Hello,
I am currently to attempting to find a means of using BGP FlowSpec on Junos 18.2R1.9 using a MX5-T in a edge routing scenario to redirect traffic. As the goal is only to redirect specific traffic (destination/source) towards different next-hop destinations and override the default best path, the BGP FlowSpec is not a locked in decision.
Currently the BGP-FlowSpec aspect of this is working as far as I am aware (discard works) however, the redirection action is not working as expected which is what I am mainly looking for. From my current understanding, in order to accomplish a redirect using BGP FlowSpec using Junos, a routing-instance needs to be configured alongside a community and policy-statement etc. I was working off of this https://tgregory.org/2018/01/31/bgp-flowspec-redirect-with-exabgp/ but found myself quite confused and lost. Also, this article slightly differs in the objective. The routing-instance type decision still leaves quite a lot of doubt for myself at the moment.
The routing-instance is configured as follows.
user@host> show configuration routing-instances redirect { instance-type forwarding; routing-options { rib redirect.inet.0 { static { defaults { resolve; } route 0.0.0.0/0 { next-hop x.x.x.x; resolve; } } } } }
The other configuration follows.
user@host> show configuration protocols bgp group internal-peers { type internal; local-address x.x.x.x; family inet { unicast; flow { no-validate flowspec; } } neighbor <address of bgp speaker>; } user@host> show configuration policy-options policy-statement flowspec { term redirect { from community ON-RAMP; to instance redirect_test; then accept; } } community ON-RAMP members redirect:666:666;
The BGP-FlowSpec is also being received and is in the route table as follows.
user@host> show route table inetflow.0 detail <src>,<dst>/term:1 (1 entry, 1 announced) *BGP Preference: 170/-101 Next hop type: Fictitious, Next hop index: 0 Address: 0x3709d68 Next-hop reference count: 1 Next hop: State: <Active Int Ext> Local AS: <asn> Peer AS: <asn> Age: 16:59:05 Validation State: unverified Task: BGP_<ASN>.<address of bgp speaker>+179 Announcement bits (1): 0-Flow AS path: ? Communities: redirect:666:666 Accepted Localpref: 100 Router ID: <address of bgp speaker>
But alas, no redirection happens. Junos recognizes and matches the specifed traffic accordingly and was observed through the show firewall packet counters. I can't quite post the full configuration for various reasons. I am also not asking for troubleshooting but moreso input on the approach. I apologize if this is poorly written or makes no sense at times. I'm still quite new to this and this is only a lab environment (sort of) so it is only experiment. Any help (or scrutiny) would be greatly appreciated!
No comments:
Post a Comment