RE: [j-nsp] how to make a filter list on bgp?

From: Gary Tate (gtate@juniper.net)
Date: Thu Jan 31 2002 - 12:01:43 EST

Do you mean coming in from peer-as 10032 and being advertised out via
you iBGP? If so use an import policy on group HGC rejecting the route.
(this makes more sense to me as you would have different policies for
each of the eBGP peers which is good fro operations)

Do you mean just stop advertisement of this prefix from this BGP speaker
via iBGP peer 203.129.64.60? If so then add an export policy
deny-routes rejecting this route. You could combine it with export
redistribute-connected (name would make much sense though).

protocols {
     bgp {
         group HGC {
             type external;
             description peer-to-HGC-datacenter;
             multihop ttl 3;
             export zonasa-out;
             peer-as 10032;
             neighbor 10.10.24.1;
         }
         group zonaza {
             type internal;
             description iBGP-peer-to-7206;
             multihop ttl 10;
             local-address 203.129.80.36;
             export [deny-routes redistributed-connected];
             peer-as 4841;
             neighbor 203.129.64.60;
         }
     }
}
policy-options {
     policy-statement zonasa-out {
         term 1 {
             from {
                 route-filter 202.140.160.0/20 exact accept;
             }
         }
         then reject;
     }
     policy-statement deny-routes {
         term 1 {
             from {
                 route-filter 202.140.160.0/20 exact reject;
             }
         }
         then accept;
     }
     policy-statement redistributed-connected { <<< Does this work?
         term self {
             then {
                 next-hop self;
             }
         }
         from protocol direct;
         then accept;
     }
}

Combined policy would look like this:
policy-options {
     policy-statement iBGP-out {
         term deny-routes {
             from {
                 route-filter 202.140.160.0/20 exact reject;
             }
         }
         term accept-routes-NHS {
                from {
                      from protocol direct;
                 from protocol bgp;
             }
             then {
                 next-hop self;
                   accept;
             }
      }
}

You'll no doubt get answers from policy gurus that can do all this on
one line:)

Gary

>-----Original Message-----
>From: Raymond Leung [mailto:rlcw@zonasa.com]
>Sent: 31 January 2002 16:31
>To: juniper-nsp@puck.nether.net
>Cc: rlcw@zonasa.com
>Subject: [j-nsp] how to make a filter list on bgp?
>
>
>protocols {
> bgp {
> group HGC {
> type external;
> description peer-to-HGC-datacenter;
> multihop ttl 3;
> export zonasa-out;
> peer-as 10032;
> neighbor 10.10.24.1;
> }
> group zonaza {
> type internal;
> description iBGP-peer-to-7206;
> multihop ttl 10;
> local-address 203.129.80.36;
> export redistributed-connected;
> peer-as 4841;
> neighbor 203.129.64.60;
> }
> }
>}
>policy-options {
> policy-statement zonasa-out {
> term 1 {
> from {
> route-filter 202.140.160.0/20 exact accept;
> }
> }
> then reject;
> }
> policy-statement redistributed-connected {
> term self {
> then {
> next-hop self;
> }
> }
> from protocol direct;
> then accept;
> }
>}
>
>if would like to filter the route which is 203.129.80.36/28 to
>my IBGP ,
>what should i do ?
>
>please advice. thx.
>
>With Regards,
>
>
>Raymond Leung
>Network Analyst
>Zonasa Network Limited
>
>
>Suite 903,Technology Plaza
>651 King's Road
>Quarry Bay
>Hong Kong
>
>AS4841 Object Maintainer
>
>
>

This archive was generated by hypermail 2b29 : Mon Aug 05 2002 - 10:42:39 EDT