FireBall
asked on
Juniper MX80 Routing instance & nextip
Hello ,
We have a problem with routing instances ;
we are routing some of our ip addresses on firewall filter with next-ip option is that makes latency on high loads ?
We tryed with routing instance but it does not worked , the same config was working on Ex 4500 also
This is what we tryed and not worked :
then this is what we do :
but now we are facing with a latency issue , is that should be the reason ?
We have a problem with routing instances ;
we are routing some of our ip addresses on firewall filter with next-ip option is that makes latency on high loads ?
We tryed with routing instance but it does not worked , the same config was working on Ex 4500 also
This is what we tryed and not worked :
root@mx80-core# show routing-options rib-groups SPD-Route
import-rib [ inet.0 TCP-Routes-Donus.inet.0 UDP-Routes.inet.0 TCP-Routes.inet.0 TestFW.inet.0 UDP-Routes-Donus.inet.0 DDOSRoute.inet.0 ];
root@mx80-core# show firewall filter FWDirect
term UDPFW {
from {
destination-prefix-list {
Firewall;
}
protocol udp;
}
then {
routing-instance DDOSRoute;
}
}
root@mx80-core# show routing-instances
DDOSRoute {
instance-type virtual-router;
routing-options {
static {
route 0.0.0.0/0 next-hop 37.123.98.138;
}
}
}then this is what we do :
root@mx80-core# show interfaces xe-0/0/2
unit 0 {
family inet {
address 10.10.10.5/30;
address 37.123.98.137/30;
address 178.20.227.73/29;
}
}
term UDPFW {
from {
destination-prefix-list {
Firewall;
}
protocol udp;
}
then {
next-ip 37.123.98.138/32;
}
}but now we are facing with a latency issue , is that should be the reason ?
ASKER
It is a layer3 interface
root@mx80-core# show interfaces xe-0/0/2
unit 0 {
family inet {
address 10.10.10.5/30;
address 37.123.98.137/30;
address 178.20.227.73/29;
}
}
where is FWDirect is actually set, there is no input filter FWDirect.
I see the interface definition, I see the filter definition, I do not see where the filter is applied to the interface.
I see the interface definition, I see the filter definition, I do not see where the filter is applied to the interface.
ASKER
It is on BGP port's input side
root@mx80-core# show protocols
bgp {
traceoptions {
file bgp-trace world-readable;
flag open;
flag state detail;
}
group Netdirekt {
type external;
description Netdirekt;
local-address 10.32.35.14;
import SPD-IN;
export SPD-OUT;
peer-as 43391;
neighbor 10.32.35.13;
}
group SPDMON {
type internal;
description SPD-MON;
local-address 10.32.35.14;
import SPD-MON-IN;
export SPD-MON-OUT;
cluster 10.32.35.14;
peer-as 57844;
neighbor 10.32.35.18;
}
}
root@mx80-core# show interfaces ae0
description Netdirekt;
aggregated-ether-options {
minimum-links 1;
lacp {
active;
periodic fast;
}
}
unit 0 {
family inet {
filter {
input FWDirect;
output CikisTrafik;
}
address 10.32.35.14/30;
}
}
root@mx80-core# show interfaces xe-0/0/0
gigether-options {
802.3ad ae0;
}
Which traffic do you want to subject to the policy to divert ..?
ASKER
I want to divert UDP / TCP traffic to ip addresses that is added to Firewall list
This question needs an answer!
Become an EE member today
7 DAY FREE TRIALMembers can start a 7-Day Free trial then enjoy unlimited access to the platform.
View membership options
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
On what interface are you deploying the FWDirect filter?