[j-nsp] Need help with stripping of BGP communities
Stefan Fouant
sfouant at gmail.com
Tue Oct 6 16:49:38 EDT 2009
Sorry I did not see the invert match condition. Were you looking at
'show route receive-protocol bgp ..." or 'show route' command?
On 10/6/09, Alexander Shikoff <minotaur at crete.org.ua> wrote:
> On Tue, Oct 06, 2009 at 02:59:02PM -0400, Stefan Fouant wrote:
>> On Tue, Oct 6, 2009 at 1:52 PM, Alexander Shikoff
>> <minotaur at crete.org.ua>wrote:
>>
>> > Hello All,
>> >
>> > I have M10i router and need to strip BGP communities that don't match
>> > regex
>> > pattern.
>> >
>> > I've configured BGP community:
>> > [edit policy-options]
>> > minotaur at br1-gdr.ki# show community Prohibited
>> > invert-match;
>> > members "^((9002)|(21011)|(13228)):([0-5])$";
>> >
>> > Then I've created policy-statement and applied it to neighbour's import:
>> > [edit]
>> > minotaur at br1-gdr.ki# show policy-options policy-statement
>> > from-Downstream
>> > then {
>> > community delete Prohibited;
>> > next policy;
>> > }
>> >
>> > [edit]
>> > minotaur at br1-gdr.ki# show protocols bgp group Downlinks-Default-Only
>> > neighbor 91.200.195.18
>> > description "Downlink: UOS";
>> > import [ from-Downstream from-UOS ];
>> > peer-as 42546;
>> >
>> > But communities that don't match "^((9002)|(21011)|(13228)):([0-5])$"
>> > are
>> > still associated with prefixes that I receive from downstream:
>> >
>> > * 91.202.39.0/24 (2 entries, 1 announced)
>> > Accepted
>> > Nexthop: 91.200.195.18
>> > AS path: 42546 42546 42546 42546 44532 44532 I
>> > AS path: Recorded
>> > Communities: 65535:1111 65535:9002
>> >
>>
>> Your community string match "^((9002)|(21011)|(13228)):([0-5])$" won't
>> work
>> here because you are looking for 9002 in the first portion of the
>> community
>> string (before the colon :), however, the community string you've received
>> from your peer has 9002 in the second portion of the community string
>> (after
>> the colon :).
>
> But my community has invert-match in configuration, so it should match
> all communities except
> 9002:[0-5]
> 21011:[0-5]
> 13228:[0-5]
>
> Thus policy should strip all communities including 65535:1111 and
> 65535:9002.
> Is that right?
>
> --
> MINO-RIPE
>
--
Stefan Fouant
More information about the juniper-nsp
mailing list