Configuring Filter-Based Forwarding (FBF) on Juniper

Filter-Based Forwarding (FBF) or (for some vendor is also called Policy Based Routing (PBR)) is a simple method to route IP traffic to different interfaces on the basis of Layer 3 parameters (e.g. source or destination IP) or Layer 4 parameters (source or destination ports).

Example:

Objective:
– to configure R1 to forward traffic originating from HostX under 10.10.1.0/24 to use ISP-X to reach Server 20.20.20.1
– to configure R1 to forward traffic originating form HostY under 10.20.1.0/24 to use ISP-Y to reach Server 20.20.20.1

Steps:

  1. Create and apply match filter

Configure:

# set firewall family inet filter FBF term TrafficX from source-address 10.10.1.0/24
# set firewall family inet filter FBF term TrafficX then routing-instance ISP-X
# set firewall family inet filter FBF term TrafficY from source-address 10.20.1.0/24
# set firewall family inet filter FBF term TrafficY then routing-instance ISP-Y

#set interfaces ge-0/0/2 unit 0 family inter filter input FBF
#set interfaces ge-0/0/2 unit 0 family inter filter input FBF

2. Create routing instances

Configure:

#set routing-instance ISP-X instance-type forwarding
#set routing-instance ISP-X routing-options static route 0.0.0.0/0 next-hop 192.168.0.2
#set routing-instance ISP-Y instance-type forwarding
#set routing-instance ISP-Y routing-options static route 0.0.0.0/0 next-hop 192.168.1.2

3. Create RIB group

Configure:

#set routing-options rib-groups FBF-RIB-GROUP import-rib inet.0
#set routing-options rib-groups FBF-RIB-GROUP import-rib ISP-X.inet.0
#set routing-options rib-groups FBF-RIB-GROUP import-rib ISP-Y.inet.0
#set routing-options interface-routes rib-group inet FBF-RIB-GROUP

Verification:

show route table ISP-X.inet.0
show route table ISP-Y.inet.0
traceroute -s 10.10.1.99 20.20.20.1
traceroute -s 10.20.1.99 20.20.20.1

Be First to Comment

Leave a Reply

Your email address will not be published. Required fields are marked *