[j-nsp] Strange behavior of BGP policy

Alexander Shikoff minotaur at crete.org.ua
Tue Nov 9 06:30:32 EST 2010


Thanks a lot to all who replied!

On Tue, Nov 09, 2010 at 01:57:00PM +0300, Alexandre Snarskii wrote:
> On Tue, Nov 09, 2010 at 12:18:37PM +0200, Alexander Shikoff wrote:
> > 
> > Filtering of outgoing prefixes is performed via to-MHost policy:
> > minotaur at br1-gdr.ki# show policy-options policy-statement to-MHost 
> > term Default {
> >     from {
> >         route-filter 0.0.0.0/0 exact;
> >     }
> >     then reject;
> > }
> > term Itself {
> >     from {
> >         protocol static;
> >         route-filter 178.214.192.0/19 exact;
> >     }
> >     then accept;
> > }
> > then accept;
> > 
> > 
> > As you can see only route 178.214.192.0/19 from static routes should be 
> > redistributed into BGP, but I see another routes (direct, static, OSPF) 
> > also being redistributed:
> 
> Because other direct/static/ospf routes match final 'then accept' statement.
> You may either just change 'then accept' to 'then reject', or, if
> you need to provide full-view to your customer, rewrite final term as
> 
>  term transit { 
> 	from protocol bgp;
>     then accept;
>  }
>  then reject;
> 
> -- 
> In theory, there is no difference between theory and practice. 
> But, in practice, there is. 
> 
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp

-- 
MINO-RIPE


More information about the juniper-nsp mailing list