[j-nsp] bgp outbound route-filtering

Stefan Fouant sfouant at gmail.com
Wed Sep 24 12:40:36 EDT 2008


On Wed, Sep 24, 2008 at 10:05 AM, Stefan Fouant <sfouant at gmail.com> wrote:
>
> I can post working configs shortly, once I'm at a desktop.

As promised, here are some working configs which should be able to get
you started performing some basic route-filtering in ScreenOS.  This
config shows how to configure an access-list to filter specific
routes, and an example of configuring and applying a route-map to
either a peer-group or a specific BGP neighbor to restrict or permit
either received routes or advertised routes:

set access-list 1
set access-list 1 permit ip 1.1.1.0/24 1
set access-list 1 permit ip 2.2.2.0/24 2
exit
set route-map name "advertise-routes" permit 10
set match ip 1
exit
set route-map name "deny-routes" deny 10
exit
set neighbor peer-group "eBGP" route-map "deny-routes" in
set neighbor peer-group "iBGP" route-map "advertise-routes" out
set neighbor 172.16.100.1 route-map "deny-routes" in
set neighbor 192.168.1.50 route-map "advertise-routes" out

Good luck!

-- 
Stefan Fouant
Principal Network Engineer
NeuStar, Inc. - http://www.neustar.biz
GPG Key ID: 0xB5E3803D


More information about the juniper-nsp mailing list