[j-nsp] Routing Engine filtering on EX with VRF
Scott Granados
scott at granados-llc.net
Tue Mar 22 12:35:38 EDT 2016
I believe this is correct. In order for a specific filter to have effect with in an routing instance you have to apply that filter to the loopback else I believe and am more than willing to be corrected but I believe the instance takes on the characteristics of the global filter when no filter is applied to the loopback within the instance.
> On Mar 22, 2016, at 12:28 PM, Luca Salvatore via juniper-nsp <juniper-nsp at puck.nether.net> wrote:
>
> Try putting an loopback interface into the vrf e.g lo0.1 and applying the
> filer to that.
>
> On Sat, Mar 19, 2016 at 4:02 PM, Raphael Mazelier <raph at futomaki.net> wrote:
>
>>
>>
>>>
>>> On EX, you should be able to protect the RE using a filter on lo0 in the
>>> main routing instance (not in the VRF itself).
>>> But be aware that this does not work on tha ACX-series (for some strange
>>> reason)...
>>>
>>>
>> Yep the firewall filter work for interfaces that are on the main
>> routing-instance. But for some reason the filter does not apply on traffic
>> coming from interface placed in a vrf to the RE.
>>
>>
>> --
>> Raphael Mazelier
>>
>> _______________________________________________
>> juniper-nsp mailing list juniper-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>>
>
>
>
> --
> Luca Salvatore
> Manager, Network Team | DigitalOcean
> Phone: +1 (929) 214-7242
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
More information about the juniper-nsp
mailing list