[j-nsp] Strange behavior of BGP policy

Alexey Tolstenok alextols at gmail.com
Tue Nov 9 06:14:02 EST 2010 

Hi Alexander,
Cause any other routes are matched against the last unnamed term within the
policy to-MHost (the only statement "then accept" without from means that
all routes match)

2010/11/9 Alexander Shikoff <minotaur at crete.org.ua>

> Hello,
>
> On MX80-48T with JunOS 10.2R1.8 I have a BGP session with downstream
> configured as follows:
>
> minotaur at br1-gdr.ki# show routing-instances World protocols bgp group
> Downstreams
> neighbor 178.214.196.6
> description "MHost: World";
> import [ Local-Pref-400 from-MHost Deny-Rest ];
> export to-MHost;
> peer-as 21098;
>
>
> Filtering of outgoing prefixes is performed via to-MHost policy:
> minotaur at br1-gdr.ki# show policy-options policy-statement to-MHost
> term Default {
>    from {
>        route-filter 0.0.0.0/0 exact;
>    }
>    then reject;
> }
> term Itself {
>    from {
>        protocol static;
>        route-filter 178.214.192.0/19 exact;
>    }
>    then accept;
> }
> then accept;
>
>
> As you can see only route 178.214.192.0/19 from static routes should be
> redistributed into BGP, but I see another routes (direct, static, OSPF)
> also being redistributed:
> minotaur at br1-gdr.ki# run show route 178.214.192.0/19 advertising-protocol
> bgp
> 178.214.196.6
>
> World.inet.0: 337026 destinations, 668447 routes (333360 active, 10
> holddown, 3675
> hidden)
>  Prefix                  Nexthop              MED     Lclpref    AS path
> * 178.214.192.0/19        Self                                    I
> * 178.214.192.0/27        Self                 2                  I
> * 178.214.192.64/32       Self                                    I
> * 178.214.192.65/32       Self                 2                  I
> * 178.214.192.68/32       Self                 2                  I
> * 178.214.192.69/32       Self                                    I
> * 178.214.192.96/28       Self                                    I
> * 178.214.192.128/29      Self                                    I
> * 178.214.192.136/30      Self                                    I
> * 178.214.192.140/30      Self                 2                  I
> * 178.214.192.144/30      Self                                    I
> * 178.214.193.0/30        Self                 2                  I
> * 178.214.193.4/30        Self                 2                  I
> * 178.214.194.0/30        Self                 2                  I
> * 178.214.194.4/30        Self                 2                  I
> * 178.214.195.0/24        Self                 2                  I
> * 178.214.196.4/30        Self                                    I
>
> Why does policy accepts another direct/static/OSPF routes?
>
> Thanks.
>
> --
> MINO-RIPE
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>



-- 
Alexey Tolstenok
CCIEx3 (R&S, SP, Sec) #17405, JNCIE-M #313

More information about the juniper-nsp mailing list