[j-nsp] Strange behavior of BGP policy
Hello,
On MX80-48T with JunOS 10.2R1.8 I have a BGP session with downstream
configured as follows:
minot...@br1-gdr.ki# show routing-instances World protocols bgp group
Downstreams
neighbor 178.214.196.6
description MHost: World;
import [ Local-Pref-400 from-MHost Deny-Rest ];
export to-MHost;
peer-as 21098;
Filtering of outgoing prefixes is performed via to-MHost policy:
minot...@br1-gdr.ki# show policy-options policy-statement to-MHost
term Default {
from {
route-filter 0.0.0.0/0 exact;
}
then reject;
}
term Itself {
from {
protocol static;
route-filter 178.214.192.0/19 exact;
}
then accept;
}
then accept;
As you can see only route 178.214.192.0/19 from static routes should be
redistributed into BGP, but I see another routes (direct, static, OSPF)
also being redistributed:
minot...@br1-gdr.ki# run show route 178.214.192.0/19 advertising-protocol bgp
178.214.196.6
World.inet.0: 337026 destinations, 668447 routes (60 active, 10 holddown,
3675
hidden)
Prefix Nexthop MED LclprefAS path
* 178.214.192.0/19SelfI
* 178.214.192.0/27Self 2 I
* 178.214.192.64/32 SelfI
* 178.214.192.65/32 Self 2 I
* 178.214.192.68/32 Self 2 I
* 178.214.192.69/32 SelfI
* 178.214.192.96/28 SelfI
* 178.214.192.128/29 SelfI
* 178.214.192.136/30 SelfI
* 178.214.192.140/30 Self 2 I
* 178.214.192.144/30 SelfI
* 178.214.193.0/30Self 2 I
* 178.214.193.4/30Self 2 I
* 178.214.194.0/30Self 2 I
* 178.214.194.4/30Self 2 I
* 178.214.195.0/24Self 2 I
* 178.214.196.4/30SelfI
Why does policy accepts another direct/static/OSPF routes?
Thanks.
--
MINO-RIPE
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Strange behavior of BGP policy
My punt would be to get rid of the last accept statement.
Without it your processing should fall through to the default BGP export
policy.
At the moment I guess you are accepting everything.
Best Regards
William Jackson
Technical Department
Sapphire Networks
-Original Message-
From: juniper-nsp-boun...@puck.nether.net
[mailto:juniper-nsp-boun...@puck.nether.net] On Behalf Of Alexander
Shikoff
Sent: 09 November 2010 11:19
To: juniper-nsp
Subject: [j-nsp] Strange behavior of BGP policy
Hello,
On MX80-48T with JunOS 10.2R1.8 I have a BGP session with downstream
configured as follows:
minot...@br1-gdr.ki# show routing-instances World protocols bgp group
Downstreams
neighbor 178.214.196.6
description MHost: World;
import [ Local-Pref-400 from-MHost Deny-Rest ];
export to-MHost;
peer-as 21098;
Filtering of outgoing prefixes is performed via to-MHost policy:
minot...@br1-gdr.ki# show policy-options policy-statement to-MHost
term Default {
from {
route-filter 0.0.0.0/0 exact;
}
then reject;
}
term Itself {
from {
protocol static;
route-filter 178.214.192.0/19 exact;
}
then accept;
}
then accept;
As you can see only route 178.214.192.0/19 from static routes should be
redistributed into BGP, but I see another routes (direct, static, OSPF)
also being redistributed:
minot...@br1-gdr.ki# run show route 178.214.192.0/19
advertising-protocol bgp
178.214.196.6
World.inet.0: 337026 destinations, 668447 routes (60 active, 10
holddown, 3675
hidden)
Prefix Nexthop MED LclprefAS
path
* 178.214.192.0/19SelfI
* 178.214.192.0/27Self 2 I
* 178.214.192.64/32 SelfI
* 178.214.192.65/32 Self 2 I
* 178.214.192.68/32 Self 2 I
* 178.214.192.69/32 SelfI
* 178.214.192.96/28 SelfI
* 178.214.192.128/29 SelfI
* 178.214.192.136/30 SelfI
* 178.214.192.140/30 Self 2 I
* 178.214.192.144/30 SelfI
* 178.214.193.0/30Self 2 I
* 178.214.193.4/30Self 2 I
* 178.214.194.0/30Self 2 I
* 178.214.194.4/30Self 2 I
* 178.214.195.0/24Self 2 I
* 178.214.196.4/30SelfI
Why does policy accepts another direct/static/OSPF routes?
Thanks.
--
MINO-RIPE
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Strange behavior of BGP policy
Hi Alexander,
When using this policy you are doing the following:
-Reject sending default route
-Sending prefix 178.214.192.0/19
-Accepting all other advertisements by BGP it's default behaviour.
I think this would be fine:
show policy-options policy-statement to-MHost
term Itself {
from {
protocol static;
route-filter 178.214.192.0/19 exact;
}
then next policy;
}
term reject {
then reject;
}
Regards,
Tim
policy-options policy-statement to-MHost
term Itself {
from {
protocol static;
route-filter 178.214.192.0/19 exact;
}
then accept;
then
next policy;
}
term reject {
then reject;
}
On 09-11-10 11:18, Alexander Shikoff wrote:
Hello,
On MX80-48T with JunOS 10.2R1.8 I have a BGP session with downstream
configured as follows:
minot...@br1-gdr.ki# show routing-instances World protocols bgp group
Downstreams
neighbor 178.214.196.6
description MHost: World;
import [ Local-Pref-400 from-MHost Deny-Rest ];
export to-MHost;
peer-as 21098;
Filtering of outgoing prefixes is performed via to-MHost policy:
minot...@br1-gdr.ki# show policy-options policy-statement to-MHost
term Default {
from {
route-filter 0.0.0.0/0 exact;
}
then reject;
}
term Itself {
from {
protocol static;
route-filter 178.214.192.0/19 exact;
}
then accept;
}
then accept;
As you can see only route 178.214.192.0/19 from static routes should be
redistributed into BGP, but I see another routes (direct, static, OSPF)
also being redistributed:
minot...@br1-gdr.ki# run show route 178.214.192.0/19 advertising-protocol bgp
178.214.196.6
World.inet.0: 337026 destinations, 668447 routes (60 active, 10 holddown,
3675
hidden)
Prefix Nexthop MED LclprefAS path
* 178.214.192.0/19SelfI
* 178.214.192.0/27Self 2 I
* 178.214.192.64/32 SelfI
* 178.214.192.65/32 Self 2 I
* 178.214.192.68/32 Self 2 I
* 178.214.192.69/32 SelfI
* 178.214.192.96/28 SelfI
* 178.214.192.128/29 SelfI
* 178.214.192.136/30 SelfI
* 178.214.192.140/30 Self 2 I
* 178.214.192.144/30 SelfI
* 178.214.193.0/30Self 2 I
* 178.214.193.4/30Self 2 I
* 178.214.194.0/30Self 2 I
* 178.214.194.4/30Self 2 I
* 178.214.195.0/24Self 2 I
* 178.214.196.4/30SelfI
Why does policy accepts another direct/static/OSPF routes?
Thanks.
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Strange behavior of BGP policy
Hi Alexander,
* Alexander Shikoff
Filtering of outgoing prefixes is performed via to-MHost policy:
minot...@br1-gdr.ki# show policy-options policy-statement to-MHost
term Default {
from {
route-filter 0.0.0.0/0 exact;
}
then reject;
}
term Itself {
from {
protocol static;
route-filter 178.214.192.0/19 exact;
}
then accept;
}
then accept;
- this makes the policy-statement accept all prefixes.
(except for 0.0.0.0/0)
As you can see only route 178.214.192.0/19 from static routes should be
redistributed into BGP, but I see another routes (direct, static, OSPF)
also being redistributed:
[...]
Why does policy accepts another direct/static/OSPF routes?
Remove the out-of-term «then accept» and I think it'll behave the way
you want, provided that the «Deny-Rest» statement does what its name
suggests.
Best regards,
--
Tore Anderson
Redpill Linpro AS - http://www.redpill-linpro.com
Tel: +47 21 54 41 27
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Strange behavior of BGP policy
On Tue, Nov 09, 2010 at 12:18:37PM +0200, Alexander Shikoff wrote:
Filtering of outgoing prefixes is performed via to-MHost policy:
minot...@br1-gdr.ki# show policy-options policy-statement to-MHost
term Default {
from {
route-filter 0.0.0.0/0 exact;
}
then reject;
}
term Itself {
from {
protocol static;
route-filter 178.214.192.0/19 exact;
}
then accept;
}
then accept;
As you can see only route 178.214.192.0/19 from static routes should be
redistributed into BGP, but I see another routes (direct, static, OSPF)
also being redistributed:
Because other direct/static/ospf routes match final 'then accept' statement.
You may either just change 'then accept' to 'then reject', or, if
you need to provide full-view to your customer, rewrite final term as
term transit {
from protocol bgp;
then accept;
}
then reject;
--
In theory, there is no difference between theory and practice.
But, in practice, there is.
