Hi guys,
I´m working on a EX4200 (2 switches in virtual-chassis config) which is
required to be the L3 border edge of a Datacenter. The backbone network
presents 4 VRFs to the datacenter with a strange requirement: each VRF
must reach a set of hosts in the datacenter, maintaining theirself
independent of the other 3 VRFs, and at the same time,each host of the
datacenter must reach the others in a full mesh of local connectivity.
OSPF is the protocol required to connect VRFs on the PE with the switch.
So, my approach was the following: on the L3 switch, I created 4 routing
instances (virtual router type) with ospf to the related VRF on the PE.
On the internal side: a rib-group to copy all interface routes to each
instance, so inet.0 is replied 4 times. To bind every internal phisical
interface with a particular routing-instances, I use Filtered-Based
Forwarding to send the lookup into the right instance (inet.0 is
completely replied, so it works for local connectivity also).
This approach worked fine in a lab made with an MX480 and logical-systems.
Now: when I copied the configuration to the switch, I found that the
Filter-Based-Forwarding didn't work as into the MX lab: apparently I
cannot apply a simple firwall filter with the "routing-instance XXX"
accion matching for all packets, like that:
firewall {
family inet {
filter LookUp-into-InstanceA {
term 1 {
then {
routing-instance InstanceA;
}
}
}
}
}
In the EX I needed to separate the packets with a filter like that,
because the packets were not routed with the above filter. So the filter
is now:
firewall {
family inet {
filter LookUp-into-InstanceA {
term 1 {
from {
destination-prefix-list {
Local-Destinations;
}
then accept;
}
term 2 {
then {
routing-instance InstanceA;
}
}
}
}
}
and it is working, but the need to filter by destination is very bad:
Local-Destination is a prefiz-list with all hosts specific IPs.
More than this: I couldn't use inet.0. I had to create a fifth instance,
in which I put all the interfaces, and use it as a default instance.
This was very strange to me: may be that EX4200 behaviour is so
different from MX480 one?
Anyone know about issues in EX platforms working with routing-instances
anf filter-based-forwarding?
Oh, for EX doesn´t exist the next-table options. It should be very
useful....
Thanks for your help.
--
Ing. Cristian Frizziero
Av. Honorio Pueyrredón 1475
C.A.B.A. República Argentina
NUEVO TEL +54.11.4855.6041 (Ext. 517)
NUEVO CEL +54.9.11.4811.7562
SKYPE cristian.frizziero
cristian.frizzi...@iquall.net <mailto:cristian.frizzi...@iquall.net>
www.iquall.net <http://www.iquall.net>
_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
