SRX

last person joined: 3 days ago 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.
  • 1.  SRX PBR or FBF

    Posted 03-29-2010 06:20
      |   view attached

    Hi,

    I'm just learning srx and having trouble with filter based forwarding. I found a dozen of article here, but cannot solve my problem.

     

    I'm testing a srx-100 (like to replace an ssg-5. I have two untrust interfaces (one of them fixed, one of them is PPPoE - but in my test environment I use one fix IP and a DHCP client). So main config is the following:

    fe-0/0/0.0 192.168.11.1/24 - trust

    fe-0/0/1.0 dhcp client - untrust

    fe-0/0/2.0 89.133.214.27/28 - untrust gateway: 89.133.214.30

     

    I'd like to route http/https traffic to fe-0/0/2.0 if

    Please help! I also attache the full config.

     

    My routing config:

    routing-options {
        interface-routes {
            rib-group inet default;
        }
        static {
            rib-group default;
            route 0.0.0.0/0 {
                next-hop 192.168.7.1;                                     I filled this up but this address is provided by dhcp I can't use if as next-hop
                metric 5;
            }
        }
        rib-groups {
            default {
                import-rib [ inet.0 upc.inet.0 ];
            }
        }
    }

    firewall {
        family inet {
            filter iroda-input {
                term web-traffic {
                    from {
                        source-address {
                            192.168.11.0/24;
                        }
                        destination-port [ http https ];
                    }
                    then {
                        routing-instance upc;
                    }
                }
                term default {
                    then accept;
                }
            }
        }
    }
    routing-instances {
        upc {
            instance-type forwarding;
            routing-options {
                static {
                    route 0.0.0.0/0 next-hop 89.133.214.30;
                }
            }
        }
    }

     

    Attachment(s)

    txt
    srx100.conf.txt   7 KB 1 version


  • 2.  RE: SRX PBR or FBF

    Posted 04-09-2010 05:19

    please help me!



  • 3.  RE: SRX PBR or FBF
    Best Answer

    Posted 04-09-2010 05:55

     

    You should apply the filter to the interface ( at your case the trust interface )

     

    set interfaces  fe-0/0/0 unit 0 family inet  filter    ( your filter name )

     



  • 4.  RE: SRX PBR or FBF

    Posted 04-09-2010 06:16

    Thank you SSHSSH!

    I forget it.

    Now it works.

    My next problem is if I cut the route (unplug the cable) defined by the FBF the packets will be dropped. How can I provide fault tolerance?

     

     



  • 5.  RE: SRX PBR or FBF

    Posted 12-07-2011 02:49
    I found this link:
    http://kb.juniper.net/InfoCenter/index?page=content&id=KB15694

    Which topic link does SRX FBF belongs to?

    Thanks in advance!