Routing

Hello guys ,

 

can i do filterbase forwording on the basis of BGP community?

 

my scnerio is 

 

R1 ---------- R2 --------------(Core)

                     |   |

                     |   |

 R3_____ _|   |_________(proxy_server)

 

my scenrio is that i recieved prefix from R1 through bgp with community and & i want to perform forwording of the traffic comming from R1 towards proxy server.

 

because of my current setup i cant do FBF on the basis of source-prefix as behind R2 i have complete network and announcement of source prefixes are continously changes (time to time) so thats why i want to achieve this thing through filter base forwarding.

 

please suggest ..

 

Regards

 

Rehan

Please have a look at (near the end of) chapter 5 of This Week: A Packet Walkthrough on the M, MX and T-Series. The pdf is available for download in J-net. Go to Day One site and you'll find it (or google it).

Thanks for your reply , i already download that book yesterday , in chapter 5 the discussion is about loop testing , can you please give me the pg# so that i will catch  quickly ,

 

Thanks

 

Rehan 

I'm on mobile, can you just search for "community"

is there any hardware requirement for this to implement like adaptive services /multiservices PIC , because my follwoing below confguration is not working , i followed the same as per  you mentioned , 

 

lab@mxB-2# show | no-more show
^
syntax error, expecting <command>.
lab@mxB-2# show | no-more
## Last changed: 2013-03-02 01:21:19 UTC
version 11.2R4.3;
system {
root-authentication {
encrypted-password "$1$31T0v7Aq$VB2Jrm27gGAw9/w4t3d/y1"; ## SECRET-DATA
}
syslog {
user * {
any emergency;
}
file messages {
any notice;
authorization info;
}
file interactive-commands {
interactive-commands any;
}
}
}
interfaces {
ge-1/1/2 {
unit 0 {
family inet {
accounting {
source-class-usage {
input;
output;
}
destination-class-usage;
}
address 1.1.1.2/30;
}
}
}
ge-1/1/3 {
unit 0 {
family inet {
address 2.2.2.2/30;
}
}
}
}
forwarding-options {
family inet {
filter {
output rehan;
}
}
}
routing-options {
interface-routes {
rib-group inet rib;
}
rib-groups {
rib {
import-rib [ inet.0 FBF.inet.0 ];
}
}
autonomous-system 2;
forwarding-table {
export filter;
}
}
protocols {
bgp {
group ebgp {
type external;
peer-as 1;
neighbor 1.1.1.1;
}
}
}
policy-options {
policy-statement filter {
term 1 {
from community test;
then source-class rehan;
}
then destination-class rehan-des;
}
community test members 1:1;
}
inactive: class-of-service {
forwarding-policy {
class rehan {
classification-override {
forwarding-class assured-forwarding;
}
}
}
interfaces {
ge-1/1/2 {
scheduler-map sche;
}
}
scheduler-maps {
sche {
forwarding-class best-effort scheduler be;
forwarding-class assured-forwarding scheduler assured-forwarding;
forwarding-class network-control scheduler nc;
}
}
schedulers {
assured-forwarding {
transmit-rate percent 20;
buffer-size percent 20;
priority high;
}
be {
transmit-rate percent 75;
buffer-size percent 75;
priority low;
}
nc {
transmit-rate percent 5;
buffer-size percent 5;
priority high;
}
}
}
firewall {
family inet {
filter rehan {
term 1 {
from {
source-class rehan;
}
then {
routing-instance FBF;
}
}
term 2 {
then accept;
}
}
}
}
routing-instances {
FBF {
instance-type forwarding;
routing-options {
static {
route 5.5.5.5/32 next-hop 2.2.2.1;
}
}
}
}

 

 

I m testing this feature on MX80 with following hardware

 

run show chassis hardware
Hardware inventory:
Item Version Part number Serial number Description
Chassis F4931 MX80
Midplane REV 07 711-031594 ZB2482 MX80
PEM 0 Rev 04 740-028288 VC02617 AC Power Entry Module
Routing Engine BUILTIN BUILTIN Routing Engine
TFEB 0 BUILTIN BUILTIN Forwarding Engine Processor
QXM 0 REV 05 711-028408 ZE2073 MPC QXM
FPC 0 BUILTIN BUILTIN MPC BUILTIN
MIC 0 BUILTIN BUILTIN 4x 10GE XFP
PIC 0 BUILTIN BUILTIN 4x 10GE XFP
FPC 1 BUILTIN BUILTIN MPC BUILTIN
MIC 0 REV 24 750-028392 ZF2380 3D 20x 1GE(LAN) SFP
PIC 0 BUILTIN BUILTIN 10x 1GE(LAN) SFP
Xcvr 0 REV 02 740-013111 B132548 SFP-T
Xcvr 1 REV 02 740-013111 B134693 SFP-T
Xcvr 2 REV 02 740-013111 B132444 SFP-T
Xcvr 3 REV 02 740-013111 B132689 SFP-T
Xcvr 4 REV 02 740-013111 B134137 SFP-T
Xcvr 5 REV 02 740-013111 B134157 SFP-T
Xcvr 6 REV 02 740-013111 B134115 SFP-T
Xcvr 7 REV 02 740-013111 B132532 SFP-T
Xcvr 8 REV 02 740-013111 B134986 SFP-T
Xcvr 9 REV 02 740-013111 B111001 SFP-T
PIC 1 BUILTIN BUILTIN 10x 1GE(LAN) SFP
Xcvr 2 REV 02 740-013111 B134733 SFP-T
Xcvr 3 REV 02 740-013111 B111506 SFP-T
Xcvr 4 REV 02 740-013111 B132347 SFP-T
Xcvr 5 REV 02 740-013111 B132351 SFP-T
Xcvr 6 REV 02 740-013111 B132421 SFP-T
Xcvr 7 REV 02 740-013111 B134941 SFP-T
Xcvr 8 REV 02 740-013111 B133018 SFP-T
Xcvr 9 REV 02 740-013111 B132558 SFP-T
Fan Tray Fan Tray

