Hello, does anyone have experience with a non-VRF solutions? I think about redirecting with an interface filter and a prefix-list to change the routing based on the incoming interface:
set firewall family inet filter border-filter term scrubbing from destination-prefix-list redirect-to-scrubbing set firewall family inet filter border-filter term scrubbing then next-ip <ip of scrubbing router> set firewall family inet filter border-filter term rest then accept set policy-options prefix-list prefixes-redirect-to-scrubbing x.x.x.x/32 set interfaces <insert border interface here> family inet filter input border-filter Just tested it and it seams to work (traffic entering that interface is redirected). That way sounds far easier to me, does not impact the routing in any kind and does not fill the FIB with double routes. Beside the need to let the redirecting tool access/Configure the router itself and that a "show route" will only show half of the truth, I see no downsides. I was wondering if there is maybe even a way to combine that with BGP advertisement. I.e. send a route via bgp that is not installed to the fib but referenced in the filter. Any idea if that is possible? kind regards Rolf > For traffic scrubbing you either want clean-in-VRF or dirty-in-VRF, > both have upside and downside, if you are not committed to either > solution, please reconsider if you are even walking the correct > solution. > _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp