Master Routing Instance

По умолчанию Junos OS создаёт master routing instance.
Master routing instance включает в себя inet.0 routing table, которая используется для маршрутизации.

root@core> show route instance
Instance             Type
         Primary RIB                                     Active/holddown/hidden
master               forwarding
         inet.0                                          725/0/0

__juniper_private1__ forwarding
         __juniper_private1__.inet.0                     5/0/0

__juniper_private2__ forwarding

__master.anon__      forwarding

Junos OS также создаёт private routing instances, которые используются для внутренних уоммуникаций.

User-Defined Routing Instances

Junos OS позволяет создавать дополнительные routing instances.
Дополнительные routing instances позволяют расширить гибкость функционала устройства.

Наиболее типичными целями создания user-defined routing instances являются Filter-Based Forwarding (или policy-based routing), Layer 2 and Layer 3 VPN services, system virtualization.

Существуют следующие типы routing instance:

• forwarding: Used to implement filter-based forwarding for common Access Layer applications;
• l2vpn: Used in Layer 2 VPN implementations;
• no-forwarding: Used to separate large networks into smaller administrative entities
• virtual-router: Used for non-VPN-related applications such as system virtualization;
• vpls: Used for point-to-multipoint LAN implementations between a set of sites in a VPN;
• vrf: Used in Layer 3 VPN implementations.

Пример создания routing instance

ri-ISP-1 {
    interface ge-0/0/2.0;
    description "ri to ISP1";
    instance-type virtual-router;
    routing-options {
        static {
            route 0.0.0.0/0 {
                next-hop 87.226.186.65;
                preference 7;
            }
        }
    }
}
ri-ISP-2 {
    interface ge-0/0/0.0;
    description "ri to ISP2";
    instance-type virtual-router;
    routing-options {
        static {
            route 0.0.0.0/0 {
                next-hop 217.170.112.9;
                preference 9;
            }
        }
    }
}

После создания routing instance, Junos OS автоматически создаёт routing table:
IPv4: instance-name.inet.0
IPv6: instance-name.inet6.0

show interfaces terse routing-instance ri-ISP-1
show route table ri-ISP-1.inet.0
ping 8.8.8.8 rapid count 10 routing-instance ri-ISP-1

admin@srx> show interfaces terse routing-instance ri-ISP-1
Interface               Admin Link Proto    Local                 Remote
ge-0/0/2.0              up    up   inet     87.226.186.67/29

admin@srx> show route table ri-ISP-1.inet.0

ri-ISP-1.inet.0: 3 destinations, 3 routes (3 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

0.0.0.0/0          *[Static/7] 7w4d 21:31:19
                    >  to 87.226.186.65 via ge-0/0/2.0
87.226.186.64/29   *[Direct/0] 7w4d 21:31:19
                    >  via ge-0/0/2.0
87.226.186.67/32   *[Local/0] 7w4d 21:31:19
                       Local via ge-0/0/2.0

admin@srx> ping 8.8.8.8 rapid count 10 routing-instance ri-ISP-1
PING 8.8.8.8 (8.8.8.8): 56 data bytes
!!!!!!!!!!
--- 8.8.8.8 ping statistics ---
10 packets transmitted, 10 packets received, 0% packet loss
round-trip min/avg/max/stddev = 30.085/30.267/30.527/0.140 ms

Sharing Routes Between Routing Tables

Существует метод placing routing information in multiple tables simultaneously, этот метод называется routing information base (RIB) group.
Мы можем использовать instance-import, instance-export and auto-export

Использование routing information base (RIB) group не так интуитивно. Более понятно использовать instance-import Option.

set policy-options policy-statement policy-import_pbr-PROXY term permit-direct from instance master
set policy-options policy-statement policy-import_pbr-PROXY term permit-direct from protocol direct
set policy-options policy-statement policy-import_pbr-PROXY term permit-direct from protocol local
set policy-options policy-statement policy-import_pbr-PROXY term permit-direct then accept

set routing-instances pbr-PROXY description "pbr to PROXY"
set routing-instances pbr-PROXY instance-type forwarding
set routing-instances pbr-PROXY routing-options static route 0.0.0.0/0 next-hop 10.10.60.7
set routing-instances pbr-PROXY routing-options instance-import policy-import_pbr-PROXY

Как результат, в таблице маршрутизации pbr-PROXY мы увидим маршруты direct и local, импортированные из master:

show route table pbr-PROXY.inet.0

Далее делаем фильтр, и прикручиваем его на внутренний интерфейс:

set firewall family inet filter LAN-in_filter term match-internal-traffic10 from source-address 10.0.0.0/8
set firewall family inet filter LAN-in_filter term match-internal-traffic10 from destination-address 10.0.0.0/8
set firewall family inet filter LAN-in_filter term match-internal-traffic10 then accept
set firewall family inet filter LAN-in_filter term match-internal-traffic172 from source-address 10.0.0.0/8
set firewall family inet filter LAN-in_filter term match-internal-traffic172 from destination-address 172.16.0.0/12
set firewall family inet filter LAN-in_filter term match-internal-traffic172 then accept
set firewall family inet filter LAN-in_filter term match-internal-traffic192 from source-address 10.0.0.0/8
set firewall family inet filter LAN-in_filter term match-internal-traffic192 from destination-address 192.168.0.0/16
set firewall family inet filter LAN-in_filter term match-internal-traffic192 then accept
set firewall family inet filter LAN-in_filter term match-client_10_10_33_37 from source-address 10.10.33.37/32
set firewall family inet filter LAN-in_filter term match-client_10_10_33_37 then routing-instance pbr-PROXY
set firewall family inet filter LAN-in_filter term else_accept then accept
!
set interfaces irb unit 2 family inet filter input LAN-in_filter