Sorry I did not see the invert match condition. Were you looking at 'show route receive-protocol bgp ..." or 'show route' command?
On 10/6/09, Alexander Shikoff <minot...@crete.org.ua> wrote: > On Tue, Oct 06, 2009 at 02:59:02PM -0400, Stefan Fouant wrote: >> On Tue, Oct 6, 2009 at 1:52 PM, Alexander Shikoff >> <minot...@crete.org.ua>wrote: >> >> > Hello All, >> > >> > I have M10i router and need to strip BGP communities that don't match >> > regex >> > pattern. >> > >> > I've configured BGP community: >> > [edit policy-options] >> > minot...@br1-gdr.ki# show community Prohibited >> > invert-match; >> > members "^((9002)|(21011)|(13228)):([0-5])$"; >> > >> > Then I've created policy-statement and applied it to neighbour's import: >> > [edit] >> > minot...@br1-gdr.ki# show policy-options policy-statement >> > from-Downstream >> > then { >> > community delete Prohibited; >> > next policy; >> > } >> > >> > [edit] >> > minot...@br1-gdr.ki# show protocols bgp group Downlinks-Default-Only >> > neighbor 91.200.195.18 >> > description "Downlink: UOS"; >> > import [ from-Downstream from-UOS ]; >> > peer-as 42546; >> > >> > But communities that don't match "^((9002)|(21011)|(13228)):([0-5])$" >> > are >> > still associated with prefixes that I receive from downstream: >> > >> > * 91.202.39.0/24 (2 entries, 1 announced) >> > Accepted >> > Nexthop: 91.200.195.18 >> > AS path: 42546 42546 42546 42546 44532 44532 I >> > AS path: Recorded >> > Communities: 65535:1111 65535:9002 >> > >> >> Your community string match "^((9002)|(21011)|(13228)):([0-5])$" won't >> work >> here because you are looking for 9002 in the first portion of the >> community >> string (before the colon :), however, the community string you've received >> from your peer has 9002 in the second portion of the community string >> (after >> the colon :). > > But my community has invert-match in configuration, so it should match > all communities except > 9002:[0-5] > 21011:[0-5] > 13228:[0-5] > > Thus policy should strip all communities including 65535:1111 and > 65535:9002. > Is that right? > > -- > MINO-RIPE > -- Stefan Fouant _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp