Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[SRX] Source-based routing configuration example

0

0

Article ID: KB23300 KB Last Updated: 25 Mar 2020Version: 7.0
Summary:
This article provides an example of how to configure source-based routing on SRX, which is similar to the functionality found on ScreenOS devices.
Symptoms:
  • How to configure Filter Based Forwarding to route packets, which are based on source and destination routes.

  • The default behavior is to configure the route based on only destination routes. 

  • In this example, Filter Based Forwarding (FBF) will select how traffic is to be routed to either ISP1 or ISP2.
Solution:
To explain source-based routing on SRX, an example of two groups of users is used; one that will go through a lower bandwidth (ISP1) and the other group of users will go through a higher bandwidth (ISP2).

Assume that the PCs from 192.168.10.2 to 192.168.10.126 will go through ISP1. Similarly, PCs from 192.168.10.129 to 192.168.10.254 will go through ISP2.  All PCs will come in via ge-0/0/0.0, ISP1 is connected to fe-0/0/2.0, and ISP2 is connected to fe-0/0/3.0.
 
interfaces {                           
    ge-0/0/0 {
        unit 0 {
            family inet {
                filter {
                    input 2nd-ISP;
                }
                address 192.168.10.128/24;
            }
        }
    }
    fe-0/0/2 {
        unit 0 {
            description ISP1;
            family inet {
                address 1.1.1.1/24;
            }
        }
    }
    fe-0/0/3 {
        unit 0 {
            description ISP2;
            family inet {
                address 1.2.2.1/24;   
            }
        }
    }
}
Configure a firewall family inet filter which is based on the source address of the PCs on the higher bandwidth ISP. Once the interested source IP range is filtered, you can then forward to the routing-instance of the ISP2 routing table.
firewall {
    family inet {
        filter 2nd-ISP {
            term 0 {
                from {
                    source-address {
                        192.168.10.128/25;
                    }
                }
                then {
                    routing-instance 2nd-router;
                }
            }
            term 1 {
                then accept;
            }
        }
    }
   
}
You can then configure the routing-instance in which the packet will be forwarded for ISP2.
routing-instances {
    2nd-router {
        instance-type forwarding;
        routing-options {               
            static {
                route 0.0.0.0/0 next-hop 1.2.2.254;
            }
        }
    }
}

You can now directly import the connected routes into the routing-tables for the appropriate routing-instance.
routing-options {
    interface-routes {
        rib-group inet 2nd-router;
    }
    static {
         route 0.0.0.0/0 next-hop 1.1.1.254;
    }
    rib-groups {
        2nd-router {
            import-rib [inet.0 2nd-router.inet.0];
        }
    }
}
Modification History:
2020-03-25: Article reviewed for accuracy; it is valid and accurate

Related Links

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search