Re: Filter Based Forwading / Policy Based Routing on Locally Originated Traffic

Hello,

Yeah, I knew about the next-interface/next-ip commands, and yes, like you said they are not available on 12.1. FYI, this can be done easily on Cisco using local PBR.

https://www.cisco.com/c/en/us/td/docs/ios/12_2/qos/configuration/guide/fqos_c/qcfpbr.html#wp1001002

I think I've already tried this configuration, but I'll give it another try.

Here's the config on J1.

set interfaces em0 unit 0 family inet address 10.1.1.1/28
set interfaces em1 unit 0 family inet filter output e1/0-out
set interfaces em1 unit 0 family inet address 10.1.1.17/28
set interfaces lo0 unit 0 family inet address 1.1.1.1/32
set interfaces lo0 unit 0 family inet address 11.11.11.11/32
set routing-options interface-routes rib-group inet intf
set routing-options rib-groups intf import-rib inet.0
set routing-options rib-groups intf import-rib fbf.inet.0
set protocols ospf area 0.0.0.0 interface em0.0
set protocols ospf area 0.0.0.0 interface em1.0
set protocols ospf area 0.0.0.0 interface lo0.0
set firewall filter e1/0-out term 1 from destination-address 5.1.1.1/32
set firewall filter e1/0-out term 1 then routing-instance fbf
set firewall filter e1/0-out term 2 then accept
set routing-instances fbf instance-type forwarding
set routing-instances fbf routing-options static route 0.0.0.0/0 next-hop 10.1.1.2

1.fbf is the routing instance, with a default route with the next-hop 10.1.1.2, which is the IP address of J2's em0 interface. 

2.intf is the rib-group which imports routes intro inet.0 and fbf.inet.0

3.e1/0-out if the output filter applied on J1 e1/0 (em1 in the config) which matches anything from destination 5.1.1.1 and throws it in the fbf routing instance, and accepts everything in term 2.

The result on J5 is... ping from 5.1.1.1 to 1.1.1.1 isn't working  anymore. As a matter of fact, ping to 1.1.1.1 isn't working at all anymore. I can still ping 11.11.11.11, which is another address configured on 

root@R5> ping 1.1.1.1 source 5.1.1.1
PING 1.1.1.1 (1.1.1.1): 56 data bytes
^C
--- 1.1.1.1 ping statistics ---
17 packets transmitted, 0 packets received, 100% packet loss

root@R5> ping 1.1.1.1
PING 1.1.1.1 (1.1.1.1): 56 data bytes
^C
--- 1.1.1.1 ping statistics ---
5 packets transmitted, 0 packets received, 100% packet loss


root@R5> ping 11.11.11.11
PING 11.11.11.11 (11.11.11.11): 56 data bytes
64 bytes from 11.11.11.11: icmp_seq=0 ttl=63 time=2.384 ms
64 bytes from 11.11.11.11: icmp_seq=1 ttl=63 time=2.896 ms
64 bytes from 11.11.11.11: icmp_seq=2 ttl=63 time=1.840 ms
64 bytes from 11.11.11.11: icmp_seq=3 ttl=63 time=2.059 ms
^C
--- 11.11.11.11 ping statistics ---
4 packets transmitted, 4 packets received, 0% packet loss
round-trip min/avg/max/stddev = 1.840/2.295/2.896/0.397 ms