Filter Based Forwarding (FBF) / Policy Based Routing (PBR) on XRE (EX-8200 VC) with routing-instance type ‘forwarding’
When a router receives a packet, it normally decides where to forward it based on the destination address in the packet, which is then used to look up an entry in a routing table. However, in certain cases, there may be a need to forward the packet based on other criteria.
For example, a network administrator might want to forward a packet based on the source address. This permits routing of packets originating from different sources to different networks, even when the destinations are the same and can be useful when interconnecting several private networks.
To achieve filter based forwarding (FBF) or Cisco Policy Based Routing (PBR) with RVIs on EX8200 VC.
Note:
- FBF for the forwarding routing-instance type is supported on 8200-VC, with RVI interface only (the next-hop must be reachable through RVI interface) using current Junos. It is not supported, if the next-hop is reachable through an L3 interface. Support for L3 interface may be introduced with certain 12.x JUNOS releases.
- When ingress and egress ports are on different member swicthes and the packet is routed from the default routing-instance to another forwarding instance type, then the VLAN ID gets modified in such a way that the traffic is redirected to the default routing-instance for subsequent routing. This issue is addressed in PR721436 and has been fixed in Junos 11.2R5, 11.3R5, 11.4R2, and 12.1R1 or later.
set interfaces ge-5/0/19 unit 0 family ethernet-switching vlan members vlan4 set interfaces xe-16/0/3 unit 0 family ethernet-switching vlan members vlan17 set interfaces vlan unit 4 family inet address 172.16.4.1/24 set interfaces vlan unit 17 family inet filter input vlan17 set interfaces vlan unit 17 family inet address 172.16.17.1/24 set routing-options interface-routes rib-group inet master set routing-options rib-groups master import-rib inet.0 set routing-options rib-groups master import-rib sify_424.inet.0 set firewall family inet filter vlan17 term t1 from source-address 172.16.17.0/24 set firewall family inet filter vlan17 term t1 then count from_vlan17 set firewall family inet filter vlan17 term t1 then routing-instance sify_424 set vlans vlan17 vlan-id 1017 set vlans vlan17 l3-interface vlan.17 set vlans vlan4 vlan-id 1004 set vlans vlan4 l3-interface vlan.4 set routing-instances sify_424 instance-type forwarding set routing-instances sify_424 routing-options static route 116.1.1.0/24 next-hop 172.16.4.18
Here the next-hop is reachable in the sify_424 routing-instance from RVI vlan.4.
root# run show route 172.16.4.18 inet.0: 10 destinations, 10 routes (10 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both 172.16.4.0/24 *[Direct/0] 00:12:37 > via vlan.4 sify_424.inet.0: 7 destinations, 7 routes (7 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both 172.16.4.0/24 *[Direct/0] 00:12:37 > via vlan.4
Resolved route 116.1.1/24 is successfully installed on the PFE.
root# run show pfe route ip table index 4 Slot 0 IPv4 Route Table 4, sify_424.4, 0x0: Destination NH IP Addr Type NH ID Interface ------------ --------------- -------- ----- --------- default Reject 1294 RT-ifl 0 .local..4 ifl 65 0.0.0.0 Discard 1292 RT-ifl 0 .local..4 ifl 65 116.1.1/24 172.16.4.18 Unicast 1341 RT-ifl 0 vlan.4 ifl 66 172.16.4.1 172.16.4.1 Local 1329 RT-ifl 0 172.16.6.1 172.16.6.1 Local 1333 RT-ifl 0 172.16.17.1 172.16.17.1 Local 1337 RT-ifl 0 224/4 mdiscard 1293 RT-ifl 0 .local..4 ifl 65 224.0.0.1 Mcast 1289 RT-ifl 0 .local..4 ifl 65 255.255.255.255 Bcast 1290 RT-ifl 0 .local..4 ifl 65
If the L3 physical interface is used, instead of RVI, the route does not resolve on PFE and FBF support will not work.
Delete the RVI vlan.4 and assigned IP to ge-5/0/19.
delete vlans vlan4 l3-interface vlan.4 delete interfaces ge-5/0/19 unit 0 family ethernet-switching vlan members vlan4 delete interfaces vlan unit 4 family inet address 172.16.4.1/24 set interfaces ge-5/0/19 unit 0 family inet address 172.16.4.1/24
Now next-hop is reachable from ge-5/0/19.
root# run show route 172.16.4.18 inet.0: 10 destinations, 10 routes (10 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both 172.16.4.0/24 *[Direct/0] 00:00:39 > via ge-5/0/19.0 sify_424.inet.0: 7 destinations, 7 routes (7 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both 172.16.4.0/24 *[Direct/0] 00:00:39 > via ge-5/0/19.0
But PFE has a hold route for 116.1.1/24, as use of L3 IFL is not supported on 8200-VC.
root# run show pfe route ip table index 4 Slot 0 IPv4 Route Table 4, sify_424.4, 0x0: Destination NH IP Addr Type NH ID Interface ------------ --------------- -------- ----- --------- default Reject 1294 RT-ifl 0 .local..4 ifl 65 0.0.0.0 Discard 1292 RT-ifl 0 .local..4 ifl 65 116.1.1/24 Hold 1354 RT-ifl 0 ifl 131079 172.16.4.1 172.16.4.1 Local 1352 RT-ifl 0 172.16.6.1 172.16.6.1 Local 1333 RT-ifl 0 172.16.17.1 172.16.17.1 Local 1337 RT-ifl 0 224/4 mdiscard 1293 RT-ifl 0 .local..4 ifl 65 224.0.0.1 Mcast 1289 RT-ifl 0 .local..4 ifl 65 255.255.255.255 Bcast 1290 RT-ifl 0 .local..4 ifl 65