<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<META NAME="Generator" CONTENT="MS Exchange Server version 5.5.2656.31">
<TITLE>RE: [j-nsp] Interface policy route-map/next-hop</TITLE>
</HEAD>
<BODY>
<P><FONT SIZE=2>From the notes;</FONT>
<BR><FONT SIZE=2>If the packet has a source address of 10.0.0.0/24, then destination-based forwarding occurs using the next-hop1-table.</FONT>
<BR><FONT SIZE=2>If the packet has a source address of 10.0.1.0/24, then destination-based forwarding occurs using the next-hop2-table.</FONT>
<BR><FONT SIZE=2>If a packet does not match either of these conditions, then the packet is accepted by the filter, and</FONT>
<BR><FONT SIZE=2>then destination-based forwarding occurs using the standard inet.0 routing table.</FONT>
</P>
<P><FONT SIZE=2>Try this;</FONT>
</P>
<P><FONT SIZE=2>interfaces {</FONT>
<BR><FONT SIZE=2> fe-0/0/0 {</FONT>
<BR><FONT SIZE=2> unit 0 {</FONT>
<BR><FONT SIZE=2> family inet {</FONT>
<BR><FONT SIZE=2> filter {</FONT>
<BR><FONT SIZE=2> input next-hop; /* all data is matched on input HERE */</FONT>
<BR><FONT SIZE=2> }</FONT>
<BR><FONT SIZE=2> address 10.0.0.1/24 { /* preferred IP address */</FONT>
<BR><FONT SIZE=2> preferred;</FONT>
<BR><FONT SIZE=2> }</FONT>
<BR><FONT SIZE=2> address 10.0.1.1/24; /* logical secondary */</FONT>
<BR><FONT SIZE=2> }</FONT>
<BR><FONT SIZE=2> }</FONT>
<BR><FONT SIZE=2> }</FONT>
<BR><FONT SIZE=2>}</FONT>
<BR><FONT SIZE=2>routing-options {</FONT>
<BR> <FONT SIZE=2>interface-routes {</FONT>
<BR> <FONT SIZE=2> rib-group inet nh-group;</FONT>
<BR> <FONT SIZE=2>}</FONT>
<BR> <FONT SIZE=2>rib-groups {</FONT>
<BR> <FONT SIZE=2> nh-group {</FONT>
<BR> <FONT SIZE=2>import-rib [inet.0 next-hop1-table.inet.0</FONT>
<BR> <FONT SIZE=2>next-hop2-table.inet.0];</FONT>
<BR> <FONT SIZE=2> }</FONT>
<BR> <FONT SIZE=2>}</FONT>
<BR><FONT SIZE=2>}</FONT>
<BR><FONT SIZE=2>firewall {</FONT>
<BR><FONT SIZE=2> family inet {</FONT>
<BR><FONT SIZE=2> filter next-hop {</FONT>
<BR><FONT SIZE=2> term one {</FONT>
<BR><FONT SIZE=2> from {</FONT>
<BR><FONT SIZE=2> source-address {</FONT>
<BR><FONT SIZE=2> 10.0.0.0/24;</FONT>
<BR><FONT SIZE=2> }</FONT>
<BR><FONT SIZE=2> }</FONT>
<BR><FONT SIZE=2> then routing-instance next-hop1-table; /* selected routes for SA 10.0.0.0/24 */</FONT>
<BR><FONT SIZE=2> }</FONT>
<BR><FONT SIZE=2> term two {</FONT>
<BR><FONT SIZE=2> from {</FONT>
<BR><FONT SIZE=2> source-address {</FONT>
<BR><FONT SIZE=2> 10.0.1.0/24;</FONT>
<BR><FONT SIZE=2> }</FONT>
<BR><FONT SIZE=2> }</FONT>
<BR><FONT SIZE=2> then routing-instance next-hop2-table; /* selected routes for SA 10.0.1.0/24 */</FONT>
<BR><FONT SIZE=2> }</FONT>
<BR><FONT SIZE=2> term default {</FONT>
<BR><FONT SIZE=2> then {</FONT>
<BR><FONT SIZE=2> accept; /* need this otherwise we will drop all other routes !!*/</FONT>
<BR><FONT SIZE=2> }</FONT>
<BR><FONT SIZE=2> }</FONT>
<BR><FONT SIZE=2> }</FONT>
<BR><FONT SIZE=2> }</FONT>
<BR><FONT SIZE=2>}</FONT>
<BR><FONT SIZE=2>routing-instances {</FONT>
<BR><FONT SIZE=2> next-hop1-table {</FONT>
<BR> <FONT SIZE=2> instance-type forwarding;</FONT>
<BR> <FONT SIZE=2> routing-options {</FONT>
<BR> <FONT SIZE=2>static {</FONT>
