[j-nsp] Translating Cisco to Juniper/policy-statements
nanbu
snow at nanbu.org
Sun Jul 22 23:29:08 EDT 2007
If it is me, I will write it as fellows.
* juniper
protocols {
bgp {
group HOGE {
neighbor 1.1.1.1 {
import [ AS-FILTER PREFIX-FILTER ];
}
}
}
}
policy-options {
prefix-list AS111-BLOCK {
1.2.3.4/19;
}
prefix-list AS222-BLOCK {
5.6.7.8/24;
}
prefix-list AS2221-BLOCK {
9.10.11.12/19;
}
prefix-list AS333-BLOCK {
12.14.15.16/21;
}
prefix-list AS3331-BLOCK {
18.19.20.21/19;
}
policy-statement AS-FILTTER {
term 10 {
from as-path-group PATH-20;
then next policy;
}
term 999 {
then reject;
}
}
policy-statement PREFIX-FILTER {
term 10 {
from prefix-list [ AS111-BLOCK AS222-BLOCK AS2221-BLOCK ];
then next policy;
}
term 20 {
from prefix-list [ AS333-BLOCK AS3331-BLOCK ];
then {
community set YOUR-COMMU
then next policy;
}
}
term 999 {
then reject;
}
}
community YOUR-COMMU members 1234:567;
as-path-group PATH-20 {
as-path PATH-20-01 111+;
as-path PATH-20-02 222+;
as-path PATH-20-03 "222+ 2221+";
as-path PATH-20-04 333+;
as-path PATH-20-05 "333+ 3331+";
}
}
* cisco
!
route-map UPSTREAM-OUT permit 10
match ip address prefix-list AS111-BLOCK AS222-BLOCK AS2221-BLOCK
match as-path 20
!
route-map UPSTREAM-OUT permit 15
match ip address prefix-list AS333-BLOCK AS3331-BLOCK
match as-path 20
set community 1234:567
!
ip as-path access-list 20 permit ^(_111)+$
ip as-path access-list 20 permit ^(_222)+$
ip as-path access-list 20 permit ^(_222)+(_2221)+$
ip as-path access-list 20 permit ^(_333)+$
ip as-path access-list 20 permit ^(_333)+(_3331)+$
!
ip prefix-list AS111-BLOCK seq 5 permit 1.2.3.4/19
ip prefix-list AS222-BLOCK seq 5 permit 5.6.7.8/24
ip prefix-list AS2221-BLOCK seq 5 permit 9.10.11.12/19
ip prefix-list AS333-BLOCK seq 5 permit 12.14.15.16/21
ip prefix-list AS3331-BLOCK seq 5 permit 18.19.20.21/19
!
regard.
On Sun, 22 Jul 2007 21:15:37 +0800
Nick Kraal <nick at arc.net.my> wrote:
> Hi there,
>
> What is the best-current-way to configure the following Cisco-speak to
> JUNOS.
>
> Thanks in advance,
>
> -nick/
>
> route-map UPSTREAM-OUT permit 10
> match ip address prefix-list AS111-BLOCK AS222-BLOCK AS2221-BLOCK
> match as-path 20
> !
> route-map UPSTREAM-OUT permit 15
> match ip address prefix-list AS333-BLOCK AS3331-BLOCK
> match as-path 20
> set community 1234:567
> !
> ip as-path access-list 20 permit ^(_111)+$
> ip as-path access-list 20 permit ^(_222)+$
> ip as-path access-list 20 permit ^(_222)+(_2221)+$
> ip as-path access-list 20 permit ^(_333)+$
> ip as-path access-list 20 permit ^(_333)+(_3331)+$
> !
> ip prefix-list AS111-BLOCK seq 5 permit 1.2.3.4/19
> ip prefix-list AS222-BLOCK seq 5 permit 5.6.7.8/24
> ip prefix-list AS2221-BLOCK seq 5 permit 9.10.11.12/19
> ip prefix-list AS333-BLOCK seq 5 permit 12.14.15.16/21
> ip prefix-list AS3331-BLOCK seq 5 permit 18.19.20.21/19
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
>
More information about the juniper-nsp
mailing list