Hi Everyone,
I am having an issue with the static default route in vrf routing instance.
I am using exabgp to send a flow route to MX and want to redirect the global traffic to VRF which has a default route with next-table inet.0 in and all direct routes in global.
I was thinking that the traffic coming from the interface in global would be redirected to the VRF by flowspec rule and forwarded back to the global table.
However, the traffic is not forwarded as I thought.
On the other hand, if we change the next-table to next-hop x.x.x.x, the traffic can be forwarded by the default route in VRF.
Here is our configuration.
james@lab1> show configuration policy-options policy-statement acc_all
then accept;
james@lab1> show configuration protocols bgp group flowspec
neighbor 192.168.11.1 {
family inet {
unicast;
flow {
no-validate acc_all;
}
}
export drop_all;
peer-as 131618;
}
show configuration routing-instances test
instance-type vrf;
route-distinguisher 100:100;
vrf-target {
import target:100:100;
export target:100:100;
auto;
}
routing-options {
static {
defaults {
resolve;
}
route 0.0.0.0/0 next-hop 100.100.100.1;
}
}
I checked the counter of flowspec when I running mtr.
Compare to the counter when I set the static default route with next-hop, the counter increases too fast.
IMBO, I think the traffic is looped.
There are some discussions about using next-table is possible to cause a loop but the commit is successful.
james@lab1# set routing-instances test routing-options static route 0.0.0.0/0 next-table inet.0
[edit]
james@lab1# commit
commit complete
Result of default static route with next-hop.
james@lab1> show firewall filter __flowspec_default_inet__
Filter: __flowspec_default_inet__
Counters:
Name Bytes Packets
*,192.168.10/24 704 11
Result of default static route with next-table.
james@lab1> show firewall filter __flowspec_default_inet__
Filter: __flowspec_default_inet__
Counters:
Name Bytes Packets
*,192.168.10/24 423888192 6623253
james@lab1> show firewall filter __flowspec_default_inet__
Filter: __flowspec_default_inet__
Counters:
Name Bytes Packets
*,192.168.10/24 825261120 12894705
james@lab1> show firewall filter __flowspec_default_inet__
Filter: __flowspec_default_inet__
Counters:
Name Bytes Packets
*,192.168.10/24 1427367808 22302622
I can do the exact same thing on the Cisco ASR 9K and it's hard to believe it's impossible to do in Juniper.
Is there some configuration I miss?Best regards,
James
------------------------------
James Tu
------------------------------