[j-nsp] Strange behavior of BGP policy

Christian cdebalorre at neotelecoms.com
Tue Nov 9 06:23:25 EST 2010


I guess you want a  reject instead of the last accept,
rgds,

Christian


Le 09/11/2010 11:18, Alexander Shikoff a écrit :
> Hello,
>
> On MX80-48T with JunOS 10.2R1.8 I have a BGP session with downstream
> configured as follows:
>
> minotaur at br1-gdr.ki# show routing-instances World protocols bgp group Downstreams
> neighbor 178.214.196.6
> description "MHost: World";
> import [ Local-Pref-400 from-MHost Deny-Rest ];
> export to-MHost;
> peer-as 21098;
>
>
> Filtering of outgoing prefixes is performed via to-MHost policy:
> minotaur at br1-gdr.ki# show policy-options policy-statement to-MHost
> term Default {
>      from {
>          route-filter 0.0.0.0/0 exact;
>      }
>      then reject;
> }
> term Itself {
>      from {
>          protocol static;
>          route-filter 178.214.192.0/19 exact;
>      }
>      then accept;
> }
> then accept;
>
>
> As you can see only route 178.214.192.0/19 from static routes should be
> redistributed into BGP, but I see another routes (direct, static, OSPF)
> also being redistributed:
> minotaur at br1-gdr.ki# run show route 178.214.192.0/19 advertising-protocol bgp
> 178.214.196.6
>
> World.inet.0: 337026 destinations, 668447 routes (333360 active, 10 holddown, 3675
> hidden)
>    Prefix                  Nexthop              MED     Lclpref    AS path
> * 178.214.192.0/19        Self                                    I
> * 178.214.192.0/27        Self                 2                  I
> * 178.214.192.64/32       Self                                    I
> * 178.214.192.65/32       Self                 2                  I
> * 178.214.192.68/32       Self                 2                  I
> * 178.214.192.69/32       Self                                    I
> * 178.214.192.96/28       Self                                    I
> * 178.214.192.128/29      Self                                    I
> * 178.214.192.136/30      Self                                    I
> * 178.214.192.140/30      Self                 2                  I
> * 178.214.192.144/30      Self                                    I
> * 178.214.193.0/30        Self                 2                  I
> * 178.214.193.4/30        Self                 2                  I
> * 178.214.194.0/30        Self                 2                  I
> * 178.214.194.4/30        Self                 2                  I
> * 178.214.195.0/24        Self                 2                  I
> * 178.214.196.4/30        Self                                    I
>
> Why does policy accepts another direct/static/OSPF routes?
>
> Thanks.
>



More information about the juniper-nsp mailing list