Hello,
currently we do redirect traffic coming from interface xe-0/0/1 to ae1, on which an traffic analyzer sits.
The analyzer forwards any traffic transparently to ae2, which then forwards any packets to the downstream via default route.
Problem is now, that in traceroute the routing-instance on ae2 is visible with its ip-address (10.10.10.1).
We dont want this hop to be visible, how to achieve this?
I tried to inject a static route to downstream(10.10.10.9) into routing-instance "TO-ANALYZER" with the "next-interface ae0" attribute, but the route is not visible in the table (not getting active), I think because the address is not reachable directly on interface ae1, which belongs to this routing-instance..
I think bridge-protocol is also not right, because it would not force the traffic through the external device(analyzer).
Current config(which is working, but shows additional hop in trace):
show int xe-0/0/1
xe-0/0/1 {
unit 0 {
family inet {
filter {
input redirect;
}
}
}
}
show int ae0
ae1 {
description TO-DOWNSTREAM;
unit 0 {
family inet {
address 10.10.10.8/31;
}
}
}
show int ae1
ae1 {
description TO-ANALYZER;
unit 0 {
family inet {
address 10.10.10.0/31;
}
}
}
show int ae2
ae2 {
description FROM-ANALYZER;
unit 0 {
family inet {
address 10.10.10.1/31;
}
}
}
show firewall filter redirect
term redirect {
then {
routing-instance TO-ANALYZER;
}
}
show routing-instances
FROM-ANALYZER {
instance-type virtual-router;
interface ae2.0;
routing-options {
static {
route 0.0.0.0/0 next-hop 10.10.10.9;
}
}
}
TO-ANALYZER {
instance-type virtual-router;
interface ae1.0;
routing-options {
static {
route 0.0.0.0/0 next-hop 10.10.10.1;
}
}
}
Thanks alot for your help beforehand!
kind regards
B. Light