 

run show system software
Information for jbase:

Comment:
JUNOS Base OS Software Suite [11.2R4.3]

 

Can you please check my config?

 

Thanks

 

Regards

 

Muhammad Rehan

 

 

That hardware supports the feature. Can you do "show route table FBF"? Probably there are no routes there.

 

[edit]
lab@mxB-2# run show route table FBF

FBF.inet.0: 5 destinations, 5 routes (5 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

1.1.1.0/30 *[Direct/0] 12:30:06
> via ge-1/1/2.0
1.1.1.2/32 *[Local/0] 12:30:06
Local via ge-1/1/2.0
2.2.2.0/30 *[Direct/0] 12:30:06
> via ge-1/1/3.0
2.2.2.2/32 *[Local/0] 12:30:06
Local via ge-1/1/3.0
5.5.5.5/32 *[Static/5] 09:22:49
> to 2.2.2.1 via ge-1/1/3.0

 

 

 

run show interfaces ge-1/1/2 extensive
Physical interface: ge-1/1/2, Enabled, Physical link is Up
Interface index: 166, SNMP ifIndex: 529, Generation: 169
Link-level type: Ethernet, MTU: 1514, Speed: 1000mbps, BPDU Error: None,
MAC-REWRITE Error: None, Loopback: Disabled, Source filtering: Disabled,
Flow control: Enabled, Auto-negotiation: Enabled, Remote fault: Online
Device flags : Present Running
Interface flags: SNMP-Traps Internal: 0x0
Link flags : None
CoS queues : 8 supported, 8 maximum usable queues
Hold-times : Up 0 ms, Down 0 ms
Current address: 5c:5e:ab:09:1b:7a, Hardware address: 5c:5e:ab:09:1b:7a
Last flapped : 2013-02-17 10:57:23 UTC (1w5d 22:52 ago)
Statistics last cleared: 2013-03-02 01:16:12 UTC (08:33:27 ago)
Traffic statistics:
Input bytes : 215626 0 bps
Output bytes : 208965 0 bps
Input packets: 3185 0 pps
Output packets: 3184 0 pps
IPv6 transit statistics:
Input bytes : 0
Output bytes : 0
Input packets: 0
Output packets: 0
Dropped traffic statistics due to STP State:
Input bytes : 0
Output bytes : 0
Input packets: 0
Output packets: 0
Input errors:
Errors: 0, Drops: 0, Framing errors: 0, Runts: 0, Policed discards: 0,
L3 incompletes: 0, L2 channel errors: 0, L2 mismatch timeouts: 0,
FIFO errors: 0, Resource errors: 0
Output errors:
Carrier transitions: 0, Errors: 0, Drops: 0, Collisions: 0, Aged packets: 0,
FIFO errors: 0, HS link CRC errors: 0, MTU errors: 0, Resource errors: 0
Egress queues: 8 supported, 4 in use
Queue counters: Queued packets Transmitted packets Dropped packets
0 best-effort 3184 3184 0
1 expedited-fo 0 0 0
2 assured-forw 0 0 0
3 network-cont 0 0 0
Queue number: Mapped forwarding classes
0 best-effort
1 expedited-forwarding
2 assured-forwarding
3 network-control
Active alarms : None
Active defects : None
MAC statistics: Receive Transmit
Total octets 272564 227423
Total packets 3185 3184
Unicast packets 3168 3173
Broadcast packets 17 11
Multicast packets 0 0
CRC/Align errors 0 0
FIFO errors 0 0
MAC control frames 0 0
MAC pause frames 0 0
Oversized frames 0
Jabber frames 0
Fragment frames 0
VLAN tagged frames 0
Code violations 0
Filter statistics:
Input packet count 3185
Input packet rejects 0
Input DA rejects 0
Input SA rejects 0
Output packet count 3184
Output packet pad count 0
Output packet error count 0
CAM destination filters: 0, CAM source filters: 0
Autonegotiation information:
Negotiation status: Complete
Link partner:
Link mode: Full-duplex, Flow control: Symmetric/Asymmetric,
Remote fault: OK
Local resolution:
Flow control: Symmetric, Remote fault: Link OK
Packet Forwarding Engine configuration:
Destination slot: 1
CoS information:
Direction : Output
CoS transmit queue Bandwidth Buffer Priority Limit
% bps % usec
0 best-effort 95 950000000 95 0 low none
3 network-control 5 50000000 5 0 low none
Interface transmit statistics: Disabled

