[Juniper] Step By Step Juniper OS / JunOS Policy Based Routing [PBR]
Posted by a. Rahman Isnaini r. Sutan on August 13th, 2008
=======================
Juniper Config Manager [Here..]
=======================
For some reasons you need to configure PBR on your Juniper.
Here the step by step how to configure this policy like route-map in Cisco Router.
The Scenario :
a. Redirecting 192.168.100.0/24 to Provider B with IP Address : 192.168.224.2
b. The rest of outgoing traffic stick on Provider A
c. 192.168.100.0/24 located behind interface fe-0/2/2 (routed statically via 192.168.5.2 for e.g
Your directly connected via alias / secondary IP.
The Config Looks Like :
interfaces {
fe-0/2/2 {
description LAN;
unit 0 {
family inet {
filter {
input ROUTE-MAP-NET-100-0;
}
address 192.168.5.1/29;
}
}
}
routing-options {
interface-routes {
rib-group inet all-ribs;
}
rib-groups {
all-ribs {
import-rib [ inet.0 REDIRECT-100-0.inet.0 ];
}
}
firewall {
family inet {
filter ROUTE-MAP-NET-100-0 {
term 1 {
from {
source-address {
192.168.100.0/24;
}
}
then routing-instance REDIRECT-100-0;
}
term 2 {
then accept;
}
}
}
routing-instances {
REDIRECT-100-0 {
instance-type forwarding;
routing-options {
static {
route 0.0.0.0/0 next-hop 192.168.224.2;
}
}
}
}
The steps :
you@JunOS#(edit prompt)
you@JunOS#set routing-instances REDIRECT-100-0 instance-type forwarding
you@JunOS#set routing-instances REDIRECT-100-0 routing-options static route 0.0.0.0/0 next-hop 192.168.224.2
you@JunOS#commit
you@JunOS#set routing-options interface-routes rib-group inet all-ribs (just the name)
you@JunOS#set routing-options rib-groups all-ribs import rib [ inet.0 REDIRECT-100-0.inet.0 ]
(make sure REDIRECT-100-0 similar to your routing-instances name, unless it won’t work).
you@JunOS#commit
you@JunOS#set firewall family inet filter ROUTE-MAP-NET-100-0 term 1 from source-address 192.168.100.0/24
you@JunOS#set firewall family inet filter ROUTE-MAP-NET-100-0 term 1 then then routing-instance REDIRECT-100-0
you@JunOS#set firewall family inet filter ROUTE-MAP-NET-100-0 term 2 then accept
you@JunOS#commit
you@JunOS#set interfaces fe-0/2/2 unit 0 family inet filter input ROUTE-MAP-NET-100-0
you@JunOS#commit
a. rahman isnaini r.sutan
August 26th, 2008 at 6:24 am
Hi,
Can we redirect the traffic with FBF by asn?
August 26th, 2008 at 8:37 am
nope sure yet, need to check out
February 17th, 2009 at 1:50 pm
[...] post has been moved to [follow this link & you'll be redirected to the same page] http://www.ip-stories.com Please kindly noted & really sorry for your [...]
July 18th, 2009 at 7:48 am
Wow. This information was seriously, seriously helpful to me….I kept going around and around in circles with almost-working solutions until I found this. Thanks!
July 18th, 2009 at 6:58 pm
Glad to hear that Justin.
Thanks.