Routing

last person joined: 3 days ago 

Ask questions and share experiences about ACX Series, CTP Series, MX Series, PTX Series, SSR Series, JRR Series, and all things routing, including portfolios and protocols.

  • 1.  PBR on returned CGNAT traffic

    Posted 05-07-2013 19:59

    I have a MX480 with MX-DPC doing CGNAT. I'm Planning to use next-hop style service set.

     

    Sub facing Interface: GE1/0/0

    Core facing interface: GE 2/0/0

     

    inside-service-interface :sp-4/0/0.10

    inside-service-interface: sp-4/0/0.20;

     

    I'll also create a VRF called CGNAT with the inside interface and sub facing interface:

     

    user@router> show configuration routing-instances
    vrf-private {
    instance-type vrf;
    interface sp-4/0/0.10;
    interface ge-1/0/0
    routing-options {
    static {
    route 0.0.0.0/0 {
    next-hop [ sp-4/0/0.10 ];
    preference 0;
    }
    }
    }
    }

     

    I have no issue with the outbound traffic from sub to internet.

    But i need to performer some police based routing(PBR) after return traffic passed MS-DPC( translated to private destination address.)

    let's say, i want return traffic be redirected to next-hop X instead of following routing table decision.

     

    Is there a way to do this?Thanks.

     

     

     

     

     



  • 2.  RE: PBR on returned CGNAT traffic
    Best Answer

    Posted 05-08-2013 01:44

    Hello,

    Use Forwarding Table Filter in vrf-private, something like this:

     

    [edit firewall family inet]
+     filter Return-CGNAT-tfc {
+         term 1 {
+             from {
+                 destination-address {
+                     10.0.0.0/8;
+                     172.16.0.0/12;
+                     100.64.0.0/10;
+                     192.168.0.0/16;
+                 }
+                 interface sp-4/0/0.10;
+             }
+             then {
+                 routing-instance BLAH;
+             }
+         }
+         term 2 {
+             then accept;
+         }
+     }
[edit routing-instances]
+   BLAH {
+       instance-type forwarding;
+       routing-options {
+           static {
+               route 0.0.0.0/0 next-hop X;
+           }
+       }
+   }
[edit routing-instances vrf-private]
+    forwarding-options {               
+        family inet {
+            filter {
+                input Return-CGNAT-tfc;
+            }
+        }
+    }

     Also, You need to add rib-groups to leak connected routes from whatever instance Your nexthop X is in, into forwarding instance BLAH. There is plenty of RIB group examples on the net and on this forum.

    HTH

    Thanks

    Alex



  • 3.  RE: PBR on returned CGNAT traffic

    Posted 05-08-2013 18:56

    Thanks Alex.

    This config works.