Routing
Reply
Trusted Contributor
jozef.klacko
Posts: 142
Registered: ‎07-19-2010
0

default route plus honeypot

Hi,

 

I have an idea. We have branch SRX 650 with full internet route table.. more than 350000 routes. There is on default route. But in case of I want to setup default route pointing to the ebgp peer and of course do not readvertise it back. This should not be a problem. But I want to port mirror packets that are not matched against bgp "received" routes and are matched against this default route. There is an EX 4200 in front of SRX. SRX is configured as stateless. Does anybody have any idea how to achieve this?

 

Jozef

Trusted Contributor
acecanal
Posts: 149
Registered: ‎07-05-2011
0

Re: default route plus honeypot

 

Maybe you could use virtual routers, but are going to need a tunnel interface.

 

Create a routing-instance VR, type virtual router.

Create a default static route with next-table option, pointing to the new VR.inet.0 table.

On that VR, create a tunnel interface between VR and the inet.0 table.

Create default route from VR to tunnel interface.

Apply monitor to tunnel interface.

 

This way monitor would capture only packets forwarded by this default route and VR.

 

 

Br
Alex

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

If you want to say thanks, the word is Kudos!!.

Thx.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

JNCIA-JUNOS, JNCIS-ENT, JNCIS-SP, JNCIP-SP.
CCNA, CCNP, Written CCIE.
Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.