SRX Services Gateway
SRX Services Gateway

SRX210 with Dual ISP

09.19.09   |  
‎09-19-2009 01:35 PM

hi,


how can i make this to work ? 

client1 lan  -> isp1

client2 lan -> isp2

 

i have set the following :

set routing-options static route 0.0.0.0/0 next-hop isp1

set routing-options static route 0.0.0.0/0 next-hop isp2

 

then i have tried with snat rules, but but clients goes or isp1 or isp2 .....

 

please help.... 

6 REPLIES
SRX Services Gateway

Re: SRX210 with Dual ISP

09.19.09   |  
‎09-19-2009 04:18 PM

the easiest method would probably be by using virtual routers inside the SRX.

 

since its the SRX, you will also have to create some zones for each VR (I dont believe zones can transcend VR's ie zone 'trust' cant have interfaces in two different virtual routers I dont think)

 

and then in each routing instance at your static default route to the required next-hop

SRX Services Gateway

Re: SRX210 with Dual ISP

09.20.09   |  
‎09-20-2009 12:48 AM

thanks,

 

i haved tried to set up virutal routers, but with no result. (i wasn`t able....)

 

could anyone please provide a sample of routing instances, virtual routers ? 

 

i`m a junos newbee ... 

SRX Services Gateway

Re: SRX210 with Dual ISP

01.03.10   |  
‎01-03-2010 11:37 PM

Using Filter Based Forwading the same name Policy based routing (screenOS).

SRX Services Gateway

Re: SRX210 with Dual ISP

01.04.10   |  
‎01-04-2010 12:33 AM

You can't have two active 0.0.0.0/0 routes in same routing instance.

 

I solved exact same problem with this:

 

http://forums.juniper.net/t5/SRX-Services-Gateway/Policy-based-routing-and-source-routing-on-srx210/...

SRX Services Gateway

Re: SRX210 with Dual ISP

01.04.10   |  
‎01-04-2010 07:36 PM

Look at KB 15545

Highlighted
SRX Services Gateway

Re: SRX210 with Dual ISP

01.08.10   |  
‎01-08-2010 06:50 AM

you can create two routing instances

 

###  Routing Instances ###

routing-instances {
    Instance-ISP1 {
        routing-options {
            static {
                route 0.0.0.0/0 next-hop <ISP1_router_IP>;
            }
        }
    }

 

routing-instances {
    Instance-ISP2 {
        routing-options {
            static {

                route 0.0.0.0/0 next-hop <ISP2_router_IP>;
            }
        }
    }

 

### Firewall Filters ###

 

firewall {
    family inet {
        filter ISP-Filter {
            term TO-ISP1 {
                from {
                    source-address {
                        <client1_IP_Address/32>;
                    }
                }
                then {
                    routing-instance Instance-ISP1;
                }
            }           

 

 

           term TO-ISP2 {
                from {
                    source-address {
                        <client2_IP_Address/32>;
                    }
                }
                then {
                    routing-instance Instance-ISP2;
                }
            }

 

term default {
                then accept;
            }

     }

}

 

### Apply the filter to the LAN interface, Supose that the LAN interface is the ge-0/0/0 ###

 

 

ge-0/0/0 {
        unit 0 {
            family inet {
                filter {
                    input ISP-Filter;
                         }
                address <interface_IP_Address/24>;
            }
        }
    }

 

### import all rib ###

 

routing-options {
    interface-routes {
        rib-group inet default;
    }
    rib-groups {
        default {
            import-rib [ inet.0 Instance-ISP1.inet.0 Instance-ISP2.inet.0 ];
        }
    }

}

 

#####################

 

It should work!

LT