Logical interface ge-1/1/2.0 (Index 322) (SNMP ifIndex 540) (Generation 589)
Flags: SNMP-Traps 0x0 Encapsulation: ENET2
Traffic statistics:
Input bytes : 215626
Output bytes : 195111
Input packets: 3185
Output packets: 3184
Local statistics:
Input bytes : 142126
Output bytes : 146111
Input packets: 2310
Output packets: 2309
Transit statistics:
Input bytes : 73500 0 bps
Output bytes : 49000 0 bps
Input packets: 875 0 pps
Output packets: 875 0 pps
Protocol inet, MTU: 1500, Generation: 1176, Route table: 0
Flags: Sendbcast-pkt-to-re, Is-Primary, DCU, SCU-in, SCU-out
Packets Bytes
Destination class (packet-per-second) (bits-per-second)

rehan-des 0 0
( 0) ( 0)
Packets Bytes
Source class (packet-per-second) (bits-per-second)

rehan 0 0
( 0) ( 0)
Addresses, Flags: Is-Default Is-Preferred Is-Primary
Destination: 1.1.1.0/30, Local: 1.1.1.2, Broadcast: 1.1.1.3,
Generation: 891
Protocol multiservice, MTU: Unlimited, Generation: 1177, Route table: 0
Flags: Is-Primary
Policer: Input: __default_arp_policer__

 

R1 -----R2

 

on R1 i have two logocal systems  and on R1 i configured FBF+destination-class

 

R1 config

-------------

 

show
## Last changed: 2013-03-02 01:47:07 UTC
version 11.2R4.3;
system {
root-authentication {
encrypted-password "$1$ogXOqLRX$bQ7gKAZvvzXRmcdy8hGit."; ## SECRET-DATA
}
syslog {
user * {
any emergency;
}
file messages {
any notice;
authorization info;
}
file interactive-commands {
interactive-commands any;
}
}
}
logical-systems {
R1 {
interfaces {
ge-1/1/3 {
unit 0;
}
lo0 {
unit 0 {
family inet {
address 5.5.5.5/32;
}
}
}
}
routing-options {
static {
route 0.0.0.0/0 next-hop 2.2.2.2;
}
}
}
}
interfaces {
ge-1/1/2 {
unit 0 {
family inet {
address 1.1.1.1/30;
}
}
}
ge-1/1/3 {
unit 0 {
family inet {
address 2.2.2.1/30;
}
}
}
lo0 {
unit 1 {
family inet {
address 10.0.0.1/32;
}
}
}
}
routing-options {
static {
route 10.0.0.0/8 receive;
route 0.0.0.0/0 next-hop 1.1.1.2;
}
autonomous-system 1;
}
protocols {
bgp {
group ebgp {
type external;
export advertise;
peer-as 2;
neighbor 1.1.1.2;
}
}
}
policy-options {
policy-statement advertise {
term 1 {
from {
route-filter 10.0.0.0/8 exact;
}
then {
community add test;
accept;
}
}
}
community test members 1:1;
}

 

Regards

 

Rehan

I am missing quite a few information:

 

- A topology diagram explaining where the interfaces (ge-1/1/2, ge-1/1/3, etc...) are connected

- A description of the test you are performing (where is traffic coming from and where is it going? what is the source and destination IP address of the packets?)

- "show route" of the source and destination

- etc...

 

Please don't paste long output and config, and select what's really useful.

 

Some tips.

 

You can use counters like this:

 

set firewall family inet filter rehan term 1 then count myClass

 

And you can check them with operational command: show firewall

 

You can also apply a filter to the routing-instance and count there (apply the filter under [edit routing-instances FBF forwarding-options family inet filter...]).

Hi Amonge,

 

the issue has been resolved & things are now working for me , i just change the direction of filter under forwarding-options from output to input & now things are working,

 

I just followed 

 

http://www.juniper.net/techpubs/en_US/junos10.0/information-products/topic-collections/config-guide-services/id-10058055.html#id-10058055

 

& solve the issue,

 

any way thanks for your help , i find some thing new definetly i will post

 

Thanks

 

Regards

 

Muhammad Rehan

 

I see. Maybe the key is source-class vs destination-class.

Yes,

 

I just change the direction of filter & it works for me...but thanks bro for guiding me towards the Juniper new one day book  🙂 , it really helps me.

 

Thanks

 

Regards

 

Rehan