Hello Everyone
I was hoping someone can shed a light on the setup that I have, I'm trying to force a traffic going out from a routing instance (Dirty VRF) with a static default next-table to inet.0 on higher metric as a mean of backup if it stopped receiving default routes towards another OSPF neighbor (Clean VRF)
This is the diagram depicting the network
+----------+
| ISP |
| |
+----------+
|
|
| ACL input
| redirect to Dirty VRF
+--------------------------+
| |
| +----------+ |
| | | |
| | | |
| | Dirty | | +--------------+
| | VRF | | in | |
| | +-------------+ |
| INET.0 | | | | Layer 2 |
| | | | | DDOS |
| +----------+ | | Scrubber |
| | | |
| +----------+ | | |
| | | | | |
| | +-------------+ |
| | Clean | | out| |
| | VRF | | +--------------+
| | | |
| | | |
| +----------+ |
+--------------------------+
I could get the routing to work from ISP to Dirty -> Scrubber -> Clean -> inet.0, but whenever links between Dirty-Clean fails, I can't seem to get the traffic goes out from Dirty to inet.0 this way, any help is appreciated.
Here is the relevant configuration that I have.
firewall family inet filter on the ISP facing interface
firewall {
family inet {
filter redirect-to-dirty {
term bypass-bgp-traffic-from-isp {
from {
address {
1.1.1.1/32;
}
}
then accept;
}
term all-traffic {
then {
next-interface {
ge-0/0/1.0;
routing-instance dirty-vrf;
}
}
}
}
}
}
routing instances configuration
routing-instances {
clean-vrf {
instance-type virtual-router;
interface ge-0/0/3.0;
routing-options {
static {
route 0.0.0.0/0 {
next-table inet.0
}
}
}
protocols {
ospf {
export default-originate;
area 0.0.0.0 {
interface ge-0/0/3.0;
}
}
}
}
dirty-vrf {
instance-type virtual-router;
interface ge-0/0/1.0;
routing-options {
static {
route 0.0.0.0/0 {
next-table inet.0;
preference 200;
}
}
}
protocols {
ospf {
area 0.0.0.0 {
interface ge-0/0/1.0;
}
}
}
}
}
Thank you,
Diyan
#routinginstances#VirtualRouter#fbf#vrf