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Strange behavior of BGP policy
I guess you want a reject instead of the last accept,
rgds,
Christian
Le 09/11/2010 11:18, Alexander Shikoff a écrit :
Hello,
On MX80-48T with JunOS 10.2R1.8 I have a BGP session with downstream
configured as follows:
minot...@br1-gdr.ki# show routing-instances World protocols bgp group
Downstreams
neighbor 178.214.196.6
description MHost: World;
import [ Local-Pref-400 from-MHost Deny-Rest ];
export to-MHost;
peer-as 21098;
Filtering of outgoing prefixes is performed via to-MHost policy:
minot...@br1-gdr.ki# show policy-options policy-statement to-MHost
term Default {
from {
route-filter 0.0.0.0/0 exact;
}
then reject;
}
term Itself {
from {
protocol static;
route-filter 178.214.192.0/19 exact;
}
then accept;
}
then accept;
As you can see only route 178.214.192.0/19 from static routes should be
redistributed into BGP, but I see another routes (direct, static, OSPF)
also being redistributed:
minot...@br1-gdr.ki# run show route 178.214.192.0/19 advertising-protocol bgp
178.214.196.6
World.inet.0: 337026 destinations, 668447 routes (60 active, 10 holddown,
3675
hidden)
Prefix Nexthop MED LclprefAS path
* 178.214.192.0/19SelfI
* 178.214.192.0/27Self 2 I
* 178.214.192.64/32 SelfI
* 178.214.192.65/32 Self 2 I
* 178.214.192.68/32 Self 2 I
* 178.214.192.69/32 SelfI
* 178.214.192.96/28 SelfI
* 178.214.192.128/29 SelfI
* 178.214.192.136/30 SelfI
* 178.214.192.140/30 Self 2 I
* 178.214.192.144/30 SelfI
* 178.214.193.0/30Self 2 I
* 178.214.193.4/30Self 2 I
* 178.214.194.0/30Self 2 I
* 178.214.194.4/30Self 2 I
* 178.214.195.0/24Self 2 I
* 178.214.196.4/30SelfI
Why does policy accepts another direct/static/OSPF routes?
Thanks.
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Strange behavior of BGP policy
you have then accept on the of policy to-MHost so all other routes
will be accepted
( the reject will announce only 178.214.192.0/19 from static )
Tomas
Dne 09/11/2010 11:18, Alexander Shikoff napsal(a):
Hello,
On MX80-48T with JunOS 10.2R1.8 I have a BGP session with downstream
configured as follows:
minot...@br1-gdr.ki# show routing-instances World protocols bgp group
Downstreams
neighbor 178.214.196.6
description MHost: World;
import [ Local-Pref-400 from-MHost Deny-Rest ];
export to-MHost;
peer-as 21098;
Filtering of outgoing prefixes is performed via to-MHost policy:
minot...@br1-gdr.ki# show policy-options policy-statement to-MHost
term Default {
from {
route-filter 0.0.0.0/0 exact;
}
then reject;
}
term Itself {
from {
protocol static;
route-filter 178.214.192.0/19 exact;
}
then accept;
}
then accept;
As you can see only route 178.214.192.0/19 from static routes should be
redistributed into BGP, but I see another routes (direct, static, OSPF)
also being redistributed:
minot...@br1-gdr.ki# run show route 178.214.192.0/19 advertising-protocol bgp
178.214.196.6
World.inet.0: 337026 destinations, 668447 routes (60 active, 10 holddown,
3675
hidden)
Prefix Nexthop MED LclprefAS path
* 178.214.192.0/19SelfI
* 178.214.192.0/27Self 2 I
* 178.214.192.64/32 SelfI
* 178.214.192.65/32 Self 2 I
* 178.214.192.68/32 Self 2 I
* 178.214.192.69/32 SelfI
* 178.214.192.96/28 SelfI
* 178.214.192.128/29 SelfI
* 178.214.192.136/30 SelfI
* 178.214.192.140/30 Self 2 I
* 178.214.192.144/30 SelfI
* 178.214.193.0/30Self 2 I
* 178.214.193.4/30Self 2 I
* 178.214.194.0/30Self 2 I
* 178.214.194.4/30Self 2 I
* 178.214.195.0/24Self 2 I
* 178.214.196.4/30SelfI
Why does policy accepts another direct/static/OSPF routes?
Thanks.
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Strange behavior of BGP policy
Thanks a lot to all who replied!
On Tue, Nov 09, 2010 at 01:57:00PM +0300, Alexandre Snarskii wrote:
On Tue, Nov 09, 2010 at 12:18:37PM +0200, Alexander Shikoff wrote:
Filtering of outgoing prefixes is performed via to-MHost policy:
minot...@br1-gdr.ki# show policy-options policy-statement to-MHost
term Default {
from {
route-filter 0.0.0.0/0 exact;
}
then reject;
}
term Itself {
from {
protocol static;
route-filter 178.214.192.0/19 exact;
}
then accept;
}
then accept;
As you can see only route 178.214.192.0/19 from static routes should be
redistributed into BGP, but I see another routes (direct, static, OSPF)
also being redistributed:
Because other direct/static/ospf routes match final 'then accept' statement.
You may either just change 'then accept' to 'then reject', or, if
you need to provide full-view to your customer, rewrite final term as
term transit {
from protocol bgp;
then accept;
}
then reject;
--
In theory, there is no difference between theory and practice.
But, in practice, there is.
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
--
MINO-RIPE
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
