[j-nsp] Strange behavior of BGP policy

[Alexandre Snarskii]

On Tue, Nov 09, 2010 at 12:18:37PM +0200, Alexander Shikoff wrote:
> 
> Filtering of outgoing prefixes is performed via to-MHost policy:
> minotaur at br1-gdr.ki# show policy-options policy-statement to-MHost 
> term Default {
>     from {
>         route-filter 0.0.0.0/0 exact;
>     }
>     then reject;
> }
> term Itself {
>     from {
>         protocol static;
>         route-filter 178.214.192.0/19 exact;
>     }
>     then accept;
> }
> then accept;
> 
> 
> As you can see only route 178.214.192.0/19 from static routes should be 
> redistributed into BGP, but I see another routes (direct, static, OSPF) 
> also being redistributed:

Because other direct/static/ospf routes match final 'then accept' statement.
You may either just change 'then accept' to 'then reject', or, if
you need to provide full-view to your customer, rewrite final term as

 term transit { 
	from protocol bgp;
    then accept;
 }
 then reject;

-- 
In theory, there is no difference between theory and practice. 
But, in practice, there is.