[j-nsp] BGP Communities
Alex
alex.arseniev at gmail.com
Wed May 5 11:24:04 EDT 2010
Hello there,
Below regex works too:
community inbound-xxxx members "(11666:2000)|(11666:2002)"
Saves a line of code :-)
Rgds
Alex
----- Original Message -----
From: "Smith W. Stacy" <stacy at acm.org>
To: "Paul Stewart" <paul at paulstewart.org>
Cc: "'jnsp'" <juniper-nsp at puck.nether.net>
Sent: Wednesday, May 05, 2010 3:41 PM
Subject: Re: [j-nsp] BGP Communities
> Hi Paul,
>
> Your current outbound policy will only match routes that have BOTH
> 11666:4000 AND 11666:5000.
>
> These statements:
>
>> from community outbound-xxxxxx;
>
>> community outbound-xxxx members [ 11666:4000 11666:5000 ];
>
> result in a logical AND.
>
> Instead, you probably want something like this:
>
> policy-statement outbound-xxxxxx {
> term ottix1 {
> from community our_nets;
> then {
> metric 110;
> accept;
> }
> }
> term ottix2 {
> from community customer_nets;
> then {
> metric 110;
> accept;
> }
> }
> term ottix3 {
> then reject;
> }
> }
>
> community customer_nets members 11666:4000;
> community our_nets members 11666:5000;
>
> --Stacy
>
>
>
> On May 5, 2010, at 8:05 AM, Paul Stewart wrote:
>
>> Good morning.. I hope I'm not being a "pain" to folks on the list.. J
>>
>>
>>
>> So we have our first MX480 up and running now - things are progressing
>> along
>> nicely thanks to all the help from this list. OSPF, IPv4/IPv6, iBGP up
>> and
>> running.
>>
>>
>>
>> Having a small issue around eBGP peering. When I bring up a session we
>> are
>> receiving routes from a peer just fine and assigning a community to it.
>> The
>> community is visible across our other Cisco boxes as well confirming that
>> part if working.
>>
>>
>>
>> Our BGP import/export to peers/transit/customers is driven by
>> communities..
>>
>>
>>
>> My problem is that we are not advertising any prefixes out to eBGP peers
>> for
>> some reason and I'm trying to diagnose why..
>>
>>
>>
>> When I do "show route community 11666:5000" I get a list of the proper
>> prefixes as expected. 11666:5000 is our own network routes. The same
>> occurs when I list 11666:4000 which is customer network routes - displays
>> the list correctly. This confirms in my mind that the MX480 is receiving
>> correct communities from neighboring iBGP boxes..
>>
>>
>>
>> protocols {
>>
>> bgp {
>>
>> group peering-xyz {
>>
>> type external;
>>
>> description xxxxx;
>>
>> import inbound-xxxx;
>>
>> export outbound-xxx;
>>
>> neighbor xxx.xx.235.33 {
>>
>> description xxxxxxxx;
>>
>> family inet {
>>
>> unicast {
>>
>> prefix-limit {
>>
>> maximum 10;
>>
>> }
>>
>> }
>>
>> }
>>
>> peer-as 12345;
>>
>> }
>>
>>
>>
>>
>>
>> policy-options {
>>
>> policy-statement inbound-xxxxx {
>>
>> term ottix1 {
>>
>> then {
>>
>> metric 110;
>>
>> local-preference 200;
>>
>> community add inbound-xxxx;
>>
>> accept;
>>
>> }
>>
>> }
>>
>> }
>>
>>
>>
>> policy-statement outbound-xxxxxx {
>>
>> term ottix1 {
>>
>> from community outbound-xxxxxx;
>>
>> then {
>>
>> metric 110;
>>
>> accept;
>>
>> }
>>
>> }
>>
>> term ottix2 {
>>
>> then reject;
>>
>> }
>>
>> }
>>
>> community inbound-xxxx members [ 11666:2000 11666:2002 ];
>>
>> community outbound-xxxx members [ 11666:4000 11666:5000 ];
>>
>>
>>
>>
>>
>> The inbound section is working as expected and getting assigned
>> communities
>> 11666:2000 and 11666:2002
>>
>>
>>
>> The outbound section isn't sending anything from communities 11666:4000
>> or
>> 11666:5000
>>
>>
>>
>> In the Cisco world, we had to define network statements of our own
>> subnets
>> and route those blocks to Null0 in order to advertise. I'm thinking
>> something similar here in JunOS?
>>
>>
>>
>> Thanks for any insight.
>>
>>
>>
>> Paul
>>
>>
>>
>> _______________________________________________
>> juniper-nsp mailing list juniper-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
More information about the juniper-nsp
mailing list