[j-nsp] BGP Policy - then accept == Route Reflector?
Sebastian Wiesinger
juniper-nsp at ml.karotte.org
Tue Nov 16 05:03:12 EST 2010
* Brad Fleming <bdflemin at gmail.com> [2010-11-12 16:48]:
>> the MX960 with 9.6R2.11 did that. I was quite surprised as I was
>> expecting the behaviour you describe.
>
> Do you happen to have configurations saved from that situation? That
> seems like either (a) a MASSIVE BGP bug or (b) configuration causing
> unintended results. With a sample config, we might be able to confirm or
> deny the (b) possibility.
Hello,
it was a relatively simple configuration for testing purposes. This
was the iBGP configuration, I only changed the IPs and Communities:
group access-int {
type internal;
local-address 192.168.0.10;
import access-rt-in;
authentication-key "XXX"; ## SECRET-DATA
export [ next-hop-self access-rt-out ];
neighbor 192.168.0.1;
neighbor 192.168.0.2;
neighbor 192.168.0.3;
neighbor 192.168.0.4;
neighbor 192.168.0.5;
neighbor 192.168.0.6;
neighbor 192.168.0.7;
neighbor 192.168.0.8;
neighbor 192.168.0.9;
}
community blackhole-com members [ 65000:1 65000:2 ];
community no-export members no-export;
as-path private 64512-65535;
as-path no-as "()";
policy-statement next-hop-self {
from protocol bgp;
then {
next-hop self;
}
}
policy-statement access-rt-in {
term 10 {
from community blackhole-com;
then accept;
}
term 20 {
then {
community add no-export;
}
}
}
policy-statement access-rt-out {
term 10 {
from as-path [ private no-as ];
then accept;
}
term 100 {
then reject;
}
}
--
New GPG Key: 0x93A0B9CE (F4F6 B1A3 866B 26E9 450A 9D82 58A2 D94A 93A0 B9CE)
Old GPG Key-ID: 0x76B79F20 (0x1B6034F476B79F20)
'Are you Death?' ... IT'S THE SCYTHE, ISN'T IT? PEOPLE ALWAYS NOTICE THE SCYTHE.
-- Terry Pratchett, The Fifth Elephant
More information about the juniper-nsp
mailing list