Hi @Ivan Minin,
First off, thank you so much for your question!
Now, let me see if I am understanding what you are asking before I attempt to answer. You currently have a service called "remote-subnets-from-bgp" and it has a service-route that works correctly. You need to create a different service for "Application-SSH" because this has different service and security policies. So you are wondering if you can make the configuration of service-routes easier by using the same service-route you already have configured. Did I understand this correctly?
@peetee, correct me if I am wrong, but unfortunately, I believe the answer is no, and that's just due to the fact that the service-routes are tied to the service.
Now, if it does help at all, you can clone your existing service-routes and then just change the service. This will at least make some of the configuration easier, but it does not automate the whole process.
Also, as for the auto-generation of service-routes. In order for that to happen, you need to:
1. be in a neighborhood that has access to the service
2. already have a service-route to this service defined
3. make sure you have Share Service Routes in the service set to enabled (which is the default)
The second point there is the reason I don't think this will work in your case, or at least doesn't make it easier. You will still need to make 1 service-route headed to the SSH service that the 128T can use to auto-generate the other services.
Let me know if I understood your original question correctly and if my answer helped at all.
Thank you,
Justin
------------------------------
Justin Melloni
Documentation/Training Specialist
MA
------------------------------
Original Message:
Sent: 01-25-2019 10:55
From: Victoria Smiley
Subject: Combining services
Hi @Ivan - I see you have yet to get an answer on this question. I believe @Vanya and @Justin have been working on some training materials that cover this topic. Do either of you have some information you can provide to Ivan?
------------------------------
Victoria Smiley
Interchange Community Manager
Burlington MA
Original Message:
Sent: 01-21-2019 23:40
From: Ivan Minin
Subject: Combining services
Hello,
Let's say I have a service-route installed on some remote, which is used to redistribute routes coming from BGP from local cisco site router into SVR and populate them to other routers. This service-route references to service, which has only network 0.0.0.0/0 with security and service policy assigned. It works normally and appropriate service route is auto-generated on all required routers. Let's name it like "remote-subnets-from-bgp".
For example, I have another service defined, let's say it is SSH (TCP/22). For these SSH connections I need to use different service policy and security policy. So this route should contain 0.0.0.0/0 as service address and TCP/22 for service transport. Let's name it "Application-SSH".
Is there any way to combine "remote-subnets-from-bgp" and "Application-SSH" without creating a service-route on my remote router with "Use Learned Routes" type for each application-specific service like "Application-SSH"? Or is there is a way to auto-generate such service-routes?
Thank you
------------------------------
Ivan Minin
Houston TX
(346) 319-6699
------------------------------