Tuesday, March 30, 2010

Juniper JunOS Configuring Policy-Based Routing

Examples: Configuring Policy-Based Routing

For some reasons you need to configure PBR on your Juniper.
Here the step by step how to configure this policy like route-map in Cisco Router.

The Scenario :

a)- Redirecting 192.168.100.0/24 to Provider B with IP Address : 192.168.224.2
b)- The rest of outgoing traffic stick on Provider A
c)- 192.168.100.0/24 located behind interface fe-0/2/2 (routed statically via 192.168.5.2 for e.g
Your directly connected via alias / secondary IP.

The Config Looks Like :

interfaces {
fe-0/2/2 {
description LAN;
unit 0 {
family inet {
filter {
input ROUTE-MAP-NET-100-0;
}
address 192.168.5.1/29;
}
}
}

routing-options {
interface-routes {
rib-group inet all-ribs;
}

rib-groups {
all-ribs {
import-rib [ inet.0 REDIRECT-100-0.inet.0 ];
}
}

firewall {
family inet {
filter ROUTE-MAP-NET-100-0 {
term 1 {
from {
source-address {
192.168.100.0/24;
}
}
then routing-instance REDIRECT-100-0;
}
term 2 {
then accept;
}
}
}

routing-instances {
REDIRECT-100-0 {
instance-type forwarding;
routing-options {
static {
route 0.0.0.0/0 next-hop 192.168.224.2;
}
}
}
}

The steps :

you@JunOS#(edit prompt)
you@JunOS#set routing-instances REDIRECT-100-0 instance-type forwarding
you@JunOS#set routing-instances REDIRECT-100-0 routing-options static route 0.0.0.0/0 next-hop 192.168.224.2
you@JunOS#commit

you@JunOS#set routing-options interface-routes rib-group inet all-ribs (just the name)
you@JunOS#set routing-options rib-groups all-ribs import rib [ inet.0 REDIRECT-100-0.inet.0 ]
(make sure REDIRECT-100-0 similar to your routing-instances name, unless it won’t work).
you@JunOS#commit

you@JunOS#set firewall family inet filter ROUTE-MAP-NET-100-0 term 1 from source-address 192.168.100.0/24
you@JunOS#set firewall family inet filter ROUTE-MAP-NET-100-0 term 1 then then routing-instance REDIRECT-100-0
you@JunOS#set firewall family inet filter ROUTE-MAP-NET-100-0 term 2 then accept
you@JunOS#commit

you@JunOS#set interfaces fe-0/2/2 unit 0 family inet filter input ROUTE-MAP-NET-100-0
you@JunOS#commit

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)