[j-nsp] Strange behavior of BGP policy

Tim Vollebregt tim at interworx.nl
Tue Nov 9 06:08:18 EST 2010


Hi Alexander,

When using this policy you are doing the following:

-Reject sending default route
-Sending prefix 178.214.192.0/19
-Accepting all other advertisements by BGP it's default behaviour.

I think this would be fine:

show policy-options policy-statement to-MHost
term Itself {
     from {
         protocol static;
         route-filter 178.214.192.0/19 exact;
     }
     then next policy;
}
term reject {
     then reject;
}

Regards,

Tim

policy-options policy-statement to-MHost
term Itself {
     from {
         protocol static;
	route-filter 178.214.192.0/19 exact;
     }
     then accept;
       then
next policy;

}

term reject {

then reject;

}


On 09-11-10 11:18, Alexander Shikoff wrote:
> Hello,
>
> On MX80-48T with JunOS 10.2R1.8 I have a BGP session with downstream
> configured as follows:
>
> minotaur at br1-gdr.ki# show routing-instances World protocols bgp group Downstreams
> neighbor 178.214.196.6
> description "MHost: World";
> import [ Local-Pref-400 from-MHost Deny-Rest ];
> export to-MHost;
> peer-as 21098;
>
>
> Filtering of outgoing prefixes is performed via to-MHost policy:
> minotaur at br1-gdr.ki# show policy-options policy-statement to-MHost
> term Default {
>      from {
>          route-filter 0.0.0.0/0 exact;
>      }
>      then reject;
> }
> term Itself {
>      from {
>          protocol static;
>          route-filter 178.214.192.0/19 exact;
>      }
>      then accept;
> }
> then accept;
>
>
> As you can see only route 178.214.192.0/19 from static routes should be
> redistributed into BGP, but I see another routes (direct, static, OSPF)
> also being redistributed:
> minotaur at br1-gdr.ki# run show route 178.214.192.0/19 advertising-protocol bgp
> 178.214.196.6
>
> World.inet.0: 337026 destinations, 668447 routes (333360 active, 10 holddown, 3675
> hidden)
>    Prefix                  Nexthop              MED     Lclpref    AS path
> * 178.214.192.0/19        Self                                    I
> * 178.214.192.0/27        Self                 2                  I
> * 178.214.192.64/32       Self                                    I
> * 178.214.192.65/32       Self                 2                  I
> * 178.214.192.68/32       Self                 2                  I
> * 178.214.192.69/32       Self                                    I
> * 178.214.192.96/28       Self                                    I
> * 178.214.192.128/29      Self                                    I
> * 178.214.192.136/30      Self                                    I
> * 178.214.192.140/30      Self                 2                  I
> * 178.214.192.144/30      Self                                    I
> * 178.214.193.0/30        Self                 2                  I
> * 178.214.193.4/30        Self                 2                  I
> * 178.214.194.0/30        Self                 2                  I
> * 178.214.194.4/30        Self                 2                  I
> * 178.214.195.0/24        Self                 2                  I
> * 178.214.196.4/30        Self                                    I
>
> Why does policy accepts another direct/static/OSPF routes?
>
> Thanks.
>


More information about the juniper-nsp mailing list