Networking is simple, right? You have packets, they follow routes, and everything just works. Well, not quite. Sometimes, life (or your boss or your Exam) throws you a curveball. Maybe you need to send specific traffic down an alternate path, but only on Tuesdays, when itβs raining. Enter Filter-Based Forwarding (FBF) in Junosβyour new best friend for when traditional routing just doesnβt cut it.
Whatβs the Deal with FBF?
In a regular world, packets are forwarded based on the destination IP which is quite boring. FBF, on the other hand, lets you break the rules. Here, you can take incoming traffic, slap a tag on it, and send it off to a completely different routing table based on things like source IP, VLAN, or even what your horoscope said this morning. The real magic? You can combine this with RIB-Groups to make the entire process elegant and reusable. Think of it as your Swiss Army knife for routing.
Imagine you have a fancy routing setup with multiple VRFs. Now, wouldnβt it be nice if some routes automatically appeared in both your main routing table and a custom one without you having to copy-paste configs like a monkey? Thatβs what RIB-Groups do. Theyβre like the VIP lounge for routesβselectively inviting them to multiple RIBs without drama. Combine this with FBF, and youβre basically a routing wizard.
Letβs break it down, step by step:
Create a Routing Instance:
Youβll need an alternate RIB (it’s like a special box where your cool, handpicked routes live).
Use a type of vrf or virtual-router, depending on your needs:
<code>set routing-instances BLUE instance-type virtual-routerset routing-instances BLUE interface ge-0/0/1.0
Define a RIB-Group:
Tell Junos which routes should show up in your alternate RIB – yes this looks and feels “weird” but the [ ] are definitely needed. Remember it like this: copy it from the first table,into the second one:
<code>set routing-options rib-groups RIB-FOR-BLUE import-rib [inet.0 BLUE.inet.0]Attach the RIB-Group:
Itβs time to link your routing instance to your main table, so routes flow in both directions seamlessly:
<code>set routing-instances BLUE routing-options rib-group RIB-FOR-BLUECreate a Firewall Filter:
This is where the magic happens. Match traffic based on your criteria (source IP, VLAN, Horoscope, Moonlight-Angle etc.) and point it to the new routing instance:
<code>set firewall family inet filter FBF term ROUTE-TO-BLUE from source-address 192.168.1.0/24set firewall family inet filter FBF term ROUTE-TO-BLUE then routing-instance BLUE
Apply the Filter to the Interface:
All thatβs left is attaching the filter to the interface where the traffic comes in (this part is crucial and I’m sure i F*ed this up at least 2 times):
<code>set interfaces ge-0/0/0.0 family inet filter input FBFNow comes the fun partβtesting! Send some traffic that matches your filter criteria and watch it take the alternate path. If it works, take a victory sip of coke (Warning: I said take a sip, not inhale through your nose – that coke is different). If something is not working, Junos has excellent logs to tell you exactly how you messed up. FBF with RIB-Groups isnβt just for showing off your Junos skills (although thatβs a bonus) – Itβs perfect for scenarios like policy-based routing, traffic engineering, or keeping your weird MPLS-VPN topology happy. Plus, it gives you bragging rights: βOh, youβre still using plain old static routes? Cute.β
FBF with RIB-Group Import is a bit chaotic (at least it feels like this for me), but incredibly powerful in the right hands. So, the next time someone says, βCan we route this traffic differently, but only for Bob in Accounting?β you can smile and say, βSure thing – Let me show you the Junos way.β
