[j-nsp] DHCP interface as next hop

[Aaron Dewell]

On Nov 29, 2012, at 12:53 AM, Tore Anderson wrote:
> * Aaron Dewell
> 
>> I haven't found an answer to this question (except for Cisco options
>> which doesn't help me).  I want to configure a static route to a DHCP
>> interface on an SRX240.  Here's the scenario:
>> 
>> ge-0/0/0 connected to CX111 (4G modem/DHCP)
>> t1-0/1/0 connected to an L3VPN (with BGP)
>> st0.0 should connect over ge-0/0/0
>> 
>> The t1 is considered trusted, so we do not want to form the IPSec
>> tunnel over it.  There is a default route coming in via BGP on the
>> T1.  The goal:
>> 
>> Statically route the IPSec tunnel endpoint over the 4G modem as a
>> /32
>> Statically route 0/0 over st0.0 (and set precedence to >170, or set
>> BGP down to 4)
>> Receive 0/0 from BGP over the T1 (or alternately not, with no need to
>> alter precedence, and use two next-hops for one static 0/0)
>> 
>> The purpose is to have the tunnel up but not used until the T1 or BGP
>> over it goes away.
>> 
>> However, I cannot set ge-0/0/0.0 as the next-hop because it's not a
>> point to point interface. I cannot set an IP address as the next-hop
>> because I don't know when it will change.
>> 
>> Any ideas on how to address that?
> 
> I have no idea if this can be done or will work, but here's a suggestion
> at least:
> 
> Configure a static link network (e.g., 192.0.2.10/31) on ge-0/0/0.0
> in parallel with the DHCP client. Add a static ARP entry for 192.0.2.11
> pointing to the CX111's MAC address. Use 192.0.2.11 address as the next
> hop for the static route to the remote IPSEC tunnel endpoint.
> 
> Best regards,
> -- 
> Tore Anderson
> Redpill Linpro AS - http://www.redpill-linpro.com/

Ooooh, I like that idea.  I'll give that a try.  The other idea our SE suggested is a virtual router and configure the static route with next-table.  But that requires 12.1R3 to fix the default route installed into inet.0 not the VR issue.  I like your idea more than upgrades+VRs.

Aaron