SRX

last person joined: 4 days ago 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.

  • 1.  SRX Filter-Based Forwarding not importing routes

    Posted 07-03-2012 03:27

    I have just set up FBF on an SRX cluster (Junos 11.2) but am not seeing imported routes from the default routing instance.  I would have thought that the following configuration would do it - what have I missed?

     

    robert@CLFR1-FR3-FWEXT> show configuration routing-instances CACHE-GUEST
    instance-type virtual-router;
    interface reth1.1601;
    routing-options {
    interface-routes {
    rib-group inet RIB-GUEST;
    }
    static {
    route 0.0.0.0/0 next-hop 10.240.10.174;
    route 10.166.0.0/15 next-hop 10.240.116.46;
    }
    instance-import Global-to-CACHE-GUEST-route-import;
    }

    {primary:node0}
    robert@CLFR1-FR3-FWEXT> show configuration policy-options policy-statement Global-to-CACHE-GUEST-route-import
    term all {
    then accept;
    }

    {primary:node0}
    robert@CLFR1-FR3-FWEXT> show configuration interfaces reth1.1601
    description "Guest Bluecoat inside interface";
    vlan-id 1601;
    family inet {
    address 10.240.10.169/29;
    }

     

    family inet {
    filter CACHE-GUEST-filter {
    term proxied-local-networks {
    from {
    destination-prefix-list {
    Proxied-local-networks;
    }
    }
    }
    term bypass-proxies {
    from {
    destination-prefix-list {
    Proxy-bypassed-networks;
    }
    }
    then accept;
    }
    term filter-http-ssl {
    from {
    protocol tcp;
    destination-port [ 80 443 ];
    }
    then {
    routing-instance CACHE-GUEST;
    }
    }
    term standard-forwarding {
    then accept;
    }
    }
    }

     

    However, the routing table CACHE-GUEST.inet.0 does not contain routes from the default instance:

     

    robert@CLFR1-FR3-FWEXT> show route table CACHE-GUEST

    CACHE-GUEST.inet.0: 3 destinations, 3 routes (3 active, 0 holddown, 0 hidden)
    + = Active Route, - = Last Active, * = Both

    0.0.0.0/0 *[Static/5] 03:01:15
    > to 10.240.10.174 via reth1.1601
    10.240.10.168/29 *[Direct/0] 03:01:15
    > via reth1.1601
    10.240.10.169/32 *[Local/0] 03:01:15
    Local via reth1.1601

     

    When I do this on an EX switch, importing routess from a VRF into CACHE-GUEST, the CACHE-GUEST route table shows routes from the imported VRF.

     

    What have I missed - or what is the correct approach?

     

     



  • 2.  RE: SRX Filter-Based Forwarding not importing routes
    Best Answer

     
    Posted 07-03-2012 05:22

    hi paganeno,

     

    your config is not full (RIB-GUEST definition?) and not easy to follow - please use 'Insert Code' if possible.

     

    It would be good to compare EX config to SRX. In case of EX you import routes from VRF to another VRF, here you want to import routes from default (master) instance,  right ?

     

    Please change the Global-to-CACHE-GUEST-route-import policy as below and test:


    admin@srx240b# show policy-options 
policy-statement All-From-Default {
    term all {
        from instance master;
        then accept;
    }
}

     

    If it does not help, show us what routes are missing (both tables).

    jtb



  • 3.  RE: SRX Filter-Based Forwarding not importing routes

    Posted 07-03-2012 05:53

    Hi jtb

     

    Thanks so much - it was the missing "from instance master" that fixed it.  I had looked at trying to configure this but was not aware of the "master" keyword.

     

    Regards