Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Example: Source-Interface-Based Routing (NSM Procedure)

 

In this example, you want to forward traffic from the 10.1.1.0/24 subnetwork to ISP 1, and forward traffic from the 10.1.2.0/24 subnetwork to ISP 2. You must configure two entries in the default trust-vr routing table and enable source-based routing. The subnetwork 10.1.1.0/24, with ethernet2/1 as the source interface and ethernet2/3 as the forwarding interface, uses the ISP 1 router (1.1.1.1) as the next hop; subnetwork 10.1.2.0/24, with ethernet2/2 as the source interface and ethernet2/4 as the forwarding interface, uses the ISP 2 router (2.2.2.2) as the next hop.

Figure 1: Source Interface-Based Routing Overview
Source Interface-Based Routing Overview

To configure source interface-based routing:

  1. Add a NetScreen-5400 device running ScreenOS 5.x, and then configure the network module:

    • In the NSM navigation tree, select Device Manager > Devices. Double-click the device object to open the device configuration.

    • Double-click the device icon to open the device configuration. In the device navigation tree, select Network > Slot.

    • Double-click slot 2 to display the slot configuration dialog box. For Card Type, select 5000-8G SPM.

    • Click OK to save the slot configuration, and then click Apply to apply the new interfaces to the device.

  2. Configure the ethernet 2/1 and ethernet 2/3 interfaces. In the device navigation tree, select Network > Interface.

  3. Double-click the ethernet2/1 interface. The General Properties screen appears. Configure the following options:

    • For Zone, select Trust.

    • For IP address and Netmask, enter 10.1.1.0/24.

    • Click OK to save your changes to the interface.

  4. Double-click the ethernet2/3 interface. The General Properties screen appears. Configure the following options:

    • For Zone, select Trust.

    • For IP address and Netmask, enter 10.1.2.0/24.

    • Click OK to save your changes to the interface.

  5. In the device navigation tree, select Network > Virtual Routers. Double-click the trust-vr virtual router. The General Properties screen appears. In the router navigation tree, select Routing Table.

  6. Select Enable Source-Based Routing.

  7. Configure the first entry. In the Source Interface-Based Routing Table area, click the Add icon.

  8. Configure the following options:

    • For Incoming Interface, select ethernet2/1.

    • For IP Address and Netmask, enter 10.1.1.0/24

    • For Interface, enter ethernet2/3.

    • For Gateway IP Address, enter 1.1.1.1

    • Click OK to save the SIBR entry.

  9. Configure the second entry. In the Source Interface-Based Routing Table area, click the Add icon.

  10. Configure the following:

    • For Incoming Interface, select ethernet2/3.

    • For IP Address and Netmask, enter 10.1.2.0/24

    • For Interface, enter ethernet2/4.

    • For Gateway IP Address, enter 2.2.2.2

    • Click OK to save the SIBR entry.

  11. Click OK to save your changes to the virtual router, and then click OK to save your changes to the device.