[j-nsp] BGP Communities

Smith W. Stacy stacy at acm.org
Wed May 5 10:41:48 EDT 2010


Hi Paul,

Your current outbound policy will only match routes that have BOTH 11666:4000 AND 11666:5000.

These statements:

>           from community outbound-xxxxxx;

>   community outbound-xxxx members [ 11666:4000 11666:5000 ];

result in a logical AND.

Instead, you probably want something like this:

 policy-statement outbound-xxxxxx {
      term ottix1 {
          from community our_nets;
          then {
              metric 110;
              accept;
          }
      }
      term ottix2 {
          from community customer_nets;
          then {
              metric 110;
              accept;
          }
      }
      term ottix3 {
          then reject;
      }
  }

  community customer_nets members 11666:4000;
  community our_nets members 11666:5000;

--Stacy



On May 5, 2010, at 8:05 AM, Paul Stewart wrote:

> Good morning.. I hope I'm not being a "pain" to folks on the list.. J
> 
> 
> 
> So we have our first MX480 up and running now - things are progressing along
> nicely thanks to all the help from this list. OSPF, IPv4/IPv6, iBGP up and
> running.
> 
> 
> 
> Having a small issue around eBGP peering.  When I bring up a session we are
> receiving routes from a peer just fine and assigning a community to it.  The
> community is visible across our other Cisco boxes as well confirming that
> part if working.
> 
> 
> 
> Our BGP import/export to peers/transit/customers is driven by communities..
> 
> 
> 
> My problem is that we are not advertising any prefixes out to eBGP peers for
> some reason and I'm trying to diagnose why..
> 
> 
> 
> When I do "show route community 11666:5000" I get a list of the proper
> prefixes as expected.  11666:5000 is our own network routes.  The same
> occurs when I list 11666:4000 which is customer network routes - displays
> the list correctly.  This confirms in my mind that the MX480 is receiving
> correct communities from neighboring iBGP boxes..
> 
> 
> 
> protocols {
> 
>   bgp {
> 
>       group peering-xyz {
> 
>           type external;
> 
>           description xxxxx;
> 
>           import inbound-xxxx;
> 
>           export outbound-xxx;
> 
>           neighbor xxx.xx.235.33 {
> 
>               description xxxxxxxx;
> 
>               family inet {
> 
>                   unicast {
> 
>                       prefix-limit {
> 
>                           maximum 10;
> 
>                       }
> 
>                   }
> 
>               }
> 
>               peer-as 12345;
> 
>           }
> 
> 
> 
> 
> 
> policy-options {
> 
>   policy-statement inbound-xxxxx {
> 
>       term ottix1 {
> 
>           then {
> 
>               metric 110;
> 
>               local-preference 200;
> 
>               community add inbound-xxxx;
> 
>               accept;
> 
>           }
> 
>       }
> 
>   }
> 
> 
> 
>   policy-statement outbound-xxxxxx {
> 
>       term ottix1 {
> 
>           from community outbound-xxxxxx;
> 
>           then {
> 
>               metric 110;
> 
>               accept;
> 
>           }
> 
>       }
> 
>       term ottix2 {
> 
>           then reject;
> 
>       }
> 
>   }
> 
>   community inbound-xxxx members [ 11666:2000 11666:2002 ];
> 
>   community outbound-xxxx members [ 11666:4000 11666:5000 ];
> 
> 
> 
> 
> 
> The inbound section is working as expected and getting assigned communities
> 11666:2000 and 11666:2002
> 
> 
> 
> The outbound section isn't sending anything from communities 11666:4000 or
> 11666:5000
> 
> 
> 
> In the Cisco world, we had to define network statements of our own subnets
> and route those blocks to Null0 in order to advertise. I'm thinking
> something similar here in JunOS?
> 
> 
> 
> Thanks for any insight.
> 
> 
> 
> Paul
> 
> 
> 
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp




More information about the juniper-nsp mailing list