Routing

Hi all,

we use multiple EX3400 for VLAN switching. We have configured firewall filters to forward the internet traffic of some VLANs to a transparent Squid proxy. This has worked very well for Junos 15.1X53.

However since an update to Junos 18.x (which is now one of the recommended JTAC versions [1]; 15.1X53 will go EOE mid next year [2]) instance-type fowarding doesn't work (ie. doesn't exist!) anymore as documented in [3]. In fact, the relevant routing-instance has been silently removed during upgrade. Is there a "new" way of configuring this feature? Does anybody else have this problem?

Another site [4] mentions instance-type virtual-router which requires an additional license. We tried to contact the Juniper support but apparently, we don't have a contract so we were sent to this forum.

Thanks for your help,

Jonas

1: https://kb.juniper.net/InfoCenter/index?page=content&id=KB21476
2: https://support.juniper.net/support/eol/software/junos/#6

3: https://www.juniper.net/documentation/en_US/junos/topics/example/firewall-filter-option-filter-based-forwarding-example.html

4: https://www.juniper.net/documentation/en_US/junos/topics/example/filter-based-forwarding-with-firewall-filter-ex-series.html

So we went back to 15.1X53-D59.4 and "instance-type forwarding" came back and works as expected.

Bonus: "targeted-broadcast" started to work. This was broken in older versions of 15.1 [1] and didn't work for us in 18.x even though the changelog mentions quite some fixes in that area. Not many good things I can say about 18.x...

1: https://forums.juniper.net/t5/Routing/Wake-on-LAN-accross-VLANs-with-targeted-broadcast/m-p/302813

I can tell that the lack of filter-based forwarding in 18.x for EX3400 is an error which will be corrected. I cannot tell anything about the timeline.

Thanks for sharing this information! Let's hope that this gets fixed before 15.1 goes EOE.

Filter based forwarding is now available in 18.1R3-S2 which has just been released.

It will also be fixed in 18.2R2 and 18.3R2. From 18.4 it's present from R1.

The specific PR: https://prsearch.juniper.net/InfoCenter/index?page=prcontent&id=PR1400163

(sorry for bumping this thread, let me know if I should rather start a new one)

We tried installing the latest 18.1R3-S4, but received the following error message when the install package tried to verify the configuration:
syntax error, expecting <data> at forwarding

pointing to the line that configures instance-type forwarding;

Can anyone confirm that FBF is working with the SRs of 18.1R3? In retroperspective it might just be that the check is broken because PR1400163 explicitly mentions that the issue has been resolved in 18.1R3-S2.

I can confirm it is working in 18.2R2. With some caveats (suposedly resolved in 19.1), but it is there.

Regards,

Pawel Mazurkiewicz

I can now also confirm that it's working in 18.1R3-S4: We removed the "offending" statement setting the instance-type prior to the update (to make the validation suceed) and added it back afterwards. Looks like the configuration validator is just broken, we also saw the same message about "syntax error, expecting <data> at forwarding" when trying 18.2R2...