Solved

routing in Juniper EX4200

Posted on 2014-11-14
4
497 Views
Last Modified: 2014-12-01
I am new to Juniper switches and I am trying to understand the routing for this config. I got the following routing-options and the routing-instances in my config. How does it work?

The usergp2 is vlan200 10.10.200.0/24. I am not sure what usergp1 is as I could not find where it was defined.
10.10.200.2 and 10.10.10.2 are FWs. I am not sure what 10.10.10.3 is at this time.

routing-options {
    interface-routes {
        rib-group inet VRF-group;
    }
    static {
        route 0.0.0.0/0 next-hop 10.10.10.2;
    }
    rib-groups {
        VRF-group {
            import-rib [ inet.0 usergp1.inet.0 usergp2.inet.0 ];...
...
routing-instances {
    usergp2 {
        instance-type forwarding;
        routing-options {
            static {
                route 0.0.0.0/0 next-hop 10.10.200.2;
            }
        }
    }
    usergp1 {
        instance-type forwarding;
        routing-options {
            static {
                route 0.0.0.0/0 next-hop 10.10.10.3;
            }
        }
    }

Open in new window

0
Comment
Question by:leblanc
  • 2
4 Comments
 
LVL 32

Accepted Solution

by:
dpk_wal earned 167 total points
ID: 40445531
In Junos we configure static route and other settings related to static routing or route leake using rib groups under routing-options hierarchy.
http://www.juniper.net/documentation/en_US/junos13.2/information-products/pathway-pages/ex-series/routing-options.html

routing-instance is used to create VRF.
https://www.juniper.net/techpubs/en_US/junos14.1/topics/example/bridging-vrf-ex-series.html

Looks to me usergp1 and usergp2 are two distinct routing tables where the admin wanted to have different default route.

Something where we want traffic to egress ISP link1 and then other traffic out from ISP link2.

Please let us know if you need more details.

Thank you.
0
 
LVL 17

Assisted Solution

by:pergr
pergr earned 333 total points
ID: 40445636
In Cisco language, this configuration is part of Policy Based Routing.

There is probably a firewall list (ACL) applied to some interface or VLAN, which directs the traffic into these "instance-type forwarding" that will make a routing decision that is different than what the main routing table (inet.0) has.
0
 
LVL 1

Author Comment

by:leblanc
ID: 40445764
What confused me is when I did the traceroute 4.2.2.2 source with usergp2 IP address, I did not going through 10.10.200.2 FW, rather I was still going through 10.10.10.2 FW. Am I missing something? I am not sure how to locate match-internal & match-external. Thanks

firewall
family inet {
...
filter usergp2-internet {
            term match-internal {
                from {
                    destination-address {
                        10.10.28.0/24;
                      }
                }
                then accept;
            }
            term match-external {
                then {
                    routing-instance usergp2;
...

Open in new window

0
 
LVL 17

Assisted Solution

by:pergr
pergr earned 333 total points
ID: 40445774
You need to have a firewall list, saying that the source address of that user you get 'next table usergp2', and that firewall list must be applied to an interface.

Obviously, the 10.10.200.2 also need to be reachable.
0

Featured Post

VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Cisco VSS or VCP on GNS3 or IOU 3 116
access vs trunk with voice vlan 2 44
Connect two buildings 6 34
Stacked switch question 7 23
AWS has developed and created its highly available global infrastructure allowing users to deploy and manage their estates all across the world through the use of the following geographical components   RegionsAvailability ZonesEdge Locations  Wh…
In the world of WAN, QoS is a pretty important topic for most, if not all, networks. Some WAN technologies have QoS mechanisms built in, but others, such as some L2 WAN's, don't have QoS control in the provider cloud.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

778 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question