[j-nsp] BGP session to self over loopback interface?
Rafał Szarecki
rszarecki at gmail.com
Wed Feb 7 03:00:39 EST 2007
Hi,
In JUNOS, you can add community in _export_ policy to prefix, regardless of
their originating protocol (yes, for ospf and isis routes also).
Moreover for static, aggregate and generate routes, you can add community
when you create such routes, so they are in RIB and can be used as policy
match criteria.
Your problem is that you have some non-BGP routes, which you want to send to
UPSTREAM1, but as they are not marked by community, You do not know which
they are.So:
- if this routes are static, aggregate or generate, you can add community
under 'routing-option [static|aggregate|generate] route x.x.x.x/y next hop
z.z.z.z community aaaa:bbbb'
- if this routes are ospf/isis, then you have to fing another way: prefix
match, use ospf/isis TAG to mark prefix at router when prefix is inserted to
IGP, etc. Please note that even you create BPG session to yourself, you
still has to export this routes to BGP, and write some policy to add
community...
Of course loopback BGP can't work - RID are equal. Even more there is a risk
of routing loops. What should work is creation of VR or LR and then connect
global/default routing instance with VR/LR via external interface or
logical-tunel interface. Then essentialy you have two routers in one
chassis, with two lo0 interfacess and different IP addresses. Then this will
work.
2007/2/7, Chuck Anderson <cra at wpi.edu>:
>
> > On Feb 6, 2007, at 6:22 PM, Chuck Anderson wrote:
> > >Can I create a BGP session from/to a loopback interface on the same
> > >router? I want to originate routes into my local BGP table so that I
> > >can apply the same export policies locally that I apply on the other
> > >routers in my I-BGP mesh.
>
> On Tue, Feb 06, 2007 at 08:18:57PM -0500, Pete Crocker wrote:
> > I'm not sure that makes much sense. Can you give us an example of
> > what the goal is? Unlike a cisco, your routes you export to your iBGP
> > peers aren't BGP routes on the origination router. They're
> > aggregates, statics, ospf routes, connected, etc. It's a different
> > way of thinking about it, but I can only assume you're trying to
> > apply Cisco redistribution concepts to the Juniper model. An example
> > would be great to help you out.
>
> For example, I would like to originate my BGP advertisements from a
> single router, applying communities to control which E-BGP peers will
> get the routes, and whether they will have my AS prepended on a
> per-neighbor basis:
>
> /* Originating Router */
> protocols bgp {
> group CORE {
> type internal;
> export [ NEXT-HOP-SELF ORIGINATE ];
> neighbor ...
> }
> group UPSTREAM1 {
> type external;
> import [ FROM-UPSTREAM1 REJECT ];
> export [ TO-UPSTREAM1 REJECT ];
> neighbor ...
> }
> }
> policy-options {
> policy-statement NEXT-HOP-SELF {
> term NEXT-HOP-SELF {
> then {
> next-hop self;
> }
> }
> }
> policy-statement ORIGINATE {
> term NET1 {
> from {
> protocol [ aggregate static ];
> route-filter NET1/MASK1 exact;
> }
> then {
> community add TO-UPSTREAM1;
> community add TO-UPSTREAM2-PREPEND1;
> accept;
> }
> }
> ...
> }
> policy-statement TO-UPSTREAM1 {
> term NO-PREPEND {
> from {
> protocol bgp;
> community TO-UPSTREAM1;
> }
> then {
> community delete ALL;
> accept;
> }
> }
> term ONE-PREPEND {
> from {
> protocol bgp;
> community TO-UPSTREAM1-PREPEND1;
> }
> then {
> community delete ALL;
> as-path-prepend ASN;
> accept;
> }
> }
> }
> }
> }
>
> Then on each of the other routers in the network, I can use the
> communities to apply the appropriate export policy actions to each
> E-BGP neighbor:
>
> /* Other Router */
> protocols bgp {
> group CORE {
> type internal;
> export NEXT-HOP-SELF;
> neighbor ...
> }
> group UPSTREAM2 {
> type external;
> import [ FROM-UPSTREAM2 REJECT ];
> export [ TO-UPSTREAM2 REJECT ];
> neighbor ...
> }
>
> }
> policy-options {
> policy-statement NEXT-HOP-SELF {
> term NEXT-HOP-SELF {
> then {
> next-hop self;
> }
> }
> }
> policy-statement TO-UPSTREAM2 {
> term NO-PREPEND {
> from {
> protocol bgp;
> community TO-UPSTREAM2;
> }
> then {
> community delete ALL;
> accept;
> }
> }
> term ONE-PREPEND {
> from {
> protocol bgp;
> community TO-UPSTREAM2-PREPEND1;
> }
> then {
> community delete ALL;
> as-path-prepend ASN;
> accept;
> }
> }
> }
> }
>
> In this example, UPSTREAM2's policy works just fine since it is on
> another router that receives the community tagged routes via I-BGP.
> However, UPSTREAM1, since it lives on the originating router, cannot
> use this method of applying policy as shown above, because the
> originating router doesn't have the BGP routes with the communities
> applied. Hence I had the idea to get the originating router to behave
> like the others by creating a BGP session with itself to get the
> routes into inet.0 as type BGP with communities applied.
> Unfortunately, I couldn't get the loopback BGP session to work.
>
> Is there another way to accomplish this?
>
> Thanks.
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
--
Rafał Szarecki JNCIE
+48602418971
More information about the juniper-nsp
mailing list