[j-nsp] Strange behavior of BGP policy
Tore Anderson
tore.anderson at redpill-linpro.com
Tue Nov 9 05:50:02 EST 2010
Hi Alexander,
* Alexander Shikoff
> Filtering of outgoing prefixes is performed via to-MHost policy:
> minotaur at br1-gdr.ki# show policy-options policy-statement to-MHost
> term Default {
> from {
> route-filter 0.0.0.0/0 exact;
> }
> then reject;
> }
> term Itself {
> from {
> protocol static;
> route-filter 178.214.192.0/19 exact;
> }
> then accept;
> }
> then accept;
^^^^^^^^^^^^ - this makes the policy-statement accept all prefixes.
(except for 0.0.0.0/0)
> As you can see only route 178.214.192.0/19 from static routes should be
> redistributed into BGP, but I see another routes (direct, static, OSPF)
> also being redistributed:
>
> [...]
>
> Why does policy accepts another direct/static/OSPF routes?
Remove the out-of-term «then accept» and I think it'll behave the way
you want, provided that the «Deny-Rest» statement does what its name
suggests.
Best regards,
--
Tore Anderson
Redpill Linpro AS - http://www.redpill-linpro.com
Tel: +47 21 54 41 27
More information about the juniper-nsp
mailing list