[j-nsp] bgp outbound route-filtering

Stefan Fouant sfouant at gmail.com
Wed Sep 24 10:05:46 EDT 2008


I'm mobile right now and can post an example config later, but the
process can be summarized as follows:

- Configure an access-list if you want to match on particular routes.
You can skip this step if you want to match on all routes.
- Configure a route-map. Here you will match on particular items such
as communities, access-lists, route origin, etc. You don't have to
specify a match condition if you want to match on all routes. You will
also specify whether to accept or deny the routes. If you choose to
accept the routes you have the option of manipulating certain
attributes.
- Finally, apply the outgoing-map-tag to the BGP neighbor or peer group.

One word of note, if you are applying this to an existing session to
which you've already advertised routes, ScreenOS doesn't refresh the
advertisement automatically. There are some knobs which allow you to
clear BGP sessions with soft-in or soft-out options but for the life
of me I've never been able to get these to work in practice. This can
make it difficult to properly ascertain whether certain route-maps are
working properly. In my experience, the only thing that has worked to
cause the applied route-map to take effect was to completely tear down
the BGP session and let it reconnect through the BGP Finite State
Machine process.

I can post working configs shortly, once I'm at a desktop.

Good luck!



On 9/24/08, Ben Steele <ben.steele at internode.on.net> wrote:
> Hi Juniper guru's
>
>
>
> I am a Cisco guy currently trying to resolve a Juniper BGP issue J
>
>
>
> Device I have is a NetScreen-204, I just want to confirm the process for
> applying an outbound route-map to bgp neighbours, I am going to read up
> myself on how to do it but would appreciate any real world quick examples as
> I have no lab environment to test this on, something to the equivalent of a
> cisco style:
>
>
>
> Neighbour 1.1.1.1 route-map OUTBOUND-FILTER out
>
>
>
> Route-map OUTBOUND-FILTER permit 10
>
> Match ip prefix-list bla
>
>
>
> Ip prefix-list bla permit x.x.x.x
>
>
>
> And maybe the relevant commands to view the Cisco equivalent of viewing your
> advertised/received routes per peer.
>
>
>
> I'm not fussed whether the method is via GUI or CLI.
>
>
>
> Cheers
>
>
>
> Ben
>
>
>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>

-- 
Sent from Gmail for mobile | mobile.google.com

Stefan Fouant
Principal Network Engineer
NeuStar, Inc. - http://www.neustar.biz
GPG Key ID: 0xB5E3803D


More information about the juniper-nsp mailing list