I know... yet another PBR question, maybe I just need clarification.
I have two 8800s, 18.104.22.168 p1-9 (can be updated to 16.latest if need be).
Those two (with mlags to access switches) play default-gateway with vrrp for my internal VLANs (servers, workstations, other things)
Those VLANs are all in the VR "VR-Mine"
The VR-Mine participates in OSPF and also has a nice fast default gateway to the Internet.
Suddenly the requirement has popped up that the workstation vlan needs to get routed to the Internet via a separate content-filtering firewall (i.e. new default gateway JUST for that vlan. Technically two, but still)
Also, we're talking both, IPv6 and IPv4 (dual-stack)
I thought "PBR/source-based-routing" would "surely" be the answer, but I'm hitting a few snags:
From what I understand, "flow-redirect" is not an option because it won't work on "user created VRs" - I'm assuming since everything happens in "VR-Mine", that is a user-created VR so I'm out of luck?
If I understand right, the next approach would be policies. Now, I understand the concept, "if source is this and destination is that, then set nexthop to the content-filter-IP". However, the only thing that I can see where I can apply that policy/access-list, is to individual ports, according to the concept guide.
If I can't apply the access list to the VR-Mine 'router', can I really not apply it to the VLAN?
Do I really have to list all the ports that are members of that vlan and apply it to those ports - presumable as "ingress" (also: if not specified, does it mean ingress and egress)? Which also makes it harder, because I would have to add a port to that rule every time I add a port to the VLAN. That's high-maintenance!
I was thinking that as a last resort, I could stick the special VLAN(s) into their own VR (VR-Theirs), and then route between VRs, but then I saw the sentence "No can do with V6".
I'm wide open to suggestions/explanations/hints. Oh, and I really want to avoid handing out the content-filter's IP as default gateway for those VLANs because of a flurry of issues that would bring with it.