Routing
Highlighted
Routing

Filter based forwarding

‎01-11-2020 02:17 PM

 

FBF.JPG

Match filters
set firewall family inet filter FBF term t1 from source-address 1.1.1.1/32
set firewall family inet filter FBF term t1 then count vMX2-counter
set firewall family inet filter FBF term t1 then routing-instance vMX2
set firewall family inet filter FBF term t2 from source-address 11.11.11.11/32
set firewall family inet filter FBF term t2 then count vMX3-counter
set firewall family inet filter FBF term t2 then routing-instance vMX3
set firewall family inet filter FBF term t3 then count default
set firewall family inet filter FBF term t3 then accept

Routing-instance
set routing-instances vMX2 instance-type forwarding
set routing-instances vMX2 routing-options static route 0.0.0.0/0 next-hop 172.30.25.2
set routing-instances vMX3 instance-type forwarding
set routing-instances vMX3 routing-options static route 0.0.0.0/0 next-hop 172.30.26.3
Rib-group
set routing-options rib-groups FBF-group import-rib inet.0
set routing-options rib-groups FBF-group import-rib vMX2.inet.0
set routing-options rib-groups FBF-group import-rib vMX3.inet.0
set routing-options interface-routes rib-group inet FBF-group

apply the filter
set interfaces ge-0/0/0 unit 0 family inet filter input FBF
set interfaces ge-0/0/0 unit 0 family inet address 172.30.25.1/28
set interfaces ge-0/0/1 unit 0 family inet filter input FBF
set interfaces ge-0/0/1 unit 0 family inet address 172.30.26.1/28

root@vMX1# run show route 4.4.4.4

vMX2.inet.0: 7 destinations, 7 routes (7 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

0.0.0.0/0          *[Static/5] 01:28:42
                    > to 172.30.25.2 via ge-0/0/0.0

vMX3.inet.0: 7 destinations, 7 routes (7 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

0.0.0.0/0          *[Static/5] 01:28:42
                    > to 172.30.26.3 via ge-0/0/1.0

root@vMX1# run traceroute 4.4.4.4 source 1.1.1.1
traceroute to 4.4.4.4 (4.4.4.4) from 1.1.1.1, 30 hops max, 40 byte packets
traceroute: sendto: No route to host
 1 traceroute: wrote 4.4.4.4 40 chars, ret=-1

I am practising filter based forwarding on vMX. Anyone can help me to figure out why I got No route to host

thanks in advance !!

5 REPLIES 5
Highlighted
Routing

Re: Filter based forwarding

[ Edited ]
‎01-11-2020 04:50 PM

Hi Gingyanu,

Following filter should be applied on the incoming interface of the vMX1. You have applied the filter to the output/core-facing interface.

apply the filter
set interfaces ge-0/0/0 unit 0 family inet filter input FBF
set interfaces ge-0/0/0 unit 0 family inet address 172.30.25.1/28
set interfaces ge-0/0/1 unit 0 family inet filter input FBF
set interfaces ge-0/0/1 unit 0 family inet address 172.30.26.1/28

Example Link: https://www.juniper.net/documentation/en_US/junos/topics/example/filter-based-forwarding-example.htm...

PS: Please accept my response as solution if it solves your query, kuods are appreicate too!

 


Thanks
Vishal

Highlighted
Routing

Re: Filter based forwarding

[ Edited ]
‎01-11-2020 10:32 PM

Hello,

 


@gongyayu wrote:

 

root@vMX1# run show route 4.4.4.4

vMX2.inet.0: 7 destinations, 7 routes (7 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

0.0.0.0/0          *[Static/5] 01:28:42
                    > to 172.30.25.2 via ge-0/0/0.0

vMX3.inet.0: 7 destinations, 7 routes (7 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

0.0.0.0/0          *[Static/5] 01:28:42
                    > to 172.30.26.3 via ge-0/0/1.0

root@vMX1# run traceroute 4.4.4.4 source 1.1.1.1
traceroute to 4.4.4.4 (4.4.4.4) from 1.1.1.1, 30 hops max, 40 byte packets
traceroute: sendto: No route to host
 1 traceroute: wrote 4.4.4.4 40 chars, ret=-1

I am practising filter based forwarding on vMX. Anyone can help me to figure out why I got No route to host

thanks in advance !!


 

Clearly You have no route towards 4.4.4.4 in inet.0 but You are trying to trace using inet.0 (default behaviour).

Additionally, FBF for locally-originated traffic is not supported in JUNOS.

HTH

Thx

Alex

_____________________________________________________________________

Please ask Your Juniper account team about Juniper Professional Services offerings.
Juniper PS can design, test & build the network/part of the network as per Your requirements

+++++++++++++++++++++++++++++++++++++++++++++

Accept as Solution = cool !
Accept as Solution+Kudo = You are a Star !
Highlighted
Routing

Re: Filter based forwarding

‎01-15-2020 05:25 PM

Sorry for the delayed response.  thanks for taking a look at this.

I followed the following 

 [KB23300] Show KB Properties

 [KB17223] Show KB Properties

 

I used to do this on SRX. Right now I can access MX, I tried to test on MX.  

You mean MX does not support this ?

 

Highlighted
Routing
Solution
Accepted by topic author gongyayu
‎01-16-2020 12:11 PM

Re: Filter based forwarding

‎01-15-2020 07:29 PM

Hello,

 

All JUNOS products do NOT support FBF for locally-originated traffic.

This includes SRX, vSRX, MX, vMX, PTX, vPTX, QFX, vQFX, EX, M-series, T-series, J-series, TX, VRR.

HTH

Thx

Alex

 

_____________________________________________________________________

Please ask Your Juniper account team about Juniper Professional Services offerings.
Juniper PS can design, test & build the network/part of the network as per Your requirements

+++++++++++++++++++++++++++++++++++++++++++++

Accept as Solution = cool !
Accept as Solution+Kudo = You are a Star !
Highlighted
Routing

Re: Filter based forwarding

‎01-16-2020 12:12 PM

thanks so much !!

 

I will add to my notes for this.

Feedback