[j-nsp] BGP Communities and exports
Eric Van Tol
eric at atlantech.net
Wed Oct 18 14:11:37 EDT 2006
Juniper is correct. The neighbor-specific export overrides the
group-level export configuration. What you're looking for is something
like this:
protocols {
bgp {
group ATT {
import ATT-IN;
peer-as 7018;
export ATT-OUT;
neighbor 12.x.x.x;
}
}
}
policy-statement ATT-OUT {
term 1 {
from {
policy BGP-Origination;
}
then accept;
}
}
policy-statement BGP-Origination {
term 1 {
from {
route-filter 10.59.235.0/24 exact;
}
then {
community set BGP-ORIG;
local-preference 120; <<< This isn't going to set
accept; localpref in the provider's network.
}
}
The above will allow you to modify the prefix properties, while also
allowing you to call that same policy from other provider-specific
policies.
-evt
-----Original Message-----
From: juniper-nsp-bounces at puck.nether.net
[mailto:juniper-nsp-bounces at puck.nether.net] On Behalf Of James Cornman
Sent: Wednesday, October 18, 2006 2:01 PM
To: juniper-nsp at puck.nether.net
Subject: [j-nsp] BGP Communities and exports
Hello.
I'm working on a project for which I prefer to have as granular as
possible, for controlling outbound routing announcements. The problem
I'm
running into is a 'Direct' route overriding a 'Static' (as it should)
and
Junipers protocols bgp export command not functioning properly (or me
not
having it configured properly).
Here is a snippet of the config. This has been significantly trimmed
down
for space. In addition to what is listed here, their are many other
routes to announce, hence me wanting it to be as granular as possible,
to
save cycles from modifying configs any time a new route is added.
routing-options {
static {
route 10.59.235.0/24 {
preference 240;
discard;
}
}
autonomous-system 65000;
}
interface {
ge-1/0/0 {
unit 0 {
family inet {
address 10.59.235.0/24
}
}
}
}
protocols {
bgp {
export BGP-Origination;
group ATT {
import ATT-IN;
peer-as 7018;
export ATT-OUT;
neighbor 12.x.x.x;
}
}
}
policy-options {
policy-statement ATT-IN {
term 1 {
from {
route-filter 0.0.0.0/0 upto /24;
}
then {
community set TRANSIT;
community add ATT;
local-preference 40;
accept;
}
}
}
policy-statement ATT-OUT {
term 1 {
from {
community BGP-ORIG;
}
then accept;
}
}
policy-statement BGP-Origination {
term 1 {
from {
route-filter 10.59.235.0/24 exact;
}
then {
community set BGP-ORIG;
local-preference 120;
accept;
}
}
}
}
Problem: The route 10.59.235.0/24 never gets into BGP and never gets
exported to ATT. I've found it working if I move the BGP-Origination
policy-statement to the export command within the individual BGP peer
group. I shouldn't have to do that.
I'm really aiming at getting this route into the table with the proper
community and local-pref so the community can be advertised to peers,
and
be used to control outbound announcements (policy-statement ATT-OUT),
aswell as transitting the local-pref to any iBGP peers.
I've spoke to Juniper, and they claim that the export at the 'protocols
bgp' level is being overridden, so i've attempted to have some 'next
policy' type things at the end of BGP-Origination, but that hasn't
helped.
It appears the real problem here may be the fact that the route in
question is learned via 'Direct', as opposed to the hold-down static
I've
got listed. I've also tested within BGp-Origination to have 'protocol
direct', 'protocol [ static direct ]', and various other combinations.
Let me know of any questions.
Thank You
--
James Cornman <james at crnc.net>
CRNC - http://www.crnc.net/
(v) 973-842-2300
(f) 973-842-2299
_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
More information about the juniper-nsp
mailing list