[j-nsp] BGP policy-options policy-statement

Wed Oct 21 22:16:53 EDT 2009

On Thursday 22 October 2009 01:19:00 am Nalkhande Tarique 
Abbas wrote:

> Hi Onam,
>
> The default BGP export policy is to readvertise all
> learned BGP routes to all BGP speakers.

Onam, Tarique is right here.

However, in some cases (like ours), you may use an "accept 
all" term at the end of the policy if your default policy is 
to "reject all", e.g.:

<snip>
...
    term 999 {
        from {
            protocol bgp;
            policy abcd1234;
        }
        then accept;
    }
    then reject;
}

We do this to always ensure we have full control of what 
prefixes are announced to customers, peers and upstreams. 
'term 999', above, follows a number of terms above it that 
specify, by BGP community, which routes should or should not 
be announced to eBGP neighbors.

It's double protection for us. While preceding terms provide 
protection, we add the 'then reject' as the policy's default 
term just in case something goes wrong, e.g., buggy code, 
buggy routing policy, fat fingering, e.t.c.

Cheers,

Mark.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 835 bytes
Desc: This is a digitally signed message part.
URL: <https://puck.nether.net/pipermail/juniper-nsp/attachments/20091022/4f5fb05a/attachment-0001.bin>