the L3VPN path, but should
those routes become unreachable, you'll prefer the IPSec-learned routes.

--j


More information about the juniper-nsp mailing list