Routing

Expand all | Collapse all

Filter based forwarding

Jump to Best Answer
  • 1.  Filter based forwarding

    Posted 01-11-2020 14:17

     

    FBF.JPG

    Match filters
    set firewall family inet filter FBF term t1 from source-address 1.1.1.1/32
    set firewall family inet filter FBF term t1 then count vMX2-counter
    set firewall family inet filter FBF term t1 then routing-instance vMX2
    set firewall family inet filter FBF term t2 from source-address 11.11.11.11/32
    set firewall family inet filter FBF term t2 then count vMX3-counter
    set firewall family inet filter FBF term t2 then routing-instance vMX3
    set firewall family inet filter FBF term t3 then count default
    set firewall family inet filter FBF term t3 then accept
    
    Routing-instance
    set routing-instances vMX2 instance-type forwarding
    set routing-instances vMX2 routing-options static route 0.0.0.0/0 next-hop 172.30.25.2
    set routing-instances vMX3 instance-type forwarding
    set routing-instances vMX3 routing-options static route 0.0.0.0/0 next-hop 172.30.26.3
    Rib-group
    set routing-options rib-groups FBF-group import-rib inet.0
    set routing-options rib-groups FBF-group import-rib vMX2.inet.0
    set routing-options rib-groups FBF-group import-rib vMX3.inet.0
    set routing-options interface-routes rib-group inet FBF-group
    
    apply the filter
    set interfaces ge-0/0/0 unit 0 family inet filter input FBF
    set interfaces ge-0/0/0 unit 0 family inet address 172.30.25.1/28
    set interfaces ge-0/0/1 unit 0 family inet filter input FBF
    set interfaces ge-0/0/1 unit 0 family inet address 172.30.26.1/28
    
    root@vMX1# run show route 4.4.4.4
    
    vMX2.inet.0: 7 destinations, 7 routes (7 active, 0 holddown, 0 hidden)
    + = Active Route, - = Last Active, * = Both
    
    0.0.0.0/0          *[Static/5] 01:28:42
                        > to 172.30.25.2 via ge-0/0/0.0
    
    vMX3.inet.0: 7 destinations, 7 routes (7 active, 0 holddown, 0 hidden)
    + = Active Route, - = Last Active, * = Both
    
    0.0.0.0/0          *[Static/5] 01:28:42
                        > to 172.30.26.3 via ge-0/0/1.0
    
    root@vMX1# run traceroute 4.4.4.4 source 1.1.1.1
    traceroute to 4.4.4.4 (4.4.4.4) from 1.1.1.1, 30 hops max, 40 byte packets
    traceroute: sendto: No route to host
     1 traceroute: wrote 4.4.4.4 40 chars, ret=-1

    I am practising filter based forwarding on vMX. Anyone can help me to figure out why I got No route to host

    thanks in advance !!



  • 2.  RE: Filter based forwarding

     
    Posted 01-11-2020 16:50

    Hi Gingyanu,

    Following filter should be applied on the incoming interface of the vMX1. You have applied the filter to the output/core-facing interface.

    apply the filter
    set interfaces ge-0/0/0 unit 0 family inet filter input FBF
    set interfaces ge-0/0/0 unit 0 family inet address 172.30.25.1/28
    set interfaces ge-0/0/1 unit 0 family inet filter input FBF
    set interfaces ge-0/0/1 unit 0 family inet address 172.30.26.1/28

    Example Link: https://www.juniper.net/documentation/en_US/junos/topics/example/filter-based-forwarding-example.html

    PS: Please accept my response as solution if it solves your query, kuods are appreicate too!

     


    Thanks
    Vishal



  • 3.  RE: Filter based forwarding

    Posted 01-11-2020 22:33

    Hello,

     


    @gongyayu wrote:

     

    root@vMX1# run show route 4.4.4.4
    
    vMX2.inet.0: 7 destinations, 7 routes (7 active, 0 holddown, 0 hidden)
    + = Active Route, - = Last Active, * = Both
    
    0.0.0.0/0          *[Static/5] 01:28:42
                        > to 172.30.25.2 via ge-0/0/0.0
    
    vMX3.inet.0: 7 destinations, 7 routes (7 active, 0 holddown, 0 hidden)
    + = Active Route, - = Last Active, * = Both
    
    0.0.0.0/0          *[Static/5] 01:28:42
                        > to 172.30.26.3 via ge-0/0/1.0
    
    root@vMX1# run traceroute 4.4.4.4 source 1.1.1.1
    traceroute to 4.4.4.4 (4.4.4.4) from 1.1.1.1, 30 hops max, 40 byte packets
    traceroute: sendto: No route to host
     1 traceroute: wrote 4.4.4.4 40 chars, ret=-1

    I am practising filter based forwarding on vMX. Anyone can help me to figure out why I got No route to host

    thanks in advance !!


     

    Clearly You have no route towards 4.4.4.4 in inet.0 but You are trying to trace using inet.0 (default behaviour).

    Additionally, FBF for locally-originated traffic is not supported in JUNOS.

    HTH

    Thx

    Alex



  • 4.  RE: Filter based forwarding

    Posted 01-15-2020 17:26

    Sorry for the delayed response.  thanks for taking a look at this.

    I followed the following 

     [KB23300] Show KB Properties

     [KB17223] Show KB Properties

     

    I used to do this on SRX. Right now I can access MX, I tried to test on MX.  

    You mean MX does not support this ?

     



  • 5.  RE: Filter based forwarding
    Best Answer

    Posted 01-15-2020 19:30

    Hello,

     

    All JUNOS products do NOT support FBF for locally-originated traffic.

    This includes SRX, vSRX, MX, vMX, PTX, vPTX, QFX, vQFX, EX, M-series, T-series, J-series, TX, VRR.

    HTH

    Thx

    Alex

     



  • 6.  RE: Filter based forwarding

    Posted 01-16-2020 12:12

    thanks so much !!

     

    I will add to my notes for this.