On Fri, Apr 26, 2013 at 11:14:39AM -0500, Eric Krichbaum wrote: > Thanks everyone. The policy straight to discard works for me, just annoyed > me. I really didn't want to apply a knob (similar to the disable connected > check on cisco) to do it. Trying to make these policies the same has proven > an interesting exercise and at least now I am aware of the knobs to make it > do the other.
It's technically a violation of the BGP spec to let the user arbitrarily rewrite the next-hop of a eBGP non-multihop route to something other than the directly connected interface, and the "correct" action when you do it is to reject the route for having an invalid next-hop. Of course, over here in reality land that's complete nonsense. There are perfectly legitimate reasons to do so, like the example you cited, but it took a LONG time to get this past the guys who defend the theory without regard to practice. You used to have to configure ebgp multihop everywhere to get it to relax those rules, which carries its own downsides like lack of "fast external failover" behavior. The commands like "disable-connected-check" and "accept-remote-nexthop" were the compromises between following the spec and satisfying the customer. ;) -- Richard A Steenbergen <r...@e-gerbil.net> http://www.e-gerbil.net/ras GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC) _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp