Routing
Blogs
Discussion Forums
Programs & Events
turn on suggestions Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Reply
Topic Options
Dmitriy Shipilov
Visitor
Dmitriy Shipilov
Posts: 8
Registered: ‎09-02-2010
0

Source-based routing filter on EX-3200

[ Edited ]
Options

‎05-12-2012 03:07 AM - edited ‎05-12-2012 04:41 AM

Sorry for my english.

Juniper EX-3200, JunOS 10.2R1.8.

 

I try to use input filer for source-ip based routing. I need to send all traffic from ip 10.249.222.6 to OUT_IF1, and traffic from another ips to OUT_IF2.

 

OUT_IF1 - "routing-instance probrosi_routes_table1 static routing-options static "

OUT_IF2 - "routing-options static"

 

Here is firewall configuration:

 

firewall {
    family inet {
         filter probrosi_routes1 {
             term match {
                 from {
                     source-address {
                         10.249.222.6/32;
                 }
             }
             then {
                 routing-instance probrosi_routes_table1;
             }
         }
         term default {
             then accept;
         }
     }

 

There is routing instances:

 

routing-instances {
    probrosi_routes_table1 {
         instance-type forwarding;
         routing-options {
             static {
                 route 0.0.0.0/0 next-hop 10.248.254.10;
         }
     }

 

routing-options {
    interface-routes {
        rib-group inet all-ribs;
    }
    rib-groups {
        all-ribs {

           import-rib [ inet.0 probrosi_routing_table1.inet.0 ];

        }
    }

 

Then I apply this filter to my L3-vlan-inaterface:

 

# show vlans:

 

vlan222 {
     vlan-id 222;
     interface {
         ge-0/0/4.0;
         ge-0/0/16.0;
         ae0.0;
     }
     l3-interface vlan.10;
}

 

# show interfaces vlan:

 

unit 10 {
     family inet {
         filter {
             input probrosi_routes1;
         }
         address 10.249.222.254/24;
     }

 

When I use IP 10.249.222.1/24 (for example) and gw 10.249.222.254, JunOS filter works fine and sends my traffic to "default" term. PING is good from 10.249.222.1 to 10.249.222.254.

 

But when I use IP 10.249.222.6,  filter works like "discard", PING is fail from 10.249.222.6 to 10.249.222.254 :smileysad:

 

How can I view firewall logs?

Thanks. 

Message 1 of 2 (310 Views)
 
Reply
Trusted Expert
Trusted Expert
Kashif-rana
Posts: 416
Registered: ‎01-29-2008
0

Re: Source-based routing filter on EX-3200

Options

‎05-14-2012 10:18 AM

Hi

 

Modify your filter as below.

 

root@EX4200# show firewall
family inet {
    filter probrosi_routes1 {
        term gateway {
            from {
                destination-address {
                    10.249.222.254/32;
                }
            }
            then accept;
        }
        term match {
            from {
                source-address {
                    10.249.222.6/32;
                }
            }
            then {
                routing-instance probrosi_routes_table1;
            }
        }
        term default {
            then accept;
        }
    }
}

 

HTH

Kashif Rana
00971555962393
JNCIE-SP#1428,JNCIE-SEC#55,JNCIP(SP,ENT,SEC),JNCIS(FWV,SSL),JNCIA(IDP,AC,WX),BIG IP-F5-LTM, CCNP
----------------------------------------------------------------------------------------------------------------------------------------

If this post was helpful, please mark this post as an "Accepted Solution".Kudos are always appreciated!
Message 2 of 2 (282 Views)
 
Reply
Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.