Hi Dan,
I found this:
"BGP is the only protocol to which you can apply routing policies that
reference policies and policy objects configured in the dynamic database"
http://www.juniper.net/documentation/en_US/junos12.3/topics/usage-guidelines/policy-configuring-dynamic-routing-policies.html
adam
>
Adam Vitkovsky
IP Engineer
T: 0333 006 5936
E: adam.vitkov...@gamma.co.uk
W: www.gamma.co.uk
This is an email from Gamma Telecom Ltd, trading as “Gamma”. The contents of
this email are confidential to the ordinary user of the email address to which
it was addressed. This email is not intended to create any legal relationship.
No one else may place any reliance upon it, or copy or forward all or any of it
in any form (unless otherwise notified). If you receive this email in error,
please accept our apologies, we would be obliged if you would telephone our
postmaster on +44 (0) 808 178 9652 or email postmas...@gamma.co.uk
Gamma Telecom Limited, a company incorporated in England and Wales, with
limited liability, with registered number 04340834, and whose registered office
is at 5 Fleet Place London EC4M 7RD and whose principal place of business is at
Kings House, Kings Road West, Newbury, Berkshire, RG14 5BY.
-----Original Message-----
> From: juniper-nsp [mailto:juniper-nsp-boun...@puck.nether.net] On Behalf
> Of Dan Farrell
> Sent: Monday, October 26, 2015 6:34 PM
> To: Nitzan Tzelniker
> Cc: juniper-nsp@puck.nether.net
> Subject: Re: [j-nsp] dynamic-db for prefix-list filter on ex3200, ex2200
>
> Hi Nitzan,
>
> Thanks for your reply- I think you're right. To further add info and split the
> documentation and feature-set hairs-
>
>
>
> - At least from 9.5 this is stated to be usable by EX series.
>
> - BUT! All docs that reference dynamic-db do so with routing
> policies,
> and show support for only M, MX, and T.
>
> - JUNOS-on-EX does not error out on the configuration (as it would,
> for
> example, when configuring BGP on an EX2200-C).
>
> The use-case is loading large numbers of prefixes for filtering purposes
> without having to churn the unit with a typical commit operation and it's
> associated churn. I'd hate to have to migrate to MX because EX can't/won't
> do it.
>
> Cheers!
>
> Dan
>
> From: Nitzan Tzelniker [mailto:nitzan.tzelni...@gmail.com]
> Sent: Monday, October 26, 2015 2:19 PM
> To: Dan Farrell <da...@appliedi.net>
> Cc: juniper-nsp@puck.nether.net
> Subject: Re: [j-nsp] dynamic-db for prefix-list filter on ex3200, ex2200
>
> Dan,
>
> AFAIK dynamic-db is for routing policy only it dose not work for firewall
> filters
>
> Nitzan
>
>
> On Mon, Oct 26, 2015 at 7:29 PM, Dan Farrell
> <da...@appliedi.net<mailto:da...@appliedi.net>> wrote:
> Howdy List,
>
> I can't seem to get a dynamic-db prefix-list to work correctly on either an
> ex3200 or ex2200 on JUNOS 12.3 and 12.10.
> I'm starting to suspect it simply won't work on these models (or maybe on
> EX-series at all, or maybe only on routing policies).
>
> Using a dynamic-db prefix-list in a filter leads to NO packets passing on the
> interface it is instantiated on. (tested on l2 and l3 interface filtering).
>
> It seems to be a simple implementation (create the same prefix-list name in
> the normal configuration as the dynamic-db prefix list and tag it
> 'dynamic-db',
> then use in a filter), so I'm currently not suspecting myself as the culprit.
>
>
> Combining manual prefixes with the dynamic-db in one prefix-list results in
> only the manual prefixes being honored, while the dynamic-db ones are still
> ignored (same as above).
>
>
> Thanks list!
>
>
> Also, here's my configuration's relevant parts:
>
> DYNAMIC CONFIGURATION:
> ========================
> policy-options {
> prefix-list badips {
>
> 192.168.75.35/32<http://t.sidekickopen03.com/e1t/c/5/f18dQhb0S7lC8dDM
> PbW2n0x6l2B9nMJW7t5XYg3LjyGCW8q-
> mCP4XX_G8VQsxsT56dNv4f7SpRnW02?t=http%3A%2F%2F192.168.75.35%2F
> 32&si=6603779591372800&pi=2f49fcc1-2375-495f-ad7d-295df3bd9fff>;
>
> 192.168.75.100/32<http://t.sidekickopen03.com/e1t/c/5/f18dQhb0S7lC8dD
> MPbW2n0x6l2B9nMJW7t5XYg3LjyGCW8q-
> mCP4XX_G8VQsxsT56dNv4f7SpRnW02?t=http%3A%2F%2F192.168.75.100%2
> F32&si=6603779591372800&pi=2f49fcc1-2375-495f-ad7d-295df3bd9fff>;
>
> 192.168.100.251/32<http://t.sidekickopen03.com/e1t/c/5/f18dQhb0S7lC8dD
> MPbW2n0x6l2B9nMJW7t5XYg3LjyGCW8q-
> mCP4XX_G8VQsxsT56dNv4f7SpRnW02?t=http%3A%2F%2F192.168.100.251%
> 2F32&si=6603779591372800&pi=2f49fcc1-2375-495f-ad7d-295df3bd9fff>;
> }
> }
>
>
>
>
> STATIC CONFIGURATION:
> ======================
> policy-options {
> prefix-list badips {
> dynamic-db;
>
> 1.1.1.1/32<http://t.sidekickopen03.com/e1t/c/5/f18dQhb0S7lC8dDMPbW2n
> 0x6l2B9nMJW7t5XYg3LjyGCW8q-
> mCP4XX_G8VQsxsT56dNv4f7SpRnW02?t=http%3A%2F%2F1.1.1.1%2F32&si=
> 6603779591372800&pi=2f49fcc1-2375-495f-ad7d-295df3bd9fff>;
> }
> }
>
> firewall {
> family inet {
> filter blocktest {
> term block-dy {
> from {
> destination-prefix-list {
> badips;
> }
> }
> then {
> discard;
> }
> }
> term allow-all-else {
> then accept;
> }
> }
> }
> }
>
> interfaces {
> vlan {
> unit 33 {
> family inet {
> filter {
> input blocktest;
> }
> address
> 192.168.78.1/24<http://t.sidekickopen03.com/e1t/c/5/f18dQhb0S7lC8dDMP
> bW2n0x6l2B9nMJW7t5XYg3LjyGCW8q-
> mCP4XX_G8VQsxsT56dNv4f7SpRnW02?t=http%3A%2F%2F192.168.78.1%2F2
> 4&si=6603779591372800&pi=2f49fcc1-2375-495f-ad7d-295df3bd9fff>;
> }
> }
> }
> }
>
> vlans {
> noc24-test {
> vlan-id 33;
> interface {
> ge-0/0/3.0;
> }
> l3-interface vlan.33;
> }
> }
>
>
>
> Dan Farrell
> Applied Innovations Corp.
> d...@appliedi.net<mailto:d...@appliedi.net>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp@puck.nether.net<mailto:juniper-
> n...@puck.nether.net>
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
