JUNOS Routing Policy
在 JUNOS 稱之為 Routing Policy or Filter-Based Forwarding,不過一般我們比較常叫他 Policy Based Route。
Example
以下例子為我要將 port 80 的 traffic 從原本的 routing 裡另外轉送到指定的路由器去,如果以 port 80 為例,通常 ISP 是拿來做 TCS(Transparent Cache Switching),且由於 Cache Server 現在都可以帶原本的 Real Client IP 繼續往外送,回來的時候封包再次經過 Cache Server,就可以達到 Cache 的效果了,且使用者完全不會知道。如果是用於 port 25,則是可以處理類似 Transparent SPAM。
routing-options {
interface-routes {
rib-group {
inet fbf-group;
inet6 fbf-group-inet6;
}
}
rib inet.0 {
static {
route 0.0.0.0/0 next-hop 10.255.31.254;
route 10.38.0.0/16 next-hop 10.255.255.1;
}
}
rib inet6.0 {
static {
route ::/0 next-hop 2001:b030:ffff:31::254;
route 2001:b030:ffff:38::/60 next-hop 2001:b030:ffff:255::1;
}
}
rib-groups {
fbf-group {
import-rib [ inet.0 outgo_to_SLB_inet.inet.0 income_to_SLB_inet.inet.0 ];
}
fbf-group-inet6 {
import-rib [ inet6.0 income_to_SLB_inet6.inet6.0 outgo_to_SLB_inet6.inet6.0 ];
}
}
}
firewall {
family inet {
filter outgo_inet {
term outgo_dst_80 {
from {
source-address {
10.38.0.0/16;
}
destination-port 80;
}
then {
routing-instance outgo_to_SLB_inet;
}
}
term default {
then accept;
}
}
filter income_inet {
term income_src_80 {
from {
destination-address {
10.38.0.0/16;
}
source-port 80;
}
then {
routing-instance income_to_SLB_inet;
}
}
term default {
then accept;
}
}
}
family inet6 {
filter outgo_inet6 {
term outgo_dst_80 {
from {
source-address {
2001:b030:ffff:38::/64;
}
destination-port 80;
}
then {
routing-instance outgo_to_SLB_inet6;
}
}
term default {
then accept;
}
}
filter income_inet6 {
term income_src_80 {
from {
destination-address {
2001:b030:ffff:38::/64;
}
source-port 80;
}
}
term default {
then accept;
}
}
}
}
routing-instances {
income_to_SLB_inet {
instance-type forwarding;
routing-options {
static {
route 10.38.0.0/16 next-hop 10.255.254.101;
}
}
}
income_to_SLB_inet6 {
instance-type forwarding;
routing-options {
rib income_to_SLB_inet6.inet6.0 {
static {
route 2001:b030:ffff:38::/64 next-hop 2001:b030:ffff:f4::101;
}
}
}
}
outgo_to_SLB_inet {
instance-type forwarding;
routing-options {
static {
route 0.0.0.0/0 next-hop 10.255.253.101;
}
}
}
outgo_to_SLB_inet6 {
instance-type forwarding;
routing-options {
rib outgo_to_SLB_inet6.inet6.0 {
static {
route ::/0 next-hop 2001:b030:ffff:f3::101;
}
}
}
}
}
interfaces {
vlan {
unit 31 {
family inet {
filter {
input income_inet;
}
}
family inet6 {
filter {
input income_inet6;
}
}
}
unit 3255 {
family inet {
filter {
input outgo_inet;
}
}
family inet6 {
filter {
input outgo_inet6;
}
}
}
}
}