SRX

last person joined: 21 hours ago 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.

  • 1.  Route leaking and discard routes

    Posted 06-26-2015 03:02

    Hi

     

    I wan't to isolate a customer setup with some overlapping IP's in a virtual router on a SRX3600, and it seem as I have two options, either connect the VR with a logical tunnel, or leak routes between the two instances.

     

    I have both options working, but to keep policy writing as simple as possible, I would prefeer to just leak routes, so that I can write policies directly to the zones inside the VR.

     

    Most of the routing in my SRX happens in inet.0, where I have a default route.

     

    So my initial thought was to just leak the default route from inet.0 into the VR, expecting the SRX to the look for more specifics in inet.0, but this didn't happen, instead all traffic from the VR was just send directly to the next hop of the default route.

     

    I can live with this, but.. The SRX is also originating some prefixes, from some static discard routes, when I leak these routes into the VR, traffic from the VR to these prefixes are just dropped inside the VR.

     

    Is there any way around this behaviour?

     

    /Ralf



  • 2.  RE: Route leaking and discard routes
    Best Answer

     
    Posted 06-26-2015 03:10

    Hello ,

     

    1) So my initial thought was to just leak the default route from inet.0 into the VR, expecting the SRX to the look for more specifics in inet.0, but this didn't happen, instead all traffic from the VR was just send directly to the next hop of the default route.

     

    >  Instead of leaking the default route from inet to VR , make sure you also leak specific routes for those subnet prefixes also to VR using policy option and match route terms like " default , static , direct " etc . This will help you to take specifi routes from INET instead of just taking default route .

     

    2)I can live with this, but.. The SRX is also originating some prefixes, from some static discard routes, when I leak these routes into the VR, traffic from the VR to these prefixes are just dropped inside the VR.

     

    Is there any way around this behaviour?

     

    > So here also create policy options to discard rejected routes from  inet to VR using   "except " option . Or put then action as discard / reject  .

     

     

     



  • 3.  RE: Route leaking and discard routes

    Posted 06-26-2015 03:54

    > So here also create policy options to discard rejected routes from  inet to VR using   "except " option . Or put then action as discard / reject  .

     

    I had actually tested that, but but I couldn't make it work, thinking that traffic would just go out the default route, hence my post. Upon checking things again, i found that I forgot to add my new zones the the nat rules that enables me to reach natte'd hosts from the inside.

     

    Thanks

     



  • 4.  RE: Route leaking and discard routes

     
    Posted 06-28-2015 21:59

    Hello ,

     

    Thanks for the update . Glad that the issue was resolved .