[j-nsp] Strange behavior of BGP policy
Alexander Shikoff
minotaur at crete.org.ua
Tue Nov 9 06:30:32 EST 2010
Thanks a lot to all who replied!
On Tue, Nov 09, 2010 at 01:57:00PM +0300, Alexandre Snarskii wrote:
> On Tue, Nov 09, 2010 at 12:18:37PM +0200, Alexander Shikoff wrote:
> >
> > Filtering of outgoing prefixes is performed via to-MHost policy:
> > minotaur at br1-gdr.ki# show policy-options policy-statement to-MHost
> > term Default {
> > from {
> > route-filter 0.0.0.0/0 exact;
> > }
> > then reject;
> > }
> > term Itself {
> > from {
> > protocol static;
> > route-filter 178.214.192.0/19 exact;
> > }
> > then accept;
> > }
> > then accept;
> >
> >
> > As you can see only route 178.214.192.0/19 from static routes should be
> > redistributed into BGP, but I see another routes (direct, static, OSPF)
> > also being redistributed:
>
> Because other direct/static/ospf routes match final 'then accept' statement.
> You may either just change 'then accept' to 'then reject', or, if
> you need to provide full-view to your customer, rewrite final term as
>
> term transit {
> from protocol bgp;
> then accept;
> }
> then reject;
>
> --
> In theory, there is no difference between theory and practice.
> But, in practice, there is.
>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
--
MINO-RIPE
More information about the juniper-nsp
mailing list