<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<META content="MSHTML 5.50.4616.200" name=GENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#ffffff>
<DIV><SPAN class=182343023-10022003><FONT face=Arial color=#0000ff size=2>hi
scott,</FONT></SPAN></DIV>
<DIV><SPAN class=182343023-10022003><FONT face=Arial color=#0000ff
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=182343023-10022003><FONT face=Arial color=#0000ff size=2>on the
PE router, y<FONT size=2>ou can create an import policy that strips out all
target communities
<P>(target:*:*) before advertising to other PEs.</P>
<P>cliff</P></FONT></FONT></SPAN></DIV>
<DIV><SPAN class=182343023-10022003><FONT face=Arial color=#0000ff
size=2>--------------------</FONT></SPAN></DIV>
<DIV><SPAN class=182343023-10022003><FONT face=Arial color=#0000ff
size=2>ex.</FONT></SPAN></DIV>
<DIV><SPAN class=182343023-10022003><FONT face=Arial color=#0000ff size=2><A
href="mailto:cliff@vpn04">cliff@vpn04</A># show routing-instances vpna
<BR>instance-type vrf;<BR>interface es-5/1/0.0;<BR>interface
lo0.1;<BR>vrf-target target:69:1;<BR>protocols {<BR> bgp
{<BR> group ebgp
{<BR> type
external;<BR>
import
delete-target; <<<<<<<<<<<<<<BR>
peer-as
100;<BR>
as-override;<BR>
neighbor 10.49.100.2;<BR>
}<BR> }<BR>}</FONT></SPAN></DIV>
<DIV><FONT face=Arial color=#0000ff size=2></FONT> </DIV>
<DIV><SPAN class=182343023-10022003><FONT face=Arial color=#0000ff
size=2>[edit]<BR></FONT></SPAN></DIV>
<DIV><SPAN class=182343023-10022003><FONT face=Arial color=#0000ff
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=182343023-10022003><FONT face=Arial color=#0000ff
size=2>POLICY:</FONT></SPAN></DIV>
<DIV><SPAN class=182343023-10022003><FONT face=Arial color=#0000ff size=2><A
href="mailto:cliff@vpn04">cliff@vpn04</A># show policy-options
<BR>policy-statement delete-target {<BR> term 1
{<BR> then
{<BR>
community delete
other-target;<BR>
accept;<BR> }<BR>
}<BR>}<BR>community other-target members target:*:*;</FONT></SPAN></DIV>
<DIV><FONT face=Arial color=#0000ff size=2></FONT> </DIV>
<DIV><SPAN class=182343023-10022003><FONT face=Arial color=#0000ff
size=2>[edit]<BR></FONT></SPAN></DIV>
<DIV><SPAN class=182343023-10022003><FONT face=Arial color=#0000ff
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=182343023-10022003><FONT face=Arial color=#0000ff
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=182343023-10022003><FONT face=Arial color=#0000ff
size=2>---------------</FONT></SPAN></DIV>
<DIV><SPAN class=182343023-10022003><FONT face=Arial color=#0000ff size=2><A
href="mailto:cliff@vpn04">cliff@vpn04</A># run show route receive-protocol bgp
10.49.100.2 detail </FONT></SPAN></DIV>
<DIV><FONT face=Arial color=#0000ff size=2></FONT> </DIV>
<DIV><SPAN class=182343023-10022003><FONT face=Arial color=#0000ff
size=2>inet.0: 20 destinations, 27 routes (19 active, 0 holddown, 1
hidden)</FONT></SPAN></DIV>
<DIV><FONT face=Arial color=#0000ff size=2></FONT> </DIV>
<DIV><SPAN class=182343023-10022003><FONT face=Arial color=#0000ff
size=2>inet.3: 1 destinations, 1 routes (1 active, 0 holddown, 0
hidden)</FONT></SPAN></DIV>
<DIV><FONT face=Arial color=#0000ff size=2></FONT> </DIV>
<DIV><SPAN class=182343023-10022003><FONT face=Arial color=#0000ff
size=2>vpna.inet.0: 4 destinations, 4 routes (4 active, 0 holddown, 0
hidden)<BR>* 10.49.30.0/24 (1 entry, 1 announced)<BR>
Nexthop: 10.49.100.2<BR> MED:
0<BR> AS path: 100 I<BR>
Communities: target:69:2
<<<<<<<<CE sends route with target belonging to another
VRF</FONT></SPAN></DIV>
<DIV><FONT face=Arial color=#0000ff size=2></FONT> </DIV>
<DIV><SPAN class=182343023-10022003><FONT face=Arial color=#0000ff
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=182343023-10022003><FONT face=Arial color=#0000ff size=2>Here
we strip out 'target:69:2' and send the right community.</DIV>
<DIV><BR><A href="mailto:cliff@vpn04">cliff@vpn04</A># run show route
advertising-protocol bgp 10.255.14.178 detail </FONT></SPAN></DIV>
<DIV> </DIV>
<DIV><SPAN class=182343023-10022003><FONT face=Arial color=#0000ff
size=2>...</FONT></SPAN></DIV>
<DIV><SPAN class=182343023-10022003><FONT face=Arial color=#0000ff size=2>*
10.49.30.0/24 (1 entry, 1 announced)<BR> BGP group ibgp type
Internal<BR> Route Distinguisher:
10.255.14.174:2<BR> VPN Label:
103328<BR> Nexthop: Self<BR>
MED: 0<BR> Localpref: 100<BR> AS
path: 100 I<BR> Communities:
target:69:1
<<<<<<<<<<</FONT></SPAN></DIV>
<DIV> </DIV>
<DIV><SPAN class=182343023-10022003><FONT face=Arial color=#0000ff
size=2></FONT></SPAN><SPAN class=182343023-10022003><FONT face=Arial
color=#0000ff size=2>...<BR></FONT></SPAN></DIV>
<BLOCKQUOTE dir=ltr
style="PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #0000ff 2px solid; MARGIN-RIGHT: 0px">
<DIV class=OutlookMessageHeader dir=ltr align=left><FONT face=Tahoma
size=2>-----Original Message-----<BR><B>From:</B> Scott Stoddard
[mailto:scott@gblx.net]<BR><B>Sent:</B> Monday, February 10, 2003 2:32
PM<BR><B>To:</B> juniper-nsp@puck.nether.net<BR><B>Subject:</B> [j-nsp]
Filtering Extended Communities from VPN-CE's<BR><BR></FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2> Does anyone know of a way to
do this? After hooking up a juniper as a CE in a l3vpn, I was able to tag
extended VPN communities on routes advertised to the PE and since we are
redistributing based on communities in the core side of the VPN I was able to
advertise these blocks into another completely different vrf... I want to
allow people to use standard communities but deny any extended that would
allow them to introduce their blocks to a neighbor vpn. Thanks.</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>--Scott</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV></BLOCKQUOTE></BODY></HTML>