Hello Group, I want to test the feature on Olive and it seems that is not ok.When I try to ping R5 loopback from R3 I receive icmp unreachable from R1 where the filter is applied.
It seems that the filter is seen as unknown when applied to em1.0 interface on input. If you have a working example with instance type forwarding or instance type virtual router used with FBF it will help. My topology looks like this: R3 ----em0.0----R1---em2.0---R5 My configuration looks like this: r...@r1> show configuration firewall filter FBF term 1 { then { routing-instance FBF; } } r...@r1> show configuration routing-instances FBF instance-type forwarding; routing-options { static { route 0.0.0.0/0 next-hop 150.1.15.5; } } r...@r1> show configuration routing-options interface-routes { rib-group inet FBF; } rib-groups { FBF { import-rib [ inet.0 FBF.inet.0 ]; } r...@r1> show configuration interfaces em0 { unit 0 { family inet { address 150.1.12.1/24; } family mpls; } } em1 { unit 0 { family inet { filter { input FBF; } address 150.1.13.1/24; } family mpls; } } em2 { unit 0 { family inet { address 150.1.15.1/24; } family mpls; } } lo0 { unit 0 { family inet { address 1.1.1.1/32; } } } r...@r3> show route 0.0.0.0 inet.0: 19 destinations, 28 routes (19 active, 0 holddown, 1 hidden) + = Active Route, - = Last Active, * = Both 0.0.0.0/0 *[Static/5] 03:08:35 > to 150.1.13.1 via em1.0 r...@r3> r...@r1> show route 0.0.0.0 FBF.inet.0: 8 destinations, 8 routes (8 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both 0.0.0.0/0 *[Static/5] 00:03:10 > to 150.1.15.5 via em2.0 r...@r1> show route 5.5.5.5 FBF.inet.0: 8 destinations, 8 routes (8 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both 0.0.0.0/0 *[Static/5] 00:03:16 > to 150.1.15.5 via em2.0 r...@r1> show route forwarding-table destination 0.0.0.0 Routing table: default.inet Internet: Destination Type RtRef Next hop Type Index NhRef Netif 0.0.0.0/32 perm 0 dscd 34 1 Routing table: __juniper_private1__.inet Internet: Destination Type RtRef Next hop Type Index NhRef Netif 0.0.0.0/32 perm 0 dscd 114 1 Routing table: __juniper_private2__.inet Internet: Destination Type RtRef Next hop Type Index NhRef Netif 0.0.0.0/32 perm 0 dscd 194 1 Routing table: FBF.inet Internet: Destination Type RtRef Next hop Type Index NhRef Netif 0.0.0.0/32 perm 0 dscd 529 1 r...@r1> r...@r1> show interfaces filters em1.0 Interface Admin Link Proto Input Filter Output Filter em1.0 up up inet unknown mpls r...@r3> traceroute 5.5.5.5 traceroute to 5.5.5.5 (5.5.5.5), 30 hops max, 40 byte packets 1 150.1.13.1 (150.1.13.1) 0.881 ms 0.671 ms 0.128 ms 2 150.1.13.1 (150.1.13.1) 0.483 ms !H 0.694 ms !H 0.098 ms !H r...@r3> ping 5.5.5.5 source 150.1.13.3 PING 5.5.5.5 (5.5.5.5): 56 data bytes 36 bytes from 150.1.13.1: Destination Host Unreachable Vr HL TOS Len ID Flg off TTL Pro cks Src Dst 4 5 00 0054 6a0f 0 0000 40 01 638c 150.1.13.3 5.5.5.5 36 bytes from 150.1.13.1: Destination Host Unreachable Vr HL TOS Len ID Flg off TTL Pro cks Src Dst 4 5 00 0054 6a10 0 0000 40 01 638b 150.1.13.3 5.5.5.5 ^C --- 5.5.5.5 ping statistics --- 2 packets transmitted, 0 packets received, 100% packet loss r...@r1> ping routing-instance FBF 5.5.5.5 source 150.1.15.1 PING 5.5.5.5 (5.5.5.5): 56 data bytes ping: sendto: Can't assign requested address ping: sendto: Can't assign requested address ping: sendto: Can't assign requested address ping: sendto: Can't assign requested address ^C --- 5.5.5.5 ping statistics --- 4 packets transmitted, 0 packets received, 100% packet loss r...@r1> r...@r1> show route forwarding-table destination 5.5.5.5 Routing table: default.inet Internet: Destination Type RtRef Next hop Type Index NhRef Netif default perm 0 rjct 36 1 Routing table: __juniper_private1__.inet Internet: Destination Type RtRef Next hop Type Index NhRef Netif default perm 0 rjct 116 1 Routing table: __juniper_private2__.inet Internet: Destination Type RtRef Next hop Type Index NhRef Netif default perm 0 rjct 196 1 Routing table: FBF.inet Internet: Destination Type RtRef Next hop Type Index NhRef Netif default user 0 0:c:29:bb:f:be ucst 547 4 em2.0 default perm 0 rjct 531 1 r...@r1> Thank you, -- Ioan Branet CCIE #23474 R&S _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp