Filter-based forwarding - routing to local/direct networks not working

View Only

last person joined: 4 days ago

Ask questions and share experiences about ACX Series, CTP Series, MX Series, PTX Series, SSR Series, JRR Series, and all things routing, including portfolios and protocols.

Back to discussions

Expand all | Collapse all

Filter-based forwarding - routing to local/direct networks not working

Jump to Best Answer

Erdem12-14-2017 05:42

Hi, I’m trying to setup FBF on ex4200 STACK. I was able to do the FBF and my Internet traffic is ...

aarseniev12-14-2017 06:20Best Answer

Hello, Leaking direct routes via RIB groups is not supported on EX platform https://kb.juniper.net/InfoCenter/index?page=content&id=KB23027 ...

1. Filter-based forwarding - routing to local/direct networks not working

0 Recommend
Erdem
Posted 12-14-2017 05:42
| view attached

Reply Reply Privately
Hi,

I’m trying to setup FBF on ex4200 STACK. I was able to do the FBF and my Internet traffic is going to right direction, BUT now I can’t access my local/direct networks (Ex. Server 192.168.7.15) defined on this STACK from this machine (192.168.6.99) .

See attached simple topology !

Here is part my config (I’m using only static routes if it matters) :

vlan {

        unit 6 {

            family inet {

                filter {

                  input classify-VLANs;

                }

                address 192.168.6.202/24;

            }

        }

        unit 7 {

            family inet {

                address 192.168.7.202/24;

            }

        }

        unit 11 {

            family inet {

                address 192.168.11.1/24;

            }

        }

…….

routing-options {

    interface-routes {

        rib-group inet FBF-rib;

    }

    static {

        route 0.0.0.0/0 {

            next-hop 192.168.99.1;

            preference 60;

        }

    rib-groups {

        FBF-rib {

            import-rib [ inet.0 VLAN6-route-table.inet.0 ];

        }

    }

………

firewall {

    family inet {

        filter classify-VLANs {

            term VLAN-6-net {

                from {

                    source-address {

                        192.168.6.99/32;

                    }

                }

                then {

                    routing-instance VLAN6-route-table;

                }

            }

            term default {

                then accept;

            }

        }

    }

…………………..

routing-instances {

    VLAN6-route-table {

        instance-type forwarding;

        routing-options {

            static {

                route 0.0.0.0/0 {

                    next-hop 192.168.99.10;

                }

            }

        }

    }

Here is my forwarding table :

root@JSTACK> show route forwarding-table family inet

………………….

Routing table: VLAN6-route-table.inet

Internet:

Destination        Type RtRef Next hop           Type Index NhRef Netif

default            user     0 f4:6d:4:ac:69:70   ucst 1989     3 vlan.99

default            perm     0                    rjct 1997     1

0.0.0.0/32         perm     0                    dscd 1995     1

172.16.30.0/24     user     0                    rtbl     1    14

172.16.30.1/32     user     0 172.16.30.1        locl 1388     3

172.16.201.0/24    user     0                    rtbl     1    14

172.16.201.1/32    user     0 172.16.201.1       locl 1392     3

192.168.6.0/24     user     0                    rtbl     1    14

192.168.6.202/32   user     0 192.168.6.202      locl 1352     3

192.168.7.0/24     user     0                    rtbl     1    14

192.168.7.202/32   user     0 192.168.7.202      locl 1356     3

192.168.11.0/24    user     0                    rtbl     1    14

192.168.11.1/32    user     0 192.168.11.1       locl 1360     3

192.168.12.0/24    user     0                    rtbl     1    14

192.168.12.1/32    user     0 192.168.12.1       locl 1364     3

192.168.13.0/24    user     0                    rtbl     1    14

192.168.13.1/32    user     0 192.168.13.1       locl 1368     3

192.168.16.0/24    user     0                    rtbl     1    14

192.168.16.1/32    user     0 192.168.16.1       locl 1396     3

192.168.77.0/24    user     0                    rtbl     1    14

192.168.77.1/32    user     0 192.168.77.1       locl 1372     3

192.168.79.0/24    user     0                    rtbl     1    14

192.168.79.1/32    user     0 192.168.79.1       locl 1376     3

192.168.99.0/24    user     0                    rtbl     1    14

192.168.99.2/32    user     0 192.168.99.2       locl 1380     3

192.168.123.0/24   user     0                    rtbl     1    14

192.168.123.1/32 user     0 192.168.123.1      locl 1384     3

192.168.199.0/24   user     0                    rtbl     1    14

192.168.199.2/32   user     0 192.168.199.2      locl 2034     3

224.0.0.0/4        perm     0                    mdsc 1996     1

224.0.0.1/32       perm     0 224.0.0.1          mcst 1540     1

255.255.255.255/32 perm     0                    bcst 1992     1

root@JSTACK> show route table VLAN6-route-table.inet.0

0.0.0.0/0          *[Static/5] 3w2d 23:14:14

                    > to 192.168.99.10 via vlan.99

172.16.30.0/24     *[Direct/0] 8w3d 00:05:28

                    > via vlan.124

172.16.30.1/32     *[Local/0] 8w3d 00:05:28

                      Local via vlan.124

172.16.201.0/24    *[Direct/0] 8w3d 00:05:28

                    > via vlan.125

172.16.201.1/32    *[Local/0] 8w3d 00:05:28

                      Local via vlan.125

192.168.6.0/24     *[Direct/0] 8w3d 00:05:28

                    > via vlan.6

192.168.6.202/32   *[Local/0] 8w3d 00:05:28

                      Local via vlan.6

192.168.7.0/24     *[Direct/0] 8w3d 00:05:28

                    > via vlan.7

192.168.7.202/32   *[Local/0] 8w3d 00:05:28

                      Local via vlan.7

192.168.11.0/24    *[Direct/0] 8w3d 00:05:28

                    > via vlan.11

192.168.11.1/32    *[Local/0] 8w3d 00:05:28

                      Local via vlan.11

192.168.12.0/24    *[Direct/0] 8w3d 00:05:28

                    > via vlan.12

192.168.12.1/32    *[Local/0] 8w3d 00:05:28

                      Local via vlan.12

192.168.13.0/24    *[Direct/0] 8w3d 00:05:28

                    > via vlan.13

192.168.13.1/32    *[Local/0] 8w3d 00:05:28

                      Local via vlan.13

192.168.16.0/24    *[Direct/0] 8w3d 00:05:28

                    > via vlan.2016

192.168.16.1/32    *[Local/0] 8w3d 00:05:28

                      Local via vlan.2016

192.168.77.0/24    *[Direct/0] 8w3d 00:05:28

                    > via vlan.77

192.168.77.1/32    *[Local/0] 8w3d 00:05:28

                      Local via vlan.77

192.168.79.0/24    *[Direct/0] 8w3d 00:05:28

                    > via vlan.79

192.168.79.1/32    *[Local/0] 8w3d 00:05:28

                      Local via vlan.79

192.168.99.0/24    *[Direct/0] 8w3d 00:05:28

                    > via vlan.99

192.168.99.2/32    *[Local/0] 8w3d 00:05:28

                     Local via vlan.99

192.168.123.0/24   *[Direct/0] 8w3d 00:05:28

                    > via vlan.123

192.168.123.1/32   *[Local/0] 8w3d 00:05:28

                      Local via vlan.123

192.168.199.0/24   *[Direct/0] 8w3d 00:05:28

                    > via vlan.2017

192.168.199.2/32   *[Local/0] 8w3d 00:05:28

                      Local via vlan.2017
2. RE: Filter-based forwarding - routing to local/direct networks not working
Best Answer

0 Recommend
aarseniev
Posted 12-14-2017 06:20

Reply Reply Privately
Hello,

Leaking direct routes via RIB groups is not supported on EX platform

https://kb.juniper.net/InfoCenter/index?page=content&id=KB23027

HTH

Thx

Alex

Routing

Filter-based forwarding - routing to local/direct networks not working

Erdem12-14-2017 05:42

aarseniev12-14-2017 06:20Best Answer

1. Filter-based forwarding - routing to local/direct networks not working

2. RE: Filter-based forwarding - routing to local/direct networks not working Best Answer

2. RE: Filter-based forwarding - routing to local/direct networks not working
Best Answer