ネットワーク備忘録

アラフォーエンジニアのネットワーク系の備忘録。twitter:@deigo25374582

JUNOS_FBF(PBR)

cisco juniper

JUNOSでのFBF(Filter-Based Forwarding)

要はCiscoでいうところのPBR

まずはCiscoで確認。
構成は↓で、R4から1.1.1.1宛と2.2.2.2宛をPBRで実装してみる。

f:id:klock_3rd:20180924152807p:plain

 

R2のConfig

 !
interface GigabitEthernet2
 ip address 172.16.1.254 255.255.255.0
 negotiation auto
!
interface GigabitEthernet3
 ip address 172.16.2.254 255.255.255.0
 negotiation auto
!
interface GigabitEthernet4
 ip address 172.16.3.1 255.255.255.0
 ip policy route-map PBR
 negotiation auto
!
!
ip access-list extended TO_R1
 permit ip any host 1.1.1.1
ip access-list extended TO_R2
 permit ip any host 2.2.2.2
!
route-map PBR permit 10
 match ip address TO_R1
 set ip next-hop 172.16.1.1
!
route-map PBR permit 20
 match ip address TO_R2
 set ip next-hop 172.16.2.1
!

 

R2のRoutingTable確認

cisco-R2#show ip route | exclude connected

Gateway of last resort is not set

   172.16.0.0/16 is variably subnetted, 6 subnets, 2 masks

 

 R4からのTrace確認

cisco-R4#traceroute 1.1.1.1
Type escape sequence to abort.
Tracing the route to 1.1.1.1
VRF info: (vrf in name/id, vrf out name/id)
 1 172.16.3.1 0 msec 0 msec 0 msec
 2 172.16.1.1 1 msec * 1 msec

 

cisco-R4#traceroute 2.2.2.2
Type escape sequence to abort.
Tracing the route to 2.2.2.2
VRF info: (vrf in name/id, vrf out name/id)
 1 172.16.3.1 1 msec 0 msec 0 msec
 2 172.16.2.1 0 msec * 1 msec
cisco-R4#

 


 今度はJUNOSで実装してみる
R2のConfig

set interfaces ge-0/0/0 unit 0 family inet address 172.16.1.254/24
set interfaces ge-0/0/1 unit 0 family inet address 172.16.2.254/24

set interfaces ge-0/0/2 unit 0 family inet filter input PBR
set interfaces ge-0/0/2 unit 0 family inet address 172.16.3.1/24

set routing-options interface-routes rib-group inet PBR-GROUP
set routing-options rib-groups PBR-GROUP import-rib inet.0
set routing-options rib-groups PBR-GROUP import-rib to_r1.inet.0
set routing-options rib-groups PBR-GROUP import-rib to_r2.inet.0

set firewall family inet filter PBR term TO_R1 from destination-address 1.1.1.1/32
set firewall family inet filter PBR term TO_R1 then routing-instance to_r1
set firewall family inet filter PBR term TO_R2 from destination-address 2.2.2.2/32
set firewall family inet filter PBR term TO_R2 then routing-instance to_r2

set routing-instances to_r1 instance-type forwarding
set routing-instances to_r1 routing-options static route 0.0.0.0/0 next-hop 172.16.1.1
set routing-instances to_r2 instance-type forwarding
set routing-instances to_r2 routing-options static route 0.0.0.0/0 next-hop 172.16.2.1

 JUNOSの場合は、PBR(FBF)毎にRoutingインスタンスを作成するイメージ。

 

・条件合致時は、routing-instanceへ飛ばすPBR用のFilterを作成
・各Routing-instanceでルーティングを設定
・それぞれのRouting-instanceをrib groupに割り当て

上記の設定を入れた結果、show routeは以下

 

> show route protocol static

inet.0: 8 destinations, 8 routes (8 active, 0 holddown, 0 hidden)

to_r1.inet.0: 7 destinations, 7 routes (7 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

0.0.0.0/0     *[Static/5] 00:50:59
          > to 172.16.1.1 via ge-0/0/0.0

to_r2.inet.0: 7 destinations, 7 routes (7 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

0.0.0.0/0     *[Static/5] 00:50:59
          > to 172.16.2.1 via ge-0/0/1.0

inet6.0: 1 destinations, 1 routes (1 active, 0 holddown, 0 hidden)

 

Ciscoとの違いは、show routeでRoutingTableが見れる