Just tried and that appears to work.. Explain as to what an interface-route is?
On Wed, Dec 2, 2009 at 11:14 PM, Nilesh Khambal <nkham...@juniper.net>wrote: > Weird. Can you try this configuration instead? > > - remove the default route from PBR. > - put ge-1/3/0 in default and ge-0/1/0 in PBR instance. > - keep the filter PBR on ge-1/3/0. > - Add following configuration. > > [edit routing-options] > u...@host# > > interface-routes { > rib-group inet redist-local-routes; > } > > rib-groups { > redist-local-routes { > import-rib [ inet.0 PBR.inet.0 ]; > } > } > > Then try the traffic again. > > Thanks, > Nilesh. > > > > > On 12/2/09 8:07 PM, "Chris Evans" <chrisccnpsp...@gmail.com> wrote: > > > Here is where I'm coming up with 'master', as you can see below 'master' > is > > valid. In either case, the src is 192.168.1.210 and destination is > > 172.16.1.140.. If create another routing-instance such as PBR2 and put > > ge-1/3/0 into it and apply the firewall filter, it works properly.. It > just > > seems that you cannot call the default inet.0 within the firewall filter > as > > there is no really no instance defined. > > > > > > > > r...@juniperm7i# show routing-instances > > PBR { > > instance-type virtual-router; > > interface ge-0/1/0.0; > > routing-options { > > static { > > route 0.0.0.0/0 <http://0.0.0.0/0> next-table inet.0; > > } > > } > > } > > master { > > instance-type virtual-router; > > } > > > > [edit] > > r...@juniperm7i# commit check > > [edit routing-instances] > > 'master' > > RT Instance: master is a reserved instance name > > error: configuration check-out failed > > > > > > > > > > r...@juniperm7i> show route instance > > Instance Type > > Primary RIB > > Active/holddown/hidden > > PBR virtual-router > > PBR.inet.0 3/0/0 > > > > __juniper_private1__ forwarding > > __juniper_private1__.inet.0 3/0/1 > > __juniper_private1__.inet6.0 4/0/0 > > > > __juniper_private2__ forwarding > > __juniper_private2__.inet.0 0/0/1 > > > > __master.anon__ forwarding > > > > master forwarding > > inet.0 7/0/0 > > inet.1 5/0/0 > > inet6.0 2/0/0 > > > > > > On Wed, Dec 2, 2009 at 10:44 PM, Nilesh Khambal <nkham...@juniper.net> > wrote: > >> What is the destination for the forward traffic? Is it one of the > connected > >> IPs on ge-0/1/0? I suspect if the problem is with forward traffic rather > than > >> return traffic. Can you specify what will be the source and destination > for > >> the forward and return traffic? > >> > >> master.inet.0 is not the same as inet.0. ³inet.0² refers to the default > >> routing table for IPv4 lookup. ³master.inet.0² refers to the IPv4 > routing > >> table for routing-instance name ³master² which you don¹t have it > configured. > >> > >> Thanks, > >> Nilesh. > >> > >> > >> > >> > >> On 12/2/09 7:39 PM, "Chris Evans" <chrisccnpsp...@gmail.com> wrote: > >> > >> Yes, you are correct.. it doesn't make it back to the source. I don't > have > >> any active routing protocols at all, so I pasted them all. We're just > relying > >> on the default route and directly connected routes. If I set the > next-hop > >> table to 'master.inet.0' it doesn't install the 0.0.0.0/0 < > http://0.0.0.0/0> > >> <http://0.0.0.0/0> route into PBR.inet.0 at all.. > >> > >> r...