[j-nsp] v6 BGP Policy Bug?
Mark Tinka
mtinka at globaltransit.net
Tue Apr 14 19:47:30 EDT 2009
Hi all.
We recently experienced a situation where an M7i (JunOS
9.4R1.8), on which we applied an export policy for a v6 BGP
session, was leaking more v6 routes than it should have
been.
We realized that if the final term in the BGP policy was
'accept', not only did the router export the BGP v6 routes,
but it also exported all other v6 routes learned from other
sources, i.e., IS-IS and Direct, to its BGP peers, which
said BGP peers installed in their BGP table.
To resolve this issue, we added a 'from protocol bgp' option
along with the 'accept' in the final term.
Obviously, for policies whose final term is 'reject' (we
have a number of those), this issue does not present.
This seems like odd behaviour as:
a) We don't see this for v4.
b) One would expect that the policy would only affect routes
from which protocol it's been applied to.
Is this a bug or a feature?
Although I think it's a good idea that the final term in a
BGP policy should specify the source of the route, folk that
do not like this should rest in the fact that policies
applied to a specific routing protocol would, by default,
affect routes learned only by that protocol.
Has anyone else seen this? Considering opening a case with
JTAC.
Cheers,
Mark.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 835 bytes
Desc: This is a digitally signed message part.
URL: <https://puck.nether.net/pipermail/juniper-nsp/attachments/20090415/23493895/attachment.bin>
More information about the juniper-nsp
mailing list