[j-nsp] BGP Communities
Smith W. Stacy
stacy at acm.org
Wed May 5 10:41:48 EDT 2010
Hi Paul,
Your current outbound policy will only match routes that have BOTH 11666:4000 AND 11666:5000.
These statements:
> from community outbound-xxxxxx;
> community outbound-xxxx members [ 11666:4000 11666:5000 ];
result in a logical AND.
Instead, you probably want something like this:
policy-statement outbound-xxxxxx {
term ottix1 {
from community our_nets;
then {
metric 110;
accept;
}
}
term ottix2 {
from community customer_nets;
then {
metric 110;
accept;
}
}
term ottix3 {
then reject;
}
}
community customer_nets members 11666:4000;
community our_nets members 11666:5000;
--Stacy
On May 5, 2010, at 8:05 AM, Paul Stewart wrote:
> Good morning.. I hope I'm not being a "pain" to folks on the list.. J
>
>
>
> So we have our first MX480 up and running now - things are progressing along
> nicely thanks to all the help from this list. OSPF, IPv4/IPv6, iBGP up and
> running.
>
>
>
> Having a small issue around eBGP peering. When I bring up a session we are
> receiving routes from a peer just fine and assigning a community to it. The
> community is visible across our other Cisco boxes as well confirming that
> part if working.
>
>
>
> Our BGP import/export to peers/transit/customers is driven by communities..
>
>
>
> My problem is that we are not advertising any prefixes out to eBGP peers for
> some reason and I'm trying to diagnose why..
>
>
>
> When I do "show route community 11666:5000" I get a list of the proper
> prefixes as expected. 11666:5000 is our own network routes. The same
> occurs when I list 11666:4000 which is customer network routes - displays
> the list correctly. This confirms in my mind that the MX480 is receiving
> correct communities from neighboring iBGP boxes..
>
>
>
> protocols {
>
> bgp {
>
> group peering-xyz {
>
> type external;
>
> description xxxxx;
>
> import inbound-xxxx;
>
> export outbound-xxx;
>
> neighbor xxx.xx.235.33 {
>
> description xxxxxxxx;
>
> family inet {
>
> unicast {
>
> prefix-limit {
>
> maximum 10;
>
> }
>
> }
>
> }
>
> peer-as 12345;
>
> }
>
>
>
>
>
> policy-options {
>
> policy-statement inbound-xxxxx {
>
> term ottix1 {
>
> then {
>
> metric 110;
>
> local-preference 200;
>
> community add inbound-xxxx;
>
> accept;
>
> }
>
> }
>
> }
>
>
>
> policy-statement outbound-xxxxxx {
>
> term ottix1 {
>
> from community outbound-xxxxxx;
>
> then {
>
> metric 110;
>
> accept;
>
> }
>
> }
>
> term ottix2 {
>
> then reject;
>
> }
>
> }
>
> community inbound-xxxx members [ 11666:2000 11666:2002 ];
>
> community outbound-xxxx members [ 11666:4000 11666:5000 ];
>
>
>
>
>
> The inbound section is working as expected and getting assigned communities
> 11666:2000 and 11666:2002
>
>
>
> The outbound section isn't sending anything from communities 11666:4000 or
> 11666:5000
>
>
>
> In the Cisco world, we had to define network statements of our own subnets
> and route those blocks to Null0 in order to advertise. I'm thinking
> something similar here in JunOS?
>
>
>
> Thanks for any insight.
>
>
>
> Paul
>
>
>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
More information about the juniper-nsp
mailing list