Anyone have experience using conditions in bgp import policies? Normally in our core we point v4/v6 default to discard like I suspect most here do. I have default route from a transit provider of last resort that I want to activate "when I need to". With all of its caveats of the approach in general, I'm looking at use 'policy-options condition' to install said default if I believe I've become isolated. In my lab I'm testing with v4 [would use this for v4 as well] and am using 8.8.4.0/24 as a proof of concept.
'if-route-exists' does not have a built in negation so I tried to roll my own as follows. 0.0.0.0/0 is still being rejected [by import policy] despite no 8.8.8.0/24 in the RIB. This occurs even from a BGP clear when I can confirm 8.8.8.0/24 was not in the local RIB during the entire BGP startup process. I thought about doing a generated route, but I like the safety net idea of requiring the advertisement over BGP from this specific peer to be present. Thought I'd try asking here before going to JTAC. I respect this may evolve into a "bad idea in general" discussion. -Michael ==========/================= ########## my config cooldude@r-mx2010-lab-re1# show policy-options policy-statement conditional-bgp term google-reachable { from { route-filter 0.0.0.0/0 exact; condition route-to-google-dns; } then reject; } term google-unreachable { from { route-filter 0.0.0.0/0 exact; } then { preference 1; accept; } } cooldude@r-mx2010-lab-re1# show policy-options condition route-to-google-dns if-route-exists { 8.8.8.0/24; table inet.0; } ############## 8.8.8.0/24 not present cooldude@r-mx2010-lab-re1# run show route 8.8.8.0/24 {master}[edit] cooldude@r-mx2010-lab-re1# ################## hidden default cooldude@r-mx2010-lab-re1# run show route 0.0.0.0/0 exact hidden extensive table inet.0 inet.0: 595731 destinations, 1191437 routes (595721 active, 9 holddown, 3 hidden) 0.0.0.0/0 (3 entries, 1 announced) State: <FlashAll> TSI: KRT in-kernel 0.0.0.0/0 -> {} OSPF area : 0.0.0.0, LSA ID : 0.0.0.0, LSA type : Extern Page 0 idx 0, (group iBGP-reflector type Internal) Type 5 val 0x2023c080 (addpath tsi) Addpath Path ID: 1 Source route: Static Advertised metrics: Nexthop: Self Localpref: 100 AS path: [65010] I Communities: (AddPath PathId) Advertise: 00000007 Path 0.0.0.0 Vector len 4. Val: 0 BGP /-101 Next hop type: Router, Next hop index: 775 Address: 0xaa35900 Next-hop reference count: 1415662 Source: X.Y.33.86 Next hop: X.Y.33.86 via ae1.3106, selected Session Id: 0x14b State: <Hidden Ext> Inactive reason: Unusable path Local AS: 65010 Peer AS: 3128 Age: 5:00 Validation State: unverified Task: BGP_3128.X.Y.33.86+52615 AS path: 3128 I AS path: Recorded Localpref: 100 Router ID: X.Y.32.2 Hidden reason: rejected by import policy BGP /-101 Next hop type: Router, Next hop index: 774 Address: 0x26409e0c Next-hop reference count: 1571275 Source: X.Y.33.76 Next hop: X.Y.33.76 via ae0.3105, selected Session Id: 0x14c State: <Hidden Ext> Inactive reason: Unusable path Local AS: 65010 Peer AS: 3128 Age: 5:00 Validation State: unverified Task: BGP_3128.X.Y.33.76+62875 AS path: 3128 I AS path: Recorded Localpref: 100 Router ID: X.Y.32.1 Hidden reason: rejected by import policy _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp