Actually this diagram worked perfectly with given conf but this time we need to add fwdonus filter to all of the irb units.
we should add this on the ex return because it is in family bridge mode and does not accept the routing because of tagged vlan trunks.
Or we will build all vlans on EX4500 and clean the traffic on the up but this time we have too many vlans and ex getting difficulties
root@mx80-core# show firewall
filter FWDirect {
term UDPFW {
from {
destination-prefix-list {
Firewall;
}
protocol udp;
}
then {
log;
next-ip 10.10.10.6/32;
}
}
term TCPFW {
from {
destination-prefix-list {
Firewall;
}
protocol tcp;
tcp-flags 0x02,0x10,0x12,0x18;
}
then {
count TCPFWTR;
log;
next-ip 10.10.10.2/32;
}
}
term ICMP {
from {
destination-prefix-list {
Firewall;
}
protocol icmp;
}
then {
count SAYAC;
next-ip 10.10.10.2/32;
}
}
term FWBlok {
from {
destination-prefix-list {
Firewall;
}
}
then {
count Bloklanan;
discard;
}
}
term Default {
then accept;
}
}
filter rpf-filter {
term default {
then {
count rpf-failed-count;
reject;
}
}
}
filter CikisTrafik {
term icNetwork {
from {
source-prefix-list {
SPD-PREFIX-LIST;
}
}
then accept;
}
term ISP {
from {
source-address {
10.32.35.12/30;
}
}
then accept;
}
term 500 {
then {
count DroppedSpoof;
discard;
}
}
}
filter FWDonus {
term TrafikYonlendir {
from {
source-prefix-list {
Firewall;
}
}
then {
routing-instance TCP-Routes-Donus;
}
}
term 500 {
then accept;
}
}
root@mx80-core# show interfaces xe-0/0/1
unit 0 {
family inet {
address 10.10.10.1/30;
}
}
[edit]
root@mx80-core# show interfaces xe-0/0/2
unit 0 {
family inet {
address 10.10.10.5/30;
}
}
[edit]
root@mx80-core# show interfaces ae0
description Netdirekt;
aggregated-ether-options {
minimum-links 1;
lacp {
active;
periodic fast;
}
}
unit 0 {
family inet {
filter {
input FWDirect;
output CikisTrafik;
}
sampling {
input;
output;
}
address 10.32.35.14/30;
}
}
[edit]
root@mx80-core# show interfaces irb unit 100
family inet {
filter {
input FWDonus;
}
