Networking is simple, right? You have packets, they follow routes, and everything just works. Well, not quite. Sometimes, life (or your boss or your Exam) throws you a curveball. Maybe you need to send specific traffic down an alternate path, but only on Tuesdays, when it’s raining. Enter Filter-Based Forwarding (FBF) in Junos—your new best friend for when traditional routing just doesn’t cut it.
What’s the Deal with FBF?
In a regular world, packets are forwarded based on the destination IP which is quite boring. FBF, on the other hand, lets you break the rules. Here, you can take incoming traffic, slap a tag on it, and send it off to a completely different routing table based on things like source IP, VLAN, or even what your horoscope said this morning. The real magic? You can combine this with RIB-Groups to make the entire process elegant and reusable. Think of it as your Swiss Army knife for routing.
Imagine you have a fancy routing setup with multiple VRFs. Now, wouldn’t it be nice if some routes automatically appeared in both your main routing table and a custom one without you having to copy-paste configs like a monkey? That’s what RIB-Groups do. They’re like the VIP lounge for routes—selectively inviting them to multiple RIBs without drama. Combine this with FBF, and you’re basically a routing wizard.
Let’s break it down, step by step:
Create a Routing Instance:
You’ll need an alternate RIB (it’s like a special box where your cool, handpicked routes live).
Use a type of vrf or virtual-router, depending on your needs:
<code>set routing-instances BLUE instance-type virtual-routerset routing-instances BLUE interface ge-0/0/1.0
Define a RIB-Group:
Tell Junos which routes should show up in your alternate RIB – yes this looks and feels “weird” but the [ ] are definitely needed. Remember it like this: copy it from the first table,into the second one:
<code>set routing-options rib-groups RIB-FOR-BLUE import-rib [inet.0 BLUE.inet.0]Attach the RIB-Group:
It’s time to link your routing instance to your main table, so routes flow in both directions seamlessly:
<code>set routing-instances BLUE routing-options rib-group RIB-FOR-BLUECreate a Firewall Filter:
This is where the magic happens. Match traffic based on your criteria (source IP, VLAN, Horoscope, Moonlight-Angle etc.) and point it to the new routing instance:
<code>set firewall family inet filter FBF term ROUTE-TO-BLUE from source-address 192.168.1.0/24set firewall family inet filter FBF term ROUTE-TO-BLUE then routing-instance BLUE
Apply the Filter to the Interface:
All that’s left is attaching the filter to the interface where the traffic comes in (this part is crucial and I’m sure i F*ed this up at least 2 times):
<code>set interfaces ge-0/0/0.0 family inet filter input FBFNow comes the fun part—testing! Send some traffic that matches your filter criteria and watch it take the alternate path. If it works, take a victory sip of coke (Warning: I said take a sip, not inhale through your nose – that coke is different). If something is not working, Junos has excellent logs to tell you exactly how you messed up. FBF with RIB-Groups isn’t just for showing off your Junos skills (although that’s a bonus) – It’s perfect for scenarios like policy-based routing, traffic engineering, or keeping your weird MPLS-VPN topology happy. Plus, it gives you bragging rights: “Oh, you’re still using plain old static routes? Cute.”
FBF with RIB-Group Import is a bit chaotic (at least it feels like this for me), but incredibly powerful in the right hands. So, the next time someone says, “Can we route this traffic differently, but only for Bob in Accounting?” you can smile and say, “Sure thing – Let me show you the Junos way.”
Pingback: permit-any-any.comFilter-Based Forwarding (FBF) in Junos – Because Why Not Make Routing More “Fun”?