JuniperNetworks,Inc.1194NorthMathildaAvenueSunnyvale,CA94089USA4087452000or888JUNIPER©2001,JuniperNetworks,Inc.ContentsExecutiveSummary............................................................3Filter-basedForwardingDefined.................................................3PacketClassification.......................................................3FilterActions.............................................................3Filter-basedForwardingExample............................................4SampleSyntax.................................................................4Filter-basedForwardingApplications.............................................6OpenAccess..............................................................7BGP/MPLSVPNs(RFC2547bis)............................................7TrafficEngineeringWithoutMPLS..........................................9Conclusion...................................................................10Acronyms....................................................................10ListofFiguresFigure1:SamplePacketFlow...................................................4Figure2:NetworkTopologyforSampleSyntaxExample...........................5Figure3:SupportforProviderOpenAccessRequirements..........................7Figure4:SupportforBGP/MPLSVPNs..........................................8Figure5:TheAlternativePolicy-BasedRoutingSolution............................9Figure6:SupportforRudimentaryTrafficEngineering.............................9Copyright©2001,JuniperNetworks,Inc.3ExecutiveSummaryFilter-basedforwardingenablesyoutoconfigurepacketfiltersthatclassifypacketsbasedonheaderinformation,suchasIPsourceaddress,IPdestinationaddress,IPprotocolfield,sourceanddestinationTCP/UDPportnumbers.Ifapacketmatchestheconditionsofthefilter,thentraditionaldestination-basedforwardingoccursusingtheroutingtablethatisspecifiedintheacceptactionofthefilterdefinitionlanguage.Filter-basedforwardingprovidesaverysimpleyetpowerfultool:apolicy-basedroutingtableselector.Filter-basedForwardingDefinedFilter-basedforwardingallowsyoutocontrolthenext-hopselectionforcustomertrafficbydefiningapacketfilterthatexaminesthefieldsinapacket'sheader.Ifapacketsatisfiesthematchconditionsofthefilter,thepacketisforwardedusingtheroutingtableinstancespecifiedinthefilteractionstatement.Configurefilter-basedforwardingonlyasaninputpacketfilter;theuseofthisfeatureisnotsupportedonoutputpacketfilters.PacketClassificationThepacketfiltercanclassifypacketsbasedonanyofthefieldsthatcanbeexaminedbytheJUNOS™Internetsoftwarefilterdefinitionlanguage.Thesefieldsincludethefollowing. Sourceand/ordestinationIPaddresses Protocolnumber Sourceand/ordestinationportnumbers IPprecedencevalue DSCPvalue IPoptions TCPflags Packetlength ICMPtype Incomingand/oroutgoinglogicalorphysicalinterfaceFilterActionsIfapacketsatisfiestheconditionsofthefilter,youcanspecifythefilteractionknownasarouting-instance.Thisfilteractionallowsyoutospecifytheroutingtableinstancethatisusedtoforwardtrafficthatmatchesthefilter'sconditions.Oncetheroutingtableisidentified,traditionaldestination-basedroutingoccurs.Inadditiontotherouting-instanceaction,youcanalsospecifythefollowingactionmodifiersinthefilter. Alert Count Log Output-queueFilter-basedForwarding4Copyright©2001,JuniperNetworks,Inc. PLP Police SampleFilter-basedForwardingExampleFigure1illustratesasamplepacketflowwhereaninputpacketfilterisusedtoclassifypackets,andeachpacketisforwardedtoadifferentnexthopusingdifferentroutingtablesbasedontheresultofthepacketclassificationprocess.Figure1:SamplePacketFlowInthisexample,incomingpacketsarriveonif_1.EachpacketisexaminedbytheInternetProcessorII™ASICusinganinputpacketfilter.IfthepacketmatchesTerm1ofthefilter,thendestination-basedforwardingoccursusingRTT_A.IfthepacketmatchesTerm2ofthefilter,thendestination-basedforwardingoccursusingRTT_B.IfthepacketmatchesTerm3ofthefilter,thendestination-basedforwardingoccursusingRTT_C.NotethatJUNOSsoftwaredoesnotcurrentlysupporttheabilitytomaptrafficflowstoanLSP.SampleSyntaxThissectionprovidessamplesyntaxthatillustrateshowyoucanconfigurefilter-basedforwardingonanM-seriesrouter.Thefirstconfigurationfragmentdefinesapacketfilterthatdirectscustomertraffictoanext-hoprouterinISP1orISP2basedonthepacket'ssourceaddress.Figure2showsthenetworktopologyforthisexample.MatchInputFilterMatchTermAMatchTermCRTT_ARTT_BRTT_COut_If_4Out_If_3Out_If_2TermBIn_If_1Copyright©2001,JuniperNetworks,Inc..5Filter-basedForwardingFigure2:NetworkTopologyforSampleSyntaxExampleIfthepackethasasourceaddressassignedtoanISP1customer,thendestination-basedforwardingoccursusingtheisp1-route-table.IfthepackethasasourceaddressassignedtoanISP2customer,thendestination-basedforwardingoccursusingtheisp2-route-table.Ifapacketdoesnotmatcheitheroftheseconditions,thenthepacketisacceptedbythefilter,andthendestination-basedforwardingoccursusingthestandardinet.0routingtable.filterclassify-cus