On Tue, Oct 6, 2009 at 1:52 PM, Alexander Shikoff <minot...@crete.org.ua>wrote:
> Hello All, > > I have M10i router and need to strip BGP communities that don't match regex > pattern. > > I've configured BGP community: > [edit policy-options] > minot...@br1-gdr.ki# show community Prohibited > invert-match; > members "^((9002)|(21011)|(13228)):([0-5])$"; > > Then I've created policy-statement and applied it to neighbour's import: > [edit] > minot...@br1-gdr.ki# show policy-options policy-statement from-Downstream > then { > community delete Prohibited; > next policy; > } > > [edit] > minot...@br1-gdr.ki# show protocols bgp group Downlinks-Default-Only > neighbor 91.200.195.18 > description "Downlink: UOS"; > import [ from-Downstream from-UOS ]; > peer-as 42546; > > But communities that don't match "^((9002)|(21011)|(13228)):([0-5])$" are > still associated with prefixes that I receive from downstream: > > * 91.202.39.0/24 (2 entries, 1 announced) > Accepted > Nexthop: 91.200.195.18 > AS path: 42546 42546 42546 42546 44532 44532 I > AS path: Recorded > Communities: 65535:1111 65535:9002 > Your community string match "^((9002)|(21011)|(13228)):([0-5])$" won't work here because you are looking for 9002 in the first portion of the community string (before the colon :), however, the community string you've received from your peer has 9002 in the second portion of the community string (after the colon :). BTW, you can test your regex expression before inserting it into policy to see if it works by doing a 'show route community "^((9002)|(21011)|(13228)):([0-5])$" detail'. This will give you some indication as to whether or not your community string match will work one you put it into policy. HTHs. -- Stefan Fouant _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp