Configure interface-routes at the [edit routing-instances CUSTOMER-A routing-options] hierarchy rather than the [edit routing-options] hierarchy. Continue to define rib-groups at the [edit routing-options] hierarchy.
[edit] root@srx210# show routing-options rib-groups { FBF-PBR { import-rib [ CUSTOMER-A.inet.0 FBF-PBR.inet.0 ]; } } [edit] root@srx210# show routing-instances CUSTOMER-A { instance-type virtual-router; routing-options { interface-routes { rib-group inet FBF-PBR; } } } [edit] root@srx210# commit check configuration check succeeds --Stacy On Nov 28, 2012, at 5:39 PM, Ben Dale <bd...@comlinx.com.au> wrote: > Hi All, > > I have a requirement for performing Filter-based Forwarding on traffic that > is ingressing via a routing-instance (instance-type virtual-router): > > show routing-options: > > interface-routes { > rib-group inet FBF-PBR; > } > > rib-groups { > FBF-PBR { > import-rib [ CUSTOMER-A.inet.0 FBF-PBR.inet.0 ]; > } > } > > Problem I have is that I can't seem to commit without including inet.0 in the > rib-group: > > root@srx240-lab# commit check > [edit routing-options interface-routes] > 'rib-group' > FBF-PBR: primary rib for instance master was not found in ribgroup > configuration. > error: configuration check-out failed > > Putting inet.0 in the rib-group isn't desirable, as it exposes direct routes > into the RI which I'm trying to hide in the first place. is there a > better/different way to be doing this? > > Cheers, > > Ben > _______________________________________________ > juniper-nsp mailing list juniper-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/juniper-nsp _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp