[j-nsp] Filtering on MP-BGP routes (bgp.l3vpn) in policies?

Erdem Sener erdems at gmail.com
Mon Sep 19 11:28:41 EDT 2005


 Hi,

  I'm assuming the reason you'd like to filter bgp.l3vpn routes, is to
avoid large routing tables within VRF's (such as interface routes on
another PE, which would not make sense on most scenarios).

 You could use <vrf-import> statement under routing-instances and
filter routes you don't want based on communities.

 In that case, the configuration will look like something below:

lab at Lab-M7i-1# show routing-instances deneme                              
instance-type vrf;
interface fe-1/3/1.0;
interface e1-0/0/0.0
route-distinguisher 192.168.99.201:123;
vrf-import VRF-Import-VpnA;
vrf-target target:1111:123;
routing-options {
    interface-routes {
        rib-group inet VpnA-to-OTHERs;
        family inet {
            export {
                lan;
            }
        }
    }
    static {
        rib-group VpnA-to-OTHERs;
        route 172.16.77.1/32 next-hop 172.16.10.254;
        route 20.10.10.0/24 discard;

[edit policy-options policy-statement VRF-Import-VpnA]
lab at Lab-M7i-1# show 
term Own_Routes {
    from community VpnA;
    then accept;
}
term VpnB_Routes {
    from community VpnB;
    then {
        community add VpnA;
        accept;
    }
}
term gerikalani {
    then reject;
}


 Hope this helps,
 Erdem


On 9/19/05, Johannes Resch <jr at xor.at> wrote:
> Hi,
> 
> While working on a Juniper-based BGP route-reflector setup, I came across
> the following issue:
> 
> Basically, what I want to achieve on the RRs is a export policy (applied
> on the route-reflector-client group) like the following:
> 
> x) accept inet prefixes with a certain AS-path and/or community
> x) accept inet6 prefixes with a certain AS-path and/or community
> x) accept all bgp.l3vpn routes
> 
> x) deny the rest
> 
> The first two conditions are a no-brainer, but I'm having problems
> regarding the third one.
> 
> Any applied BGP export-policy evaluates all (as in, not only inet and
> inet6, but also bgp.l3vpn) routes carried over BGP. While this seems
> natural, I was unable to find a way to generally match on MP-BGP
> (bgp.l3vpn) routes in a policy (without having to use communities, AS-path
> or the like).
> 
> JunOS in question is 7.2R1.7 on M20.
> 
> If anyone has ideas regarding this setup, I'd be grateful for suggestions.
> 
> 
> regards,
> -jr
> 
> 
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> http://puck.nether.net/mailman/listinfo/juniper-nsp
>



More information about the juniper-nsp mailing list