Filter-Based Forwarding Question

‎09-07-2014 11:02 AM

Hello Experts,


Check the following scenario.


Juniper EX Core Switch running eBGP with 2 different ISPs.

We want to use one of them as the primary for every network subnet we have but one.


I have modified the required BGP Attributes for inbound traffic.


The problem as you might already know is what happens with outbound traffic.


With Cisco we have PBR where we can determine if traffic comes from this subnet send it over here.


With Juniper we have the prefix-based filtering that works a little bit different as you might be forced to create routing-instances.


In the EX this is a must and I have the following question


What if we set each ISP interface to be in a different routing-instance, and then enable eBGP on them?

Then I go further and configure a prefix filter that says whenever you have a packet comming from x.x.x.x send it to the routing instance A. For the rest of the traffic send it to B.


Is that gonna work as I want? and more important what if the link to ISP one fails? Will the traffic fail over to B?


I hope I was clear.





Re: Filter-Based Forwarding Question

‎09-07-2014 11:50 AM

I think it would, or could, be a little more simple than you descrbe, using a 'forwarding' routing instance type.  Those types of routing instance aren't assocaited with interfaces per se, they simply represent a separate routing table that you can direct selected traffic to use if you like.


So provided what you describe, you'd create one forwarding type routing instance, and create a input filter tha directs the special subnet to that routing instnace (while simply accepting all other traffic, this will send it to the 'default' routing table).  And in this special routing instance you'd generally create a static default route to send the traffic to the otherwise unsued ISP, and you could also have a 'floating' default route with a worse metric that could take over if the primary route goes away.  A tricky bit here is how the first default route would go away, if the ISP fails in a way that an interface doesn't go down, that route might not be withdrawn even though the ISP link is 'down', this might require a bit of thought.  Also keep in mind to create a RIB route to make sure the forwarding routing instance has access to all DIRECT typre routes.


Here is an example that demonstrates some of the concepts:


Re: Filter-Based Forwarding Question

‎09-07-2014 01:13 PM



Thanks for the great answer but remember that I would be using BGP.


I do not care if using the static route in the instance for the source traffic to be filtered.


It would be the same thing right


Re: Filter-Based Forwarding Question

‎09-07-2014 02:07 PM

As I see it there are a few things you need in the forwarind routing instance, you need the two ISP routes for failover, and you need to make sure the one you want to be preferences is preferenced.  Forwarding routing instances can't use routing protocols themselves, but you can create static routes, and I think you can also feed routes into it using 'instance-import'.


I'm presuming that you are getting default routes from your ISPs.  My concern with using static routes in the forwarding routing instance is that an ISP router might have a problem and the BGP peer goes down and the route is withdrawn, yet the local l3 interface stays up, so the static route isn't removed from the routing instance and as such you don't have proper failover.


I *think* you could use a policy map and instance-import to import the BGP defualt routes into the forwarding routing instance and preference them so you one you want to be primary is.  And that way if one of the ISPs drops, you can be sure the route will be withdrawn, and the 'backup' route used.  I've never used that technique myself, but I don't really see why it won't work.  Make sure that the next hop on the defaut routes is resolvable by the forwarding routing instance table, it should be if you use a rib to import interface routes.