Configure interface-routes at the [edit routing-instances CUSTOMER-A
routing-options] hierarchy rather than the [edit routing-options] hierarchy.
Continue to define rib-groups at the [edit routing-options] hierarchy.
[edit]
root@srx210# show routing-options
rib-groups {
FBF-PBR {
import-rib [ CUSTOMER-A.inet.0 FBF-PBR.inet.0 ];
}
}
[edit]
root@srx210# show routing-instances
CUSTOMER-A {
instance-type virtual-router;
routing-options {
interface-routes {
rib-group inet FBF-PBR;
}
}
}
[edit]
root@srx210# commit check
configuration check succeeds
--Stacy
On Nov 28, 2012, at 5:39 PM, Ben Dale <[email protected]> wrote:
> Hi All,
>
> I have a requirement for performing Filter-based Forwarding on traffic that
> is ingressing via a routing-instance (instance-type virtual-router):
>
> show routing-options:
>
> interface-routes {
> rib-group inet FBF-PBR;
> }
>
> rib-groups {
> FBF-PBR {
> import-rib [ CUSTOMER-A.inet.0 FBF-PBR.inet.0 ];
> }
> }
>
> Problem I have is that I can't seem to commit without including inet.0 in the
> rib-group:
>
> root@srx240-lab# commit check
> [edit routing-options interface-routes]
> 'rib-group'
> FBF-PBR: primary rib for instance master was not found in ribgroup
> configuration.
> error: configuration check-out failed
>
> Putting inet.0 in the rib-group isn't desirable, as it exposes direct routes
> into the RI which I'm trying to hide in the first place. is there a
> better/different way to be doing this?
>
> Cheers,
>
> Ben
> _______________________________________________
> juniper-nsp mailing list [email protected]
> https://puck.nether.net/mailman/listinfo/juniper-nsp
_______________________________________________
juniper-nsp mailing list [email protected]
https://puck.nether.net/mailman/listinfo/juniper-nsp
