[j-nsp] BGP Policy - then accept == Route Reflector?
Sebastian Wiesinger
juniper-nsp at ml.karotte.org
Thu Nov 11 08:37:56 EST 2010
Hello,
I want to restrict routes sent from one iBGP peer to another.
Specifically I want routes with a private AS or with no AS
(redistributed from static/connected) to be sent and nothing else.
On a Cisco router I would match on as-path "^$" or the private range
to achieve this. So in Juniper terms it would translate to this:
as-path private 64512-65535;
as-path no-as "()";
policy-statement internal-only-export {
term 10 {
from as-path [ private no-as ];
then accept;
}
term 100 {
then reject;
}
}
But there is a gotcha there: Cisco WILL NOT send iBGP routes learned
from other iBGP peers when I configure such a policy. An MX960 on the
other hand WILL happly start to act like a route reflector and pass on
all the other iBGP routes that match the AS-Path.
My question is, what is the best way to prevent the Juniper router to
advertise routes learnt from other iBGP peers? Changing the "accept"
action to "next policy" seems to work (as there is no next policy it
gets passed trough to the default policy) but I don't know if that's
the best way to go...
I assume that I should just remove the "no-as" statement because I
always have to explicitly configure local routes to be exported into
the BGP protocol (no "network" statement like Cisco). But I'm kind of
stuck regarding the routes coming from private AS eBGP peerings.
Kind Regards,
Sebastian
--
New GPG Key: 0x93A0B9CE (F4F6 B1A3 866B 26E9 450A 9D82 58A2 D94A 93A0 B9CE)
Old GPG Key-ID: 0x76B79F20 (0x1B6034F476B79F20)
'Are you Death?' ... IT'S THE SCYTHE, ISN'T IT? PEOPLE ALWAYS NOTICE THE SCYTHE.
-- Terry Pratchett, The Fifth Elephant
More information about the juniper-nsp
mailing list