[j-nsp] RE: bgp config changes (was: autonomous-system N loops L)

Joe Soricelli jms at juniper.net
Fri Dec 12 16:37:17 EST 2003 

> You cannot use a Juniper "prefix-list" for this either, since 
> jnpr's prefix lists are actually... lists of prefixes... and 
> don't let you do any "orlonger" type processing. I always 
> found this an incredibly annoying damper in the otherwise 
> handy ability to use use a prefix-list in a firewall term, 
> since you still have to duplicate the entire list in both a 
> policy route-filter list and a prefix-list...

An ER has been opened for this. It would allow a prefix-list to be
applied within a policy as 'from prefix-list foo orlonger'. This would
allow a single prefix-list to be used in a firewall and a policy and
have them both represent the "complete" subnets.

FWIW,
Joe

> -----Original Message-----
> From: juniper-nsp-bounces at puck.nether.net 
> [mailto:juniper-nsp-bounces at puck.nether.net] On Behalf Of 
> Richard A Steenbergen
> Sent: Friday, December 12, 2003 4:18 PM
> To: bbird at epik.net
> Cc: Pedro Marques; juniper-nsp at puck.nether.net
> Subject: Re: [j-nsp] RE: bgp config changes (was: 
> autonomous-system N loops L)
> 
> 
> On Fri, Dec 12, 2003 at 03:56:51AM -0500, bbird at epik.net wrote:
> > 
> > The reason I mentioned import policy, is because of an 
> event that was 
> > originally attributed to the behavior you've described.  
> The policy I 
> > changed on a neighbor, was a prefix-limit filter.  And upon making 
> > that change, I discovered other neighbors being reset.  In the 
> > configuration template, the prefix-limit is neither import 
> nor export 
> > policy.  However, I equate this to a test condition on import, more 
> > than an export policy.  I was later advised, that this 
> shouldn't have 
> > occurred, and wouldn't if I upgraded to something newer 
> (speaking only 
> > of the prefix-limit).
> 
> Oooh, another good point. Honk if you miss Cisco's style of 
> having prefix-lists available seperately from route-maps. I 
> for one sure do.
> 
> The ability to do prefix filtering in policy-statements is 
> certainly a good thing, no question there, but it is not a 
> true replacement for the equivilent of Cisco's "neighbor 
> x.x.x.x prefix-list whatever" filtering.  
> Creating a policy-statement per customer and using 
> route-filter statements is nasty, and creates unnecessary 
> complications for IRR based prefix-list generation scripts.
> 
> You cannot use a Juniper "prefix-list" for this either, since 
> jnpr's prefix lists are actually... lists of prefixes... and 
> don't let you do any "orlonger" type processing. I always 
> found this an incredibly annoying damper in the otherwise 
> handy ability to use use a prefix-list in a firewall term, 
> since you still have to duplicate the entire list in both a 
> policy route-filter list and a prefix-list...
> 
> My kingdom for a prefix-list which supports the route-filter 
> type prefix 
> modifiers, and a "neighbor x.x.x.x prefix-list" statement...
> 
> -- 
> Richard A Steenbergen <ras at nlayer.net>              
> http://www.nlayer.net/
> GPG Key ID: 0xDA93CCE6 (D8E1 B8DD 486F 
> B161 FA92 C2C5 113E BA5E DA93 CCE6)
> nLayer Communications, Inc.                        Chief 
> Technical Officer
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net 
> http://puck.nether.net/mailman/listinfo/junipe> r-nsp
>

More information about the juniper-nsp mailing list