[j-nsp] Routing Engine filtering on EX with VRF

Scott Granados scott at granados-llc.net
Tue Mar 22 12:35:38 EDT 2016


I believe this is correct.  In order for a specific filter to have effect with in an routing instance you have to apply that filter to the loopback else I believe and am more than willing to be corrected but I believe the instance takes on the characteristics of the global filter when no filter is applied to the loopback within the instance.

> On Mar 22, 2016, at 12:28 PM, Luca Salvatore via juniper-nsp <juniper-nsp at puck.nether.net> wrote:
> 
> Try putting an loopback interface into the vrf e.g lo0.1 and applying the
> filer to that.
> 
> On Sat, Mar 19, 2016 at 4:02 PM, Raphael Mazelier <raph at futomaki.net> wrote:
> 
>> 
>> 
>>> 
>>> On EX, you should be able to protect the RE using a filter on lo0 in the
>>> main routing instance (not in the VRF itself).
>>> But be aware that this does not work on tha ACX-series (for some strange
>>> reason)...
>>> 
>>> 
>> Yep the firewall filter work for interfaces that are on the main
>> routing-instance. But for some reason the filter does not apply on traffic
>> coming from interface placed in a vrf to the RE.
>> 
>> 
>> --
>> Raphael Mazelier
>> 
>> _______________________________________________
>> juniper-nsp mailing list juniper-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>> 
> 
> 
> 
> -- 
> Luca Salvatore
> Manager, Network Team | DigitalOcean
> Phone: +1 (929) 214-7242
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp



More information about the juniper-nsp mailing list