SRX Services Gateway
SRX Services Gateway

SRX PBR or FBF

03.29.10   |  
‎03-29-2010 06:19 AM

Hi,

I'm just learning srx and having trouble with filter based forwarding. I found a dozen of article here, but cannot solve my problem.

 

I'm testing a srx-100 (like to replace an ssg-5. I have two untrust interfaces (one of them fixed, one of them is PPPoE - but in my test environment I use one fix IP and a DHCP client). So main config is the following:

fe-0/0/0.0 192.168.11.1/24 - trust

fe-0/0/1.0 dhcp client - untrust

fe-0/0/2.0 89.133.214.27/28 - untrust gateway: 89.133.214.30

 

I'd like to route http/https traffic to fe-0/0/2.0 if

Please help! I also attache the full config.

 

My routing config:

routing-options {
    interface-routes {
        rib-group inet default;
    }
    static {
        rib-group default;
        route 0.0.0.0/0 {
            next-hop 192.168.7.1;                                     I filled this up but this address is provided by dhcp I can't use if as next-hop
            metric 5;
        }
    }
    rib-groups {
        default {
            import-rib [ inet.0 upc.inet.0 ];
        }
    }
}

firewall {
    family inet {
        filter iroda-input {
            term web-traffic {
                from {
                    source-address {
                        192.168.11.0/24;
                    }
                    destination-port [ http https ];
                }
                then {
                    routing-instance upc;
                }
            }
            term default {
                then accept;
            }
        }
    }
}
routing-instances {
    upc {
        instance-type forwarding;
        routing-options {
            static {
                route 0.0.0.0/0 next-hop 89.133.214.30;
            }
        }
    }
}

 

Attachments

4 REPLIES
SRX Services Gateway

Re: SRX PBR or FBF

04.09.10   |  
‎04-09-2010 05:19 AM

please help me!

Highlighted
SRX Services Gateway
Solution
Accepted by topic author BB
‎08-26-2015 01:27 AM

Re: SRX PBR or FBF

04.09.10   |  
‎04-09-2010 05:55 AM

 

You should apply the filter to the interface ( at your case the trust interface )

 

set interfaces  fe-0/0/0 unit 0 family inet  filter    ( your filter name )

 

SRX Services Gateway

Re: SRX PBR or FBF

04.09.10   |  
‎04-09-2010 06:15 AM

Thank you SSHSSH!

I forget it.

Now it works.

My next problem is if I cut the route (unplug the cable) defined by the FBF the packets will be dropped. How can I provide fault tolerance?

 

 

SRX Services Gateway

Re: SRX PBR or FBF

12.07.11   |  
‎12-07-2011 02:49 AM
I found this link:
http://kb.juniper.net/InfoCenter/index?page=content&id=KB15694

Which topic link does SRX FBF belongs to?

Thanks in advance!
Thanks!

Michael
JNCIA-JUNOS, JNCIS-ENT/SEC, JNCIP-ENT
(CCNA, ACMP, ACFE, CISE)
"http://www.thechampioncommunity.com/"
CONNECT EVERYTHING. EMPOWER EVERYONE.
Share & Learn. Knowledge is Power.

"If there's a will, there's a way!"