Routing

 View Only
last person joined: 4 days ago 

Ask questions and share experiences about ACX Series, CTP Series, MX Series, PTX Series, SSR Series, JRR Series, and all things routing, including portfolios and protocols.
  • 1.  Multiple NATs to individual gateways with DHCP relay

    Posted 12-07-2022 14:54

    Hello,

    We are looking to run multiple public IPs from two ISPs into our building with an MX204. These will be 100G connections. Each IP will go to its own gateway. We will also need to setup a DHCP relay to our current router running our 10G office network. We have some networking experience, but are new to this level of networking. I am hoping for some assistance or direction.  

    Thanks



    ------------------------------
    SETH STANFILL
    ------------------------------


  • 2.  RE: Multiple NATs to individual gateways with DHCP relay

    Posted 12-11-2022 13:50

    On the MX series you would be using carrier grade nat for the distribution.  There is a free Juniper Day one book with example configurations for that process here.

    https://www.juniper.net/documentation/en_US/day-one-books/DO_CGNAT_UpRunning.zip


    DHCP forwarding configurations are in this documentation.

    https://www.juniper.net/documentation/us/en/software/junos/dhcp/topics/topic-map/dhcp-relay-agent-security-devices.html



    ------------------------------
    Steve Puluka BSEET - Juniper Ambassador
    IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP - Retired)
    http://puluka.com/home
    ------------------------------



  • 3.  RE: Multiple NATs to individual gateways with DHCP relay

    Posted 12-15-2022 14:29
    How do I activate the premium license for this switch?

    ------------------------------
    SETH STANFILL
    ------------------------------



  • 4.  RE: Multiple NATs to individual gateways with DHCP relay

    Posted 12-16-2022 08:20
    Licensing install varies by the feature.  Best bet is to ask the reseller for the specific instructions for the one purchased but the overall MX documentation is here.
    https://www.juniper.net/documentation/us/en/software/license/licensing/topics/topic-map/software_licensing_requirements.html

    ------------------------------
    Steve Puluka BSEET - Juniper Ambassador
    IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP - Retired)
    http://puluka.com/home
    ------------------------------



  • 5.  RE: Multiple NATs to individual gateways with DHCP relay

    Posted 01-27-2023 10:18

    Thanks for the help on this. We have everything working, but now we are looking to add in a second ISP with a different IP range and size. We have our default next hop setup with the original ISP. We are using 1 service set for all our rules with dnat-44 and basic-nat44 translation for our 1:1 internal to external IPs. The new ISP IPs will be setup in the same way as the first.  Will this require redoing what is already done? Doing some research, I am reading a lot about setting up ribs and modifying routing tables. 

    This is the the same MX204.

    et-0/0/0 - ISP1

    et-0/0/1 - ISP2

    et-0/0/2 - Spine distribution port 1

    et-0/0/3 - spine distribution port 2

    Thanks for the assistance.



    ------------------------------
    SETH STANFILL
    ------------------------------



  • 6.  RE: Multiple NATs to individual gateways with DHCP relay

    Posted 01-27-2023 20:22
    From your description it looks like your simplest solution would allow the existing setup to stay as is.

    For this you would create a virtual router routing instance.  This creates an isolated router and routing table.  Here you would land the new ISP and all the downstream interfaces that are served by this one.   This virtual router has it's own default route then to the new ISP.

    https://www.juniper.net/documentation/en_US/release-independent/nce/topics/concept/virtual-router-srx-use-case-edu-overview.html

    You will likely need a connection from this virtual router to the main instance just in order to forward the dhcp forwarding and other services.  But this can be just the needed subnets exchanged by BGP or other internal routing. This connection can use a virtual pair of logical tunnel interfaces so as not to need two physical interfaces on the mx for the communications.

    https://www.juniper.net/documentation/us/en/software/junos/interfaces-encryption/topics/topic-map/configuring-tunnel-interfaces.html

    ------------------------------
    Steve Puluka BSEET - Juniper Ambassador
    IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP - Retired)
    http://puluka.com/home
    ------------------------------



  • 7.  RE: Multiple NATs to individual gateways with DHCP relay

    Posted 01-31-2023 10:20
    As these are all on the same Spine, how do we ensure the correct systems are routing back to the correct ISP?

    ------------------------------
    SETH STANFILL
    ------------------------------



  • 8.  RE: Multiple NATs to individual gateways with DHCP relay

    Posted 01-31-2023 11:20
    The details will depend on how the spine is constructed.

    If the gateway is on the MX and the spine is straight layer 2 connection that it is simply the vlan connection on the spine link coming up to the layer 3 gateway interface on the MX being assigned to the new virtual router routing instance.

    If the gateway is on the spine nodes and the connection from the spine set to the MX is layer 3 routed links this will be controlled by routing tables on the spine.  So there are a few options.

    One option, is to also separate the spine routing tables also using virtual routers so these vlans for the second ISP are also isolated and only connected here with their own default route.

    Another option would be to use source based routing in the spine.  This creates a forwarding routing instance and some filters to match the source address of traffic and forward it to the second ISP.  All other traffic then uses the normal default route to the original ISP.
    https://supportportal.juniper.net/s/article/SRX-Source-based-routing-configuration-example

    ------------------------------
    Steve Puluka BSEET - Juniper Ambassador
    IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP - Retired)
    http://puluka.com/home
    ------------------------------



  • 9.  RE: Multiple NATs to individual gateways with DHCP relay

    Posted 02-07-2023 16:05
    Edited by SETH STANFILL 02-07-2023 16:07
    The issues we were having were being caused by the ISP incorrectly configuring the IP block. The new service is now functional, but we are trying to run traceroutes that are being blocked by the Juniper. The only traceroutes I can get to show repeat the interface IP connecting to our internal network.

    ------------------------------
    SETH STANFILL
    ------------------------------



  • 10.  RE: Multiple NATs to individual gateways with DHCP relay

    Posted 02-09-2023 10:57

    By default the MX would reply to these requests so I suspect there is a protection firewall filter applied.  Which is a good idea for internet active devices.

    You will need to locate the filter and expand the allow ping and traceroute terms or add them to get the responses you are looking for from the device.

    Typically the filter would be applied to the loopback address to filter traffic destined for the routing engine on the MX.

    Filter examples can be seen here in the documentation.

    https://www.juniper.net/documentation/us/en/software/junos/routing-policy/topics/concept/firewall-filter-stateless-overview.html

    A longer Day one book with examples is on the Juniper day one book site.

    https://www.juniper.net/documentation/en_US/day-one-books/DO_Configuring_Junos_Policies_Filters.zip



    ------------------------------
    Steve Puluka BSEET - Juniper Ambassador
    IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP - Retired)
    http://puluka.com/home
    ------------------------------