@juniperm7i> show route extensive table inet.0 > >> > >> inet.0: 7 destinations, 7 routes (7 active, 0 holddown, 0 hidden) > >> Restart Complete > >> 0.0.0.0/0 <http://0.0.0.0/0> <http://0.0.0.0/0> (1 entry, 1 > announced) > >> TSI: > >> KRT in-kernel 0.0.0.0/0 <http://0.0.0.0/0> <http://0.0.0.0/0> -> > >> {192.168.1.1} > >> *Static Preference: 5 > >> Next hop type: Router, Next hop index: 614 > >> Next-hop reference count: 3 > >> Next hop: 192.168.1.1 via ge-1/3/0.0, selected > >> State: <Active Int Ext> > >> Age: 1:26:03 > >> Task: RT > >> Announcement bits (1): 0-KRT > >> AS path: I > >> > >> 192.168.1.0/24 <http://192.168.1.0/24> <http://192.168.1.0/24> (1 > entry, 0 > >> announced) > >> *Direct Preference: 0 > >> Next hop type: Interface > >> Next-hop reference count: 1 > >> Next hop: via ge-1/3/0.0, selected > >> State: <Active Int> > >> Age: 1:26:03 > >> Task: IF > >> AS path: I > >> > >> 192.168.1.252/32 <http://192.168.1.252/32> <http://192.168.1.252/32> > (1 > >> entry, 0 announced) > >> *Local Preference: 0 > >> Next hop type: Local > >> Next-hop reference count: 6 > >> Interface: ge-1/3/0.0 > >> State: <Active NoReadvrt Int> > >> Age: 1:26:03 > >> Task: IF > >> AS path: I > >> > >> > >> > >> r...@juniperm7i> show route extensive table PBR.inet.0 > >> > >> PBR.inet.0: 3 destinations, 3 routes (3 active, 0 holddown, 0 hidden) > >> 0.0.0.0/0 <http://0.0.0.0/0> <http://0.0.0.0/0> (1 entry, 1 > announced) > >> TSI: > >> KRT in-kernel 0.0.0.0/0 <http://0.0.0.0/0> <http://0.0.0.0/0> -> > {Table} > >> *Static Preference: 5 > >> Next table: inet.0 > >> Next-hop reference count: 3 > >> State: <Active Int Ext> > >> Age: 22 > >> Task: RT > >> Announcement bits (1): 0-KRT > >> AS path: I > >> > >> 172.16.1.128/25 <http://172.16.1.128/25> <http://172.16.1.128/25> (1 > entry, > >> 0 announced) > >> *Direct Preference: 0 > >> Next hop type: Interface > >> Next-hop reference count: 1 > >> Next hop: via ge-0/1/0.0, selected > >> State: <Active Int> > >> Age: 3:52:19 > >> Task: IF > >> AS path: I > >> > >> 172.16.1.129/32 <http://172.16.1.129/32> <http://172.16.1.129/32> (1 > entry, > >> 0 announced) > >> *Local Preference: 0 > >> Next hop type: Local > >> Next-hop reference count: 6 > >> Interface: ge-0/1/0.0 > >> State: <Active NoReadvrt Int> > >> Age: 3:52:20 > >> Task: IF > >> AS path: I > >> > >> > >> > >> > >> > >> On Wed, Dec 2, 2009 at 10:26 PM, Nilesh Khambal <nkham...@juniper.net> > wrote: > >> So, are you saying that by adding a default route pointing to the inet.0 > >> table (default routing table) the return traffic is not getting routed > to > >> via inet.0 via appropriate egress interface? > >> > >> Is there any another more specific route in PBR.inet.0 for the return > traffic > >> destination? > >> > >> Is there a route for the return traffic destination in inet.0 point to > the > >> correct egress interface? > >> > >> Can you post ³show route a.b.c.d extensive table PBR.inet.0² and then > ³show > >> route a.b.c.d extensive²? > >> > >> Thanks, > >> Nilesh > >> > >> > >> On 12/2/09 7:21 PM, "Chris Evans" <chrisccnpsp...@gmail.com> wrote: > >> > >> Just tried that, no dice.. I also tried 'master.inet.0' with no luck. > >> > >> If I pull the interfaces out of the global routing instance, I can > >> successfully use a firewall filter to forward how I need it to. > Unfortunately > >> it just doens't work with interfaces are in the default instance.. > >> > >> Thanks > >> > >> Chris > >> > >> > >> On Wed, Dec 2, 2009 at 10:11 PM, Nilesh Khambal <nkham...@juniper.net> > wrote: > >> > >> > >> > >> On 12/2/09 7:10 PM, "Nilesh Khambal" <nkham...@juniper.net> wrote: > >> > >>> - set virtual-router PBR routing-options static route 0.0.0.0/0 > >>> <http://0.0.0.0/0> <http://0.0.0.0/0> <http://0.0.0.0/0> next-table > >>> inet.0 > >> > >> Sorry the syntax should be > >> > >> - set routing-instances PBR routing-options static route 0.0.0.0/0 > >> <http://0.0.0.0/0> <http://0.0.0.0/0> <http://0.0.0.0/0> > >> next-table inet.0 > >> > >> Thanks, > >> Nilesh. > >> > >> > >> > >> > >> > > > > > > _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp