[j-nsp] Strange behavior of BGP policy

William Jackson wjackson at sapphire.gi
Tue Nov 9 05:46:55 EST 2010 

My punt would be to get rid of the last accept statement.

Without it your processing should fall through to the default BGP export
policy.

At the moment I guess you are accepting everything.

Best Regards
 
William Jackson
Technical Department
Sapphire Networks



-----Original Message-----
From: juniper-nsp-bounces at puck.nether.net
[mailto:juniper-nsp-bounces at puck.nether.net] On Behalf Of Alexander
Shikoff
Sent: 09 November 2010 11:19
To: juniper-nsp
Subject: [j-nsp] Strange behavior of BGP policy

Hello,

On MX80-48T with JunOS 10.2R1.8 I have a BGP session with downstream 
configured as follows:

minotaur at br1-gdr.ki# show routing-instances World protocols bgp group
Downstreams 
neighbor 178.214.196.6 
description "MHost: World";
import [ Local-Pref-400 from-MHost Deny-Rest ];
export to-MHost;
peer-as 21098;


Filtering of outgoing prefixes is performed via to-MHost policy:
minotaur at br1-gdr.ki# show policy-options policy-statement to-MHost 
term Default {
    from {
        route-filter 0.0.0.0/0 exact;
    }
    then reject;
}
term Itself {
    from {
        protocol static;
        route-filter 178.214.192.0/19 exact;
    }
    then accept;
}
then accept;


As you can see only route 178.214.192.0/19 from static routes should be 
redistributed into BGP, but I see another routes (direct, static, OSPF) 
also being redistributed:
minotaur at br1-gdr.ki# run show route 178.214.192.0/19
advertising-protocol bgp 
178.214.196.6    

World.inet.0: 337026 destinations, 668447 routes (333360 active, 10
holddown, 3675 
hidden)
  Prefix                  Nexthop              MED     Lclpref    AS
path
* 178.214.192.0/19        Self                                    I
* 178.214.192.0/27        Self                 2                  I
* 178.214.192.64/32       Self                                    I
* 178.214.192.65/32       Self                 2                  I
* 178.214.192.68/32       Self                 2                  I
* 178.214.192.69/32       Self                                    I
* 178.214.192.96/28       Self                                    I
* 178.214.192.128/29      Self                                    I
* 178.214.192.136/30      Self                                    I
* 178.214.192.140/30      Self                 2                  I
* 178.214.192.144/30      Self                                    I
* 178.214.193.0/30        Self                 2                  I
* 178.214.193.4/30        Self                 2                  I
* 178.214.194.0/30        Self                 2                  I
* 178.214.194.4/30        Self                 2                  I
* 178.214.195.0/24        Self                 2                  I
* 178.214.196.4/30        Self                                    I

Why does policy accepts another direct/static/OSPF routes?

Thanks.

-- 
MINO-RIPE
_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

More information about the juniper-nsp mailing list