SRX

Hi there, i would like to ask.

Since SRX able to make Policy Based Routing (they call it as Forwarding Based Filter), it is able to forward traffic through routing table that has be set up at routing-instance forwarding type. My question is, how to check the validity of the routing table for this type of routing-instance? For instance that i have virtual-router, i can simply to check the route by.

show route table 8.8.8.8

And for further troubleshooting, using virtual-router at the routing-instance able to track the problem by using traceoption on this hierarchy.

set security flow traceoptions

Is there any idea how to troubleshoot when applying forwarding routing-instance on filter on this hierarchy?

set firewall filter

Can you be a little bit more clear on exactly what you want to troubleshoot at the RI level? You can apply traceoptions within the RI at the available levels like would in the master instance. Not all configurations are available in the forwarding type RI. So if you have configured BGP, OSPF, etc in the RI, you can set traceoptions for those protocols. Now you could not configure traceoptions on an intereface level because you cannot place interfaces in the forwarding type RI. So thats why if you can clarify what you are looking to debug in the specific RI, that would help immensely.

Ok thanks, i took it. Actually when i apply those RI of forwarding type using rib-group. The routing-table shown well on

show route 8.8.8.8

I wish i able to trace the packet flow since i use the filter on this hierarchy.

set firewall family inet filter

Then i set it into this hierarchy (for instance)

set interface reth0 unit 20 family inet filter

SInce the FBF would modify route using those RI, i want to track of which the route would take when the packet is sent.