Routing

 View Only
last person joined: 3 days ago 

Ask questions and share experiences about ACX Series, CTP Series, MX Series, PTX Series, SSR Series, JRR Series, and all things routing, including portfolios and protocols.
  • 1.  TRACE ROUTE PATH WITH HOP

    Posted 11 days ago

    I need an assistance to block(make them disappear) some hops from appearing in a traceroute. 

    Though they are my internal IP ,

    See picture below for a guide .  i dont't want those hops to appear in a trace ( 10.90.0.166 , 172.16.40.4, 172.16.18 )  .

    I'm making use of  juniper SRX5800.


    In the quest , i applied a filter configuration to a trust interface facing my internal network. Then noticed i was blocking to much. 

    See result below , and this will rather affect troubleshooting when i applied the filter.


    Below is my command line configuration 

    set interfaces reth0 unit 412 family inet filter output block-traceroute
    set firewall family inet filter block-traceroute term t1 from source-address 0.0.0.0/0
    set firewall family inet filter block-traceroute term t1 from protocol icmp
    set firewall family inet filter block-traceroute term t1 from icmp-type time-exceeded
    set firewall family inet filter block-traceroute term t1 then discard
    set firewall family inet filter block-traceroute term accept-else then accept


    BASICALLY BELOW IS AN EXAMPLE OF WHAT I NEED





    ------------------------------
    olalekan ajayi
    ------------------------------


  • 2.  RE: TRACE ROUTE PATH WITH HOP

    This message was posted by a user wishing to remain anonymous
    Posted 6 days ago
    This message was posted by a user wishing to remain anonymous

    Hello,

    Instead of blocking 0.0.0.0/0 , block only private addresses.
    For example : 
    set firewall family inet filter block-traceroute term t1 from source-address 10.0.0.0/8


  • 3.  RE: TRACE ROUTE PATH WITH HOP

    Posted 6 days ago
    Thank you I will try this and feedback

    ------------------------------
    olalekan ajayi
    ------------------------------