<BR> <FONT SIZE=2>route 0.0.0.0/0 nexthop 192.168.0.1; /* static default route */</FONT>
<BR> <FONT SIZE=2>}</FONT>
<BR> <FONT SIZE=2> }</FONT>
<BR><FONT SIZE=2> }</FONT>
<BR><FONT SIZE=2> next-hop2-table {</FONT>
<BR> <FONT SIZE=2> instance-type forwarding;</FONT>
<BR> <FONT SIZE=2> routing-options {</FONT>
<BR> <FONT SIZE=2>static {</FONT>
<BR> <FONT SIZE=2>route 0.0.0.0/0 nexthop 192.168.1.1; /* static default route */ </FONT>
<BR> <FONT SIZE=2>}</FONT>
<BR> <FONT SIZE=2> }</FONT>
<BR><FONT SIZE=2> }</FONT>
<BR><FONT SIZE=2>}</FONT>
</P>
<P><FONT SIZE=2>------------------</FONT>
</P>
<P><FONT SIZE=2>It seems there has been a slight syntax change since the document <A HREF="http://www.juniper.net/solutions/literature/white_papers/552003.pdf" TARGET="_blank">http://www.juniper.net/solutions/literature/white_papers/552003.pdf</A> was written (05/01).</FONT></P>
<P><FONT SIZE=2>routing-instances now have routing-options for static rather than directly configured routes - quite logical.</FONT>
</P>
<P><FONT SIZE=2>Neil.</FONT>
</P>
<P><FONT SIZE=2>-----Original Message-----</FONT>
<BR><FONT SIZE=2>From: Link King [<A HREF="mailto:king@kinger.net">mailto:king@kinger.net</A>]</FONT>
<BR><FONT SIZE=2>Sent: 31 March 2003 18:48</FONT>
<BR><FONT SIZE=2>To: juniper-nsp@puck.nether.net</FONT>
<BR><FONT SIZE=2>Subject: [j-nsp] Interface policy route-map/next-hop</FONT>
</P>
<BR>
<BR>
<P><FONT SIZE=2>Hi folks.</FONT>
</P>
<P><FONT SIZE=2>I'm in the process of converting Cisco configurations to Juniper and am</FONT>
<BR><FONT SIZE=2>trying to setup a policy statement to set next-hop addresses on a physical</FONT>
<BR><FONT SIZE=2>interface. Setup on Cisco as follows:</FONT>
</P>
<P><FONT SIZE=2>interface FastEthernet0/0</FONT>
<BR><FONT SIZE=2> ip address 10.0.0.1 255.255.255.0</FONT>
<BR><FONT SIZE=2> ip address 10.0.1.1 255.255.255.0 secondary</FONT>
<BR><FONT SIZE=2> ip route-cache policy</FONT>
<BR><FONT SIZE=2> ip policy route-map next-hop</FONT>
<BR><FONT SIZE=2>!</FONT>
<BR><FONT SIZE=2>access-list 10 permit 10.0.0.0 0.0.0.255</FONT>
<BR><FONT SIZE=2>access-list 10 deny any</FONT>
<BR><FONT SIZE=2>access-list 20 permit 10.0.1.0 0.0.0.255</FONT>
<BR><FONT SIZE=2>access-list 20 deny any</FONT>
<BR><FONT SIZE=2>!</FONT>
<BR><FONT SIZE=2>route-map next-hop permit 10</FONT>
<BR><FONT SIZE=2> match ip address 10</FONT>
<BR><FONT SIZE=2> set ip next-hop 192.168.0.1</FONT>
<BR><FONT SIZE=2>!</FONT>
<BR><FONT SIZE=2>route-map next-hop permit 20</FONT>
<BR><FONT SIZE=2> match ip address 20</FONT>
<BR><FONT SIZE=2> set ip next-hop 192.168.1.1</FONT>
</P>
<P><FONT SIZE=2>I'm struggling with how to set this up on a Juniper M5 (running 5.6R1.3 if</FONT>
<BR><FONT SIZE=2>that matters). Any help would be greatly appreciated. Thanks!</FONT>
</P>
<P><FONT SIZE=2>Link King</FONT>
<BR><FONT SIZE=2>king@kinger.net</FONT>
<BR><FONT SIZE=2>_______________________________________________</FONT>
<BR><FONT SIZE=2>juniper-nsp mailing list juniper-nsp@puck.nether.net</FONT>
<BR><FONT SIZE=2><A HREF="http://puck.nether.net/mailman/listinfo/juniper-nsp" TARGET="_blank">http://puck.nether.net/mailman/listinfo/juniper-nsp</A></FONT>
</P>
</BODY>
</HTML>