Filtering Between RIB and FIB in Junos

I had a brief discussion on Twitter about filtering between RIB and FIB tables in Junos where participants were not sure if it was possible at all.

It appears it is possible. Here’s a very quick test with a single router, one interface and a single static route.

interfaces {
    ge-0/0/0 {
        unit 0 {
            family inet {
                address 192.168.12.1/24;
            }
        }
    }
}
routing-options {
    static {
        route 10.0.0.0/24 next-hop 192.168.12.2;
    }
}

Let’s take a look at the forwarding table before we try the filtering:

markom@J1# run show route forwarding-table family inet
Routing table: default.inet
Internet:
Destination        Type RtRef Next hop           Type Index NhRef Netif
default            perm     0                    rjct    36     
10.0.0.0/32        perm     0                    dscd    34     1
10.0.0.0/24        user     0 192.168.12.2       hold   544     3 ge-0/0/0.0
192.168.12.0/24    intf     0                    rslv   543     1 ge-0/0/0.0
192.168.12.0/32    dest     0 192.168.12.0       recv   541     1 ge-0/0/0.0
192.168.12.1/32    intf     0 192.168.12.1       locl   542     2
192.168.12.1/32    dest     0 192.168.12.1       locl   542     2
192.168.12.2/32    dest     0 192.168.12.2       hold   544     3 ge-0/0/0.0
192.168.12.255/32  dest     0 192.168.12.255     bcst   540     1 ge-0/0/0.0
224.0.0.0/4        perm     0                    mdsc    35     1
224.0.0.1/32       perm     0 224.0.0.1          mcst    31     1
255.255.255.255/32 perm     0                    bcst    32     1

Now, let’s add the filter into the configuration. The purpose here is to prevent the 10.0.0.0/24 route to make it into the forwarding table.

policy-options {
    policy-statement FILTER {
        term 10 {
            from {
                route-filter 10.0.0.0/24 exact;
            }
            then reject;
        }
        term 20 {
            then accept;
        }
    }
}
routing-options {
    forwarding-table {
        export FILTER;
    }
}

What’s the state of the forwarding table now?

markom@J1# run show route forwarding-table family inet
Routing table: default.inet
Internet:
Destination        Type RtRef Next hop           Type Index NhRef Netif
default            perm     0                    rjct    36     
10.0.0.0/32        perm     0                    dscd    34     1
192.168.12.0/24    intf     0                    rslv   543     1 ge-0/0/0.0
192.168.12.0/32    dest     0 192.168.12.0       recv   541     1 ge-0/0/0.0
192.168.12.1/32    intf     0 192.168.12.1       locl   542     2
192.168.12.1/32    dest     0 192.168.12.1       locl   542     2
192.168.12.2/32    dest     0 192.168.12.2       hold   544     2 ge-0/0/0.0
192.168.12.255/32  dest     0 192.168.12.255     bcst   540     1 ge-0/0/0.0
224.0.0.0/4        perm     0                    mdsc    35     1
224.0.0.1/32       perm     0 224.0.0.1          mcst    31     1
255.255.255.255/32 perm     0                    bcst    32     1

It appears that filtering is working, as expected. Before I end, let’s make sure the route is actually still in the RIB.

markom@J1# run show route 10.0.0.0/24 detail

inet.0: 3 destinations, 3 routes (3 active, 0 holddown, 0 hidden)
10.0.0.0/24 (1 entry, 0 announced)        
	*Static Preference: 5                
	Next hop type: Router                
	Address: 0x8f9a130                
	Next-hop reference count: 2                
	Next hop: 192.168.12.2 via ge-0/0/0.0, selected                
	State:                 
	Age: 59                 
	Task: RT                
	AS path: I

Leave a Comment


NOTE - You can use these HTML tags and attributes:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>