[j-nsp] Need help with stripping of BGP communities

Stefan Fouant sfouant at gmail.com
Tue Oct 6 14:59:02 EDT 2009


On Tue, Oct 6, 2009 at 1:52 PM, Alexander Shikoff <minotaur at crete.org.ua>wrote:

> Hello All,
>
> I have M10i router and need to strip BGP communities that don't match regex
> pattern.
>
> I've configured BGP community:
> [edit policy-options]
> minotaur at br1-gdr.ki# show community Prohibited
> invert-match;
> members "^((9002)|(21011)|(13228)):([0-5])$";
>
> Then I've created policy-statement and applied it to neighbour's import:
> [edit]
> minotaur at br1-gdr.ki# show policy-options policy-statement from-Downstream
> then {
>    community delete Prohibited;
>    next policy;
> }
>
> [edit]
> minotaur at br1-gdr.ki# show protocols bgp group Downlinks-Default-Only
> neighbor 91.200.195.18
> description "Downlink: UOS";
> import [ from-Downstream from-UOS ];
> peer-as 42546;
>
> But communities that don't match "^((9002)|(21011)|(13228)):([0-5])$" are
> still associated with prefixes that I receive from downstream:
>
> * 91.202.39.0/24 (2 entries, 1 announced)
>     Accepted
>     Nexthop: 91.200.195.18
>     AS path: 42546 42546 42546 42546 44532 44532 I
>     AS path: Recorded
>     Communities: 65535:1111 65535:9002
>

Your community string match "^((9002)|(21011)|(13228)):([0-5])$" won't work
here because you are looking for 9002 in the first portion of the community
string (before the colon :), however, the community string you've received
from your peer has 9002 in the second portion of the community string (after
the colon :).  BTW, you can test your regex expression before inserting it
into policy to see if it works by doing a 'show route community
"^((9002)|(21011)|(13228)):([0-5])$" detail'.  This will give you some
indication as to whether or not your community string match will work one
you put it into policy.

HTHs.

-- 
Stefan Fouant


More information about the juniper-nsp mailing list