Hi, We are utilizing FBF/PBR quite extensively mainly for redirecting traffic to value added services platforms (caching, content filtering etc').
One nice feature in Junos is the ability to apply the filter on output interfaces and avoiding loops using interface groups. Of course it's not a very scalable solution, but in a network with a couple exit routers it works perfectly. In one of the cases we even have a server that dynamically changed prefix lists based on the load on an external system. We had it working for years before we realized we are actually implementing an SDN controller, so good to be on top of the hype ;-) Amos Sent from my iPhone On 5 May 2017, at 10:40, Rolf Hanßen <n...@rhanssen.de<mailto:n...@rhanssen.de>> wrote: Hello, does anyone have experience with a non-VRF solutions? I think about redirecting with an interface filter and a prefix-list to change the routing based on the incoming interface: set firewall family inet filter border-filter term scrubbing from destination-prefix-list redirect-to-scrubbing set firewall family inet filter border-filter term scrubbing then next-ip <ip of scrubbing router> set firewall family inet filter border-filter term rest then accept set policy-options prefix-list prefixes-redirect-to-scrubbing x.x.x.x/32 set interfaces <insert border interface here> family inet filter input border-filter Just tested it and it seams to work (traffic entering that interface is redirected). That way sounds far easier to me, does not impact the routing in any kind and does not fill the FIB with double routes. Beside the need to let the redirecting tool access/Configure the router itself and that a "show route" will only show half of the truth, I see no downsides. I was wondering if there is maybe even a way to combine that with BGP advertisement. I.e. send a route via bgp that is not installed to the fib but referenced in the filter. Any idea if that is possible? kind regards Rolf For traffic scrubbing you either want clean-in-VRF or dirty-in-VRF, both have upside and downside, if you are not committed to either solution, please reconsider if you are even walking the correct solution. _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net<mailto:juniper-nsp@puck.nether.net> https://puck.nether.net/mailman/listinfo/juniper-nsp _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
