[j-nsp] v6 BGP Policy Bug?

Mark Tinka mtinka at globaltransit.net
Tue Apr 14 19:47:30 EDT 2009


Hi all.

We recently experienced a situation where an M7i (JunOS 
9.4R1.8), on which we applied an export policy for a v6 BGP 
session, was leaking more v6 routes than it should have 
been.

We realized that if the final term in the BGP policy was 
'accept', not only did the router export the BGP v6 routes, 
but it also exported all other v6 routes learned from other 
sources, i.e., IS-IS and Direct, to its BGP peers, which 
said BGP peers installed in their BGP table.

To resolve this issue, we added a 'from protocol bgp' option 
along with the 'accept' in the final term.

Obviously, for policies whose final term is 'reject' (we 
have a number of those), this issue does not present.

This seems like odd behaviour as:

a) We don't see this for v4.

b) One would expect that the policy would only affect routes
   from which protocol it's been applied to.

Is this a bug or a feature?

Although I think it's a good idea that the final term in a 
BGP policy should specify the source of the route, folk that 
do not like this should rest in the fact that policies 
applied to a specific routing protocol would, by default, 
affect routes learned only by that protocol.

Has anyone else seen this? Considering opening a case with 
JTAC.

Cheers,

Mark.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 835 bytes
Desc: This is a digitally signed message part.
URL: <https://puck.nether.net/pipermail/juniper-nsp/attachments/20090415/23493895/attachment.bin>


More information about the juniper-nsp mailing list