Junos OS

 View Only
last person joined: 20 hours ago 

Ask questions and share experiences about Junos OS.
  • 1.  Junos Forwarding-Option

    Posted 05-08-2023 11:16

    Hello Folks,

    I need to understand the 'forwarding-option' feature and its use-cases and for where we can use it, As i found it is similar to firewall filter.
    so in which case we can use firewall filter and in which case we can use forwarding-option in terms of packet control/forwarding like ACL  in below example.

    Config snippet :

    Firewall filter
    ===========

    set firewall family inet filter filterSrcDstAddr term term1 from address 128.0.0.8/30

    set firewall family inet filter filterSrcDstAddr term term4 then accept

    set interfaces gi 0/0/1 unit 0 family inet address 1.1.1.1/24

    set interfaces  gi 0/0/1 unit 0 family inet filter input filterSrcDstAddr



    forwarding- option:
    ===============

    set firewall family bridge filter al_rpf_pok_vdd35 term rpf_seq_110 from ether-type ipv4

    set firewall family bridge filter al_rpf_pok_vdd35 term rpf_seq_110 from ip-source-address 127.0.0.0/8

    set firewall family bridge filter al_rpf_pok_vdd35 term rpf_seq_110 from ip-destination-address 0.0.0.0/0

    set firewall family bridge filter al_rpf_pok_vdd35 term rpf_seq_110 then discard

    set bridge-domains vlan2021 description vDD35b-vDA1/dc1.b1-2

    set bridge-domains vlan2021 vlan-id 2021

    set bridge-domains vlan2021 routing-interface irb.2021

    set bridge-domains vlan2021 forwarding-options filter input al_rpf_pok_vdd35

    set interfaces irb unit 2021 description pok/vDD35-vDA1/dc1.b1-1/9.63.65.0/24

    set interfaces irb unit 2021 family inet mtu 1500

    set interfaces irb unit 2021 family inet no-redirects

    set interfaces irb unit 2021 family inet address 9.63.65.4/24

    Model: mx240

    Junos: 19.1R1.6


    In both case we can use ACL so why Junos has  above two options ?

    -Pavan



    ------------------------------
    PAVAN PAWAR
    ------------------------------


  • 2.  RE: Junos Forwarding-Option

    Posted 05-29-2023 13:34

    Hi Pawan,
    Firewall filter is akin to ACL. It helps user to filter out packets that match the criteria mentioned in the firewall filter term. Firewall filter also provide method to apply some basic actions on the matched packets. Eg - counting, sampling, accepting or rejecting the packet.
    On the other hand, forwarding-options provide method to apply advanced actions on packets that are forwarded by the router. One of the primary difference between firewall filter and forwarding-options is that actions mentioned in firewall filter will apply to only those packets that match the criteria specified in the filter term. Whereas forwarding-options apply on each packet based on the configuration of forwarding-options.

    To know more about the the facilities that are enabled by configuring forwarding-options, consider reading this user guide

    https://www.juniper.net/documentation/us/en/software/junos/subscriber-mgmt-wholesale/topics/ref/statement/forwarding-options-edit.html

    Regards,
    Pankaj



    ------------------------------
    Pankaj Malviya
    ------------------------------