[j-nsp] BGP session to self over loopback interface?
Jeff Tantsura
jeff.tantsura at sscplus.nl
Wed Feb 7 02:34:01 EST 2007
Hi Chuck,
If you set a community on incoming BGP prefix you could definitely match on
it on the same router in your outgoing policy.
Regards,
Jeff
> -----Original Message-----
> From: juniper-nsp-bounces at puck.nether.net [mailto:juniper-nsp-
> bounces at puck.nether.net] On Behalf Of Chuck Anderson
> Sent: woensdag 7 februari 2007 7:07
> To: juniper-nsp at puck.nether.net
> Subject: Re: [j-nsp] BGP session to self over loopback interface?
>
> > On Feb 6, 2007, at 6:22 PM, Chuck Anderson wrote:
> > >Can I create a BGP session from/to a loopback interface on the same
> > >router? I want to originate routes into my local BGP table so that I
> > >can apply the same export policies locally that I apply on the other
> > >routers in my I-BGP mesh.
>
> On Tue, Feb 06, 2007 at 08:18:57PM -0500, Pete Crocker wrote:
> > I'm not sure that makes much sense. Can you give us an example of
> > what the goal is? Unlike a cisco, your routes you export to your iBGP
> > peers aren't BGP routes on the origination router. They're
> > aggregates, statics, ospf routes, connected, etc. It's a different
> > way of thinking about it, but I can only assume you're trying to
> > apply Cisco redistribution concepts to the Juniper model. An example
> > would be great to help you out.
>
> For example, I would like to originate my BGP advertisements from a
> single router, applying communities to control which E-BGP peers will
> get the routes, and whether they will have my AS prepended on a
> per-neighbor basis:
>
> /* Originating Router */
> protocols bgp {
> group CORE {
> type internal;
> export [ NEXT-HOP-SELF ORIGINATE ];
> neighbor ...
> }
> group UPSTREAM1 {
> type external;
> import [ FROM-UPSTREAM1 REJECT ];
> export [ TO-UPSTREAM1 REJECT ];
> neighbor ...
> }
> }
> policy-options {
> policy-statement NEXT-HOP-SELF {
> term NEXT-HOP-SELF {
> then {
> next-hop self;
> }
> }
> }
> policy-statement ORIGINATE {
> term NET1 {
> from {
> protocol [ aggregate static ];
> route-filter NET1/MASK1 exact;
> }
> then {
> community add TO-UPSTREAM1;
> community add TO-UPSTREAM2-PREPEND1;
> accept;
> }
> }
> ...
> }
> policy-statement TO-UPSTREAM1 {
> term NO-PREPEND {
> from {
> protocol bgp;
> community TO-UPSTREAM1;
> }
> then {
> community delete ALL;
> accept;
> }
> }
> term ONE-PREPEND {
> from {
> protocol bgp;
> community TO-UPSTREAM1-PREPEND1;
> }
> then {
> community delete ALL;
> as-path-prepend ASN;
> accept;
> }
> }
> }
> }
> }
>
> Then on each of the other routers in the network, I can use the
> communities to apply the appropriate export policy actions to each
> E-BGP neighbor:
>
> /* Other Router */
> protocols bgp {
> group CORE {
> type internal;
> export NEXT-HOP-SELF;
> neighbor ...
> }
> group UPSTREAM2 {
> type external;
> import [ FROM-UPSTREAM2 REJECT ];
> export [ TO-UPSTREAM2 REJECT ];
> neighbor ...
> }
>
> }
> policy-options {
> policy-statement NEXT-HOP-SELF {
> term NEXT-HOP-SELF {
> then {
> next-hop self;
> }
> }
> }
> policy-statement TO-UPSTREAM2 {
> term NO-PREPEND {
> from {
> protocol bgp;
> community TO-UPSTREAM2;
> }
> then {
> community delete ALL;
> accept;
> }
> }
> term ONE-PREPEND {
> from {
> protocol bgp;
> community TO-UPSTREAM2-PREPEND1;
> }
> then {
> community delete ALL;
> as-path-prepend ASN;
> accept;
> }
> }
> }
> }
>
> In this example, UPSTREAM2's policy works just fine since it is on
> another router that receives the community tagged routes via I-BGP.
> However, UPSTREAM1, since it lives on the originating router, cannot
> use this method of applying policy as shown above, because the
> originating router doesn't have the BGP routes with the communities
> applied. Hence I had the idea to get the originating router to behave
> like the others by creating a BGP session with itself to get the
> routes into inet.0 as type BGP with communities applied.
> Unfortunately, I couldn't get the loopback BGP session to work.
>
> Is there another way to accomplish this?
>
> Thanks.
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
More information about the juniper-nsp
mailing list