routing in Juniper EX4200

I am new to Juniper switches and I am trying to understand the routing for this config. I got the following routing-options and the routing-instances in my config. How does it work?

The usergp2 is vlan200 10.10.200.0/24. I am not sure what usergp1 is as I could not find where it was defined.
10.10.200.2 and 10.10.10.2 are FWs. I am not sure what 10.10.10.3 is at this time.

routing-options {
    interface-routes {
        rib-group inet VRF-group;
    }
    static {
        route 0.0.0.0/0 next-hop 10.10.10.2;
    }
    rib-groups {
        VRF-group {
            import-rib [ inet.0 usergp1.inet.0 usergp2.inet.0 ];...
...
routing-instances {
    usergp2 {
        instance-type forwarding;
        routing-options {
            static {
                route 0.0.0.0/0 next-hop 10.10.200.2;
            }
        }
    }
    usergp1 {
        instance-type forwarding;
        routing-options {
            static {
                route 0.0.0.0/0 next-hop 10.10.10.3;
            }
        }
    }

Open in new window

LVL 1
leblancAccountingAsked:
Who is Participating?
 
dpk_walCommented:
In Junos we configure static route and other settings related to static routing or route leake using rib groups under routing-options hierarchy.
http://www.juniper.net/documentation/en_US/junos13.2/information-products/pathway-pages/ex-series/routing-options.html

routing-instance is used to create VRF.
https://www.juniper.net/techpubs/en_US/junos14.1/topics/example/bridging-vrf-ex-series.html

Looks to me usergp1 and usergp2 are two distinct routing tables where the admin wanted to have different default route.

Something where we want traffic to egress ISP link1 and then other traffic out from ISP link2.

Please let us know if you need more details.

Thank you.
0
 
pergrCommented:
In Cisco language, this configuration is part of Policy Based Routing.

There is probably a firewall list (ACL) applied to some interface or VLAN, which directs the traffic into these "instance-type forwarding" that will make a routing decision that is different than what the main routing table (inet.0) has.
0
 
leblancAccountingAuthor Commented:
What confused me is when I did the traceroute 4.2.2.2 source with usergp2 IP address, I did not going through 10.10.200.2 FW, rather I was still going through 10.10.10.2 FW. Am I missing something? I am not sure how to locate match-internal & match-external. Thanks

firewall
family inet {
...
filter usergp2-internet {
            term match-internal {
                from {
                    destination-address {
                        10.10.28.0/24;
                      }
                }
                then accept;
            }
            term match-external {
                then {
                    routing-instance usergp2;
...

Open in new window

0
 
pergrCommented:
You need to have a firewall list, saying that the source address of that user you get 'next table usergp2', and that firewall list must be applied to an interface.

Obviously, the 10.10.200.2 also need to be reachable.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.