[j-nsp] As-path filtering via policy

Cliff DeGuzman cliff at juniper.net
Fri Apr 11 23:59:29 EDT 2003 

Mario,

Try adding a 'then reject' in your first policy

> lab at SJ-R1#
> policy-statement EBGP-Import-0 {
>     term Customer-AS-Only {
>         from as-path C1;
>         then next policy;
>     }
      then reject		<<<<<<  or you can put this inside
another term
> }

Without this, the default action is 'accept', so any route that doesn't
match your from 'as-path C1' gets accepted.

Regards,
Cliff

> -----Original Message-----
> From: Junoguy [mailto:junoguy at earthlink.net] 
> Sent: Friday, April 11, 2003 10:23 PM
> To: juniper-nsp at puck.nether.net
> Cc: juniper at groupstudy.com
> Subject: [j-nsp] As-path filtering via policy
> 
> 
> Hi all.  I am up late studying and perhaps I am not seeing 
> this correctly but here it goes:
> 
> I have a customer router, call it C1, its AS# is 11.  Because 
> I do not have any other routers to advertise this route 
> (among other things) so that it shows up in my local router 
> with a different as-path, I have it configured to advertise 
> the route 200.200.0.0/23 and ADD the as-path "99 66" before 
> adding the local AS # which is 11.  C1 also has other routes 
> being advertised to my local router whos AS path have not 
> been modified.
> 
> 
> My local router that is peering to C1 has the following 
> policies and bgp
> configuration:
> 
> 
> [edit]
> lab at SJ-R1#
> policy-statement EBGP-Import-0 {
>     term Customer-AS-Only {
>         from as-path C1;
>         then next policy;
>     }
> }
> policy-statement EBGP-Import-1 {
> <snip>
> 
> as-path C1 ".* 11";
> 
> 
> 
> [edit]
> lab at SJ-R1# show protocols bgp 
> log-updown;
> group Customer-Peer {
>     type external;
>     import [ EBGP-Import-0 EBGP-Import-1 ];
>     export EBGP-Export;
>     multipath;
>     neighbor 10.200.8.1 {
>         peer-as 11;
>     }
> }
> 
> 
> Now, I am trying to filter out any routes that do not 
> originate in AS 11.  I define the as-path for which I am 
> filtering on  but the end results are not what I expect, here it is:
> 
> [edit]
> lab at SJ-R1# run show route protocol bgp 200.200/23 detail 
> 
> inet.0: 29 destinations, 29 routes (25 active, 0 holddown, 5 hidden)
> + = Active Route, - = Last Active, * = Both
> 
> 200.200.0.0/23 (1 entry, 1 announced)
>         *BGP    Preference: 170/-101<<<<<<< NOTICE THAT IT IS ACTIVE
>                 Source: 10.200.8.1
>                 Nexthop: 10.200.8.1 via fxp2.0, selected
>                 State: <Active Ext>
>                 Local AS:    77 Peer AS:    11
>                 Age: 30:43
>                 Task: BGP_11.10.200.8.1+1025
>                 Announcement bits (3): 0-KRT 
> 4-BGP.0.0.0.0+179 5-Resolve inet.0
>                 AS path: 11 99 66 I <<<<<<<< NOTICE THE AS-PATH
>                 Communities: 77:200
>                 Localpref: 100
>                 Router ID: 192.168.0.1
> 
> 
> 
> [edit]
> lab at SJ-R1#   
> 
> 
> 
> So as you can see, the route is still being accepted.  What 
> am I doing wrong?
> 
> 
> Thanks,
> 
> 
> Mario
> 
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net 
> http://puck.nether.net/mailman/listinfo/junipe> r-nsp
>

More information about the juniper-nsp mailing list