[j-nsp] BGP session to self over loopback interface?

Jeff Tantsura jeff.tantsura at sscplus.nl
Wed Feb 7 02:34:01 EST 2007


Hi Chuck,

If you set a community on incoming BGP prefix you could definitely match on
it on the same router in your outgoing policy.

Regards,
Jeff

> -----Original Message-----
> From: juniper-nsp-bounces at puck.nether.net [mailto:juniper-nsp-
> bounces at puck.nether.net] On Behalf Of Chuck Anderson
> Sent: woensdag 7 februari 2007 7:07
> To: juniper-nsp at puck.nether.net
> Subject: Re: [j-nsp] BGP session to self over loopback interface?
> 
> > On Feb 6, 2007, at 6:22 PM, Chuck Anderson wrote:
> > >Can I create a BGP session from/to a loopback interface on the same
> > >router?  I want to originate routes into my local BGP table so that I
> > >can apply the same export policies locally that I apply on the other
> > >routers in my I-BGP mesh.
> 
> On Tue, Feb 06, 2007 at 08:18:57PM -0500, Pete Crocker wrote:
> > I'm not sure that makes much sense. Can you give us an example of
> > what the goal is? Unlike a cisco, your routes you export to your iBGP
> > peers aren't BGP routes on the origination router. They're
> > aggregates, statics, ospf routes, connected, etc. It's a different
> > way of thinking about it, but I can only assume you're trying to
> > apply Cisco redistribution concepts to the Juniper model. An example
> > would be great to help you out.
> 
> For example, I would like to originate my BGP advertisements from a
> single router, applying communities to control which E-BGP peers will
> get the routes, and whether they will have my AS prepended on a
> per-neighbor basis:
> 
> /* Originating Router */
> protocols bgp {
>     group CORE {
> 	type internal;
> 	export [ NEXT-HOP-SELF ORIGINATE ];
> 	neighbor ...
>     }
>     group UPSTREAM1 {
> 	type external;
> 	import [ FROM-UPSTREAM1 REJECT ];
> 	export [ TO-UPSTREAM1 REJECT ];
> 	neighbor ...
>     }
> }
> policy-options {
>     policy-statement NEXT-HOP-SELF {
> 	term NEXT-HOP-SELF {
> 	    then {
> 		next-hop self;
> 	    }
> 	}
>     }
>     policy-statement ORIGINATE {
> 	term NET1 {
> 	    from {
> 		protocol [ aggregate static ];
> 		route-filter NET1/MASK1 exact;
> 	    }
> 	    then {
> 		community add TO-UPSTREAM1;
> 		community add TO-UPSTREAM2-PREPEND1;
> 		accept;
> 	    }
> 	}
> 	...
>     }
>     policy-statement TO-UPSTREAM1 {
> 	term NO-PREPEND {
> 	    from {
> 		protocol bgp;
> 		community TO-UPSTREAM1;
> 	    }
> 	    then {
> 		community delete ALL;
> 		accept;
> 	    }
>         }
> 	term ONE-PREPEND {
> 	    from {
> 		protocol bgp;
> 		community TO-UPSTREAM1-PREPEND1;
> 	    }
> 	    then {
> 		community delete ALL;
> 		as-path-prepend ASN;
> 		accept;
> 	    }
> 	}
>     }
> }
> }
> 
> Then on each of the other routers in the network, I can use the
> communities to apply the appropriate export policy actions to each
> E-BGP neighbor:
> 
> /* Other Router */
> protocols bgp {
>     group CORE {
> 	type internal;
> 	export NEXT-HOP-SELF;
> 	neighbor ...
>     }
>     group UPSTREAM2 {
> 	type external;
> 	import [ FROM-UPSTREAM2 REJECT ];
> 	export [ TO-UPSTREAM2 REJECT ];
> 	neighbor ...
>     }
> 
> }
> policy-options {
>     policy-statement NEXT-HOP-SELF {
> 	term NEXT-HOP-SELF {
> 	    then {
> 		next-hop self;
> 	    }
> 	}
>     }
>     policy-statement TO-UPSTREAM2 {
> 	term NO-PREPEND {
> 	    from {
> 		protocol bgp;
> 		community TO-UPSTREAM2;
> 	    }
> 	    then {
> 		community delete ALL;
> 		accept;
> 	    }
>         }
> 	term ONE-PREPEND {
> 	    from {
> 		protocol bgp;
> 		community TO-UPSTREAM2-PREPEND1;
> 	    }
> 	    then {
> 		community delete ALL;
> 		as-path-prepend ASN;
> 		accept;
> 	    }
> 	}
>     }
> }
> 
> In this example, UPSTREAM2's policy works just fine since it is on
> another router that receives the community tagged routes via I-BGP.
> However, UPSTREAM1, since it lives on the originating router, cannot
> use this method of applying policy as shown above, because the
> originating router doesn't have the BGP routes with the communities
> applied.  Hence I had the idea to get the originating router to behave
> like the others by creating a BGP session with itself to get the
> routes into inet.0 as type BGP with communities applied.
> Unfortunately, I couldn't get the loopback BGP session to work.
> 
> Is there another way to accomplish this?
> 
> Thanks.
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp





More information about the juniper-nsp mailing list