[j-nsp] Need help with stripping of BGP communities

Alexander Shikoff minotaur at crete.org.ua
Tue Oct 6 16:26:21 EDT 2009


On Tue, Oct 06, 2009 at 04:10:30PM -0400, Eric Van Tol wrote:
> > -----Original Message-----
> > From: juniper-nsp-bounces at puck.nether.net [mailto:juniper-nsp-
> > bounces at puck.nether.net] On Behalf Of Alexander Shikoff
> > Sent: Tuesday, October 06, 2009 1:52 PM
> > To: juniper-nsp
> > Subject: [j-nsp] Need help with stripping of BGP communities
> > 
> > Hello All,
> > 
> > I have M10i router and need to strip BGP communities that don't match
> > regex
> > pattern.
> > 
> > I've configured BGP community:
> > [edit policy-options]
> > minotaur at br1-gdr.ki# show community Prohibited
> > invert-match;
> > members "^((9002)|(21011)|(13228)):([0-5])$";
> > 
> > Then I've created policy-statement and applied it to neighbour's import:
> > [edit]
> > minotaur at br1-gdr.ki# show policy-options policy-statement from-Downstream
> > then {
> >     community delete Prohibited;
> >     next policy;
> > }
> > 
> > [edit]
> > minotaur at br1-gdr.ki# show protocols bgp group Downlinks-Default-Only
> > neighbor 91.200.195.18
> > description "Downlink: UOS";
> > import [ from-Downstream from-UOS ];
> > peer-as 42546;
> > 
> > But communities that don't match "^((9002)|(21011)|(13228)):([0-5])$" are
> > still associated with prefixes that I receive from downstream:
> > 
> > * 91.202.39.0/24 (2 entries, 1 announced)
> >      Accepted
> >      Nexthop: 91.200.195.18
> >      AS path: 42546 42546 42546 42546 44532 44532 I
> >      AS path: Recorded
> >      Communities: 65535:1111 65535:9002
> > 
> > To my shame I cannot find an error in configuration...
> > Any help will be heartly appreciated. Thanks.
> > 
> > --
> > MINO-RIPE
> 
> What is the 'show route' command you are using to get this information?  AFAIK, 'show route receive-protocol bgp' shows what is received, communities and all, prior to policy processing.  In order to see the routes that have passed through your policy, just do 'show route 91.202.39.0/24 detail' and those communities should not show up.

Thank you very much! 

-- 
MINO-RIPE


More information about the juniper-nsp mailing list