Sorry Raymond I had a typo in the Config.
This would do what you want in two policies:
protocols {
bgp {
group HGC {
type external;
description peer-to-HGC-datacenter;
multihop ttl 3;
export zonasa-out;
peer-as 10032;
neighbor 10.10.24.1;
}
group zonaza {
type internal;
description iBGP-peer-to-7206;
multihop ttl 10;
local-address 203.129.80.36;
export [deny-unwanted-routes redistributed-connected];
peer-as 4841;
neighbor 203.129.64.60;
}
}
}
policy-options {
policy-statement zonasa-out {
term 1 {
from {
route-filter 202.140.160.0/20 exact accept;
}
}
then reject;
}
policy-statement deny-unwanted-routes {
term reject-routes {
from {
route-filter 203.129.80.32/28 exact reject;
}
}
}
policy-statement redistributed-connected {
term self {
then {
next-hop self;
}
}
from protocol direct;
then accept;
}
}
This would combine the two policies:
protocols {
bgp {
group HGC {
type external;
description peer-to-HGC-datacenter;
multihop ttl 3;
export zonasa-out;
peer-as 10032;
neighbor 10.10.24.1;
}
group zonaza {
type internal;
description iBGP-peer-to-7206;
multihop ttl 10;
local-address 203.129.80.36;
export zonza-iBGP-NHS;
peer-as 4841;
neighbor 203.129.64.60;
}
}
}
policy-options {
policy-statement zonasa-out {
term 1 {
from {
route-filter 202.140.160.0/20 exact accept;
}
}
then reject;
}
policy-statement zonaza-iBGP-NHS {
term reject-routes {
from {
route-filter 203.129.80.32/28 exact reject;
}
}
term self {
then {
next-hop self;
}
}
from protocol direct;
then accept;
}
}
If you wanted to reject further routes just add additional lines to the
term reject-routes.
Make sure you check for typos as this was not done on a live machine.
Gary
>-----Original Message-----
>From: Raymond Leung [mailto:rlcw@zonasa.com]
>Sent: 01 February 2002 00:54
>To: Gary Tate
>Subject: RE: [j-nsp] how to make a filter list on bgp?
>
>
>actually i would like to filter the router 203.129.80.32/28
>advertise to
>203.129.64.60
>
>what should i do ?
>
>At 05:01 PM 1/31/2002 +0000, you wrote:
>>Do you mean coming in from peer-as 10032 and being advertised out via
>>you iBGP? If so use an import policy on group HGC rejecting
>the route.
>>(this makes more sense to me as you would have different policies for
>>each of the eBGP peers which is good fro operations)
>>
>>Do you mean just stop advertisement of this prefix from this
>BGP speaker
>>via iBGP peer 203.129.64.60? If so then add an export policy
>>deny-routes rejecting this route. You could combine it with export
>>redistribute-connected (name would make much sense though).
>>
>>protocols {
>> bgp {
>> group HGC {
>> type external;
>> description peer-to-HGC-datacenter;
>> multihop ttl 3;
>> export zonasa-out;
>> peer-as 10032;
>> neighbor 10.10.24.1;
>> }
>> group zonaza {
>> type internal;
>> description iBGP-peer-to-7206;
>> multihop ttl 10;
>> local-address 203.129.80.36;
>> export [deny-routes redistributed-connected];
>> peer-as 4841;
>> neighbor 203.129.64.60;
>> }
>> }
>>}
>>policy-options {
>> policy-statement zonasa-out {
>> term 1 {
>> from {
>> route-filter 202.140.160.0/20 exact accept;
>> }
>> }
>> then reject;
>> }
>> policy-statement deny-routes {
>> term 1 {
>> from {
>> route-filter 202.140.160.0/20 exact reject;
>> }
>> }
>> then accept;
>> }
>> policy-statement redistributed-connected { <<< Does this work?
>> term self {
>> then {
>> next-hop self;
>> }
>> }
>> from protocol direct;
>> then accept;
>> }
>>}
>>
>>Combined policy would look like this:
>>policy-options {
>> policy-statement iBGP-out {
>> term deny-routes {
>> from {
>> route-filter 202.140.160.0/20 exact reject;
>> }
>> }
>> term accept-routes-NHS {
>> from {
>> from protocol direct;
>> from protocol bgp;
>> }
>> then {
>> next-hop self;
>> accept;
>> }
>> }
>>}
>>
>>You'll no doubt get answers from policy gurus that can do all this on
>>one line:)
>>
>>Gary
>>
>> >-----Original Message-----
>> >From: Raymond Leung [mailto:rlcw@zonasa.com]
>> >Sent: 31 January 2002 16:31
>> >To: juniper-nsp@puck.nether.net
>> >Cc: rlcw@zonasa.com
>> >Subject: [j-nsp] how to make a filter list on bgp?
>> >
>> >
>> >protocols {
>> > bgp {
>> > group HGC {
>> > type external;
>> > description peer-to-HGC-datacenter;
>> > multihop ttl 3;
>> > export zonasa-out;
>> > peer-as 10032;
>> > neighbor 10.10.24.1;
>> > }
>> > group zonaza {
>> > type internal;
>> > description iBGP-peer-to-7206;
>> > multihop ttl 10;
>> > local-address 203.129.80.36;
>> > export redistributed-connected;
>> > peer-as 4841;
>> > neighbor 203.129.64.60;
>> > }
>> > }
>> >}
>> >policy-options {
>> > policy-statement zonasa-out {
>> > term 1 {
>> > from {
>> > route-filter 202.140.160.0/20 exact accept;
>> > }
>> > }
>> > then reject;
>> > }
>> > policy-statement redistributed-connected {
>> > term self {
>> > then {
>> > next-hop self;
>> > }
>> > }
>> > from protocol direct;
>> > then accept;
>> > }
>> >}
>> >
>> >if would like to filter the route which is 203.129.80.36/28 to
>> >my IBGP ,
>> >what should i do ?
>> >
>> >please advice. thx.
>> >
>> >With Regards,
>> >
>> >
>> >Raymond Leung
>> >Network Analyst
>> >Zonasa Network Limited
>> >
>> >
>> >Suite 903,Technology Plaza
>> >651 King's Road
>> >Quarry Bay
>> >Hong Kong
>> >
>> >AS4841 Object Maintainer
>> >
>> >
>> >
>
>With Regards,
>
>
>Raymond Leung
>Network Analyst
>Zonasa Network Limited
>
>
>Suite 903,Technology Plaza
>651 King's Road
>Quarry Bay
>Hong Kong
>
>AS4841 Object Maintainer
>
>
>
This archive was generated by hypermail 2b29 : Mon Aug 05 2002 - 10:42:39 EDT