====== JUNOS Routing Policy ====== 在 JUNOS 稱之為 Routing Policy or Filter-Based Forwarding,不過一般我們比較常叫他 Policy Based Route。 ===== Example ===== 以下例子為我要將 port 80 的 traffic 從原本的 routing 裡另外轉送到指定的路由器去,如果以 port 80 為例,通常 ISP 是拿來做 TCS(Transparent Cache Switching),且由於 Cache Server 現在都可以帶原本的 Real Client IP 繼續往外送,回來的時候封包再次經過 Cache Server,就可以達到 Cache 的效果了,且使用者完全不會知道。如果是用於 port 25,則是可以處理類似 Transparent SPAM。 routing-options { interface-routes { rib-group { inet fbf-group; inet6 fbf-group-inet6; } } rib inet.0 { static { route 0.0.0.0/0 next-hop 10.255.31.254; route 10.38.0.0/16 next-hop 10.255.255.1; } } rib inet6.0 { static { route ::/0 next-hop 2001:b030:ffff:31::254; route 2001:b030:ffff:38::/60 next-hop 2001:b030:ffff:255::1; } } rib-groups { fbf-group { import-rib [ inet.0 outgo_to_SLB_inet.inet.0 income_to_SLB_inet.inet.0 ]; } fbf-group-inet6 { import-rib [ inet6.0 income_to_SLB_inet6.inet6.0 outgo_to_SLB_inet6.inet6.0 ]; } } } firewall { family inet { filter outgo_inet { term outgo_dst_80 { from { source-address { 10.38.0.0/16; } destination-port 80; } then { routing-instance outgo_to_SLB_inet; } } term default { then accept; } } filter income_inet { term income_src_80 { from { destination-address { 10.38.0.0/16; } source-port 80; } then { routing-instance income_to_SLB_inet; } } term default { then accept; } } } family inet6 { filter outgo_inet6 { term outgo_dst_80 { from { source-address { 2001:b030:ffff:38::/64; } destination-port 80; } then { routing-instance outgo_to_SLB_inet6; } } term default { then accept; } } filter income_inet6 { term income_src_80 { from { destination-address { 2001:b030:ffff:38::/64; } source-port 80; } } term default { then accept; } } } } routing-instances { income_to_SLB_inet { instance-type forwarding; routing-options { static { route 10.38.0.0/16 next-hop 10.255.254.101; } } } income_to_SLB_inet6 { instance-type forwarding; routing-options { rib income_to_SLB_inet6.inet6.0 { static { route 2001:b030:ffff:38::/64 next-hop 2001:b030:ffff:f4::101; } } } } outgo_to_SLB_inet { instance-type forwarding; routing-options { static { route 0.0.0.0/0 next-hop 10.255.253.101; } } } outgo_to_SLB_inet6 { instance-type forwarding; routing-options { rib outgo_to_SLB_inet6.inet6.0 { static { route ::/0 next-hop 2001:b030:ffff:f3::101; } } } } } interfaces { vlan { unit 31 { family inet { filter { input income_inet; } } family inet6 { filter { input income_inet6; } } } unit 3255 { family inet { filter { input outgo_inet; } } family inet6 { filter { input outgo_inet6; } } } } }