[j-nsp] Filtering RIB -> FIB Routes

Lawrence Wong lawrencewong72 at yahoo.com
Tue Nov 23 12:16:36 EST 2010


Thanks Cougar, it works like a charm!

Just thinking out loud, could I do something like all routing-instances 
rejecting BGP routes into FIB by default and allow only the global routing 
instance to inject BGP routes into FIB?

e.g.

policy-options {
     policy-statement reject-default-rib {
         term permit { <- to accept BGP->FIB in the default/amin 
routing-instance
             from {
                 rib inet.0;
                 protocol bgp;
             }
             then accept;
         }
         term reject { <- to reject BGP->FIB in all other routing-instances
             from {
                protocol bgp;
             }
             then reject;
         }
        then accept; <- to accept all other routes (static, ospf, etc) in each 
routing-instance
     }
}

Are there any known complications, implications or best practises on filtering 
in this manner?

(btw, is inet.0 the correct RIB table that I should reference to? Or should I 
indicate default.inet.0?)

Best regards,


----- Original Message ----
From: Cougar <cougar at random.ee>
To: Lawrence Wong <lawrencewong72 at yahoo.com>
Cc: juniper-nsp at puck.nether.net
Sent: Mon, November 22, 2010 8:06:05 AM
Subject: Re: [j-nsp] Filtering RIB -> FIB Routes

Hi Lawrence,

Something like this should work

routing-options {
     forwarding-table {
         export [ reject-instanceA-rib … ];
     }
}

policy-options {
     policy-statement reject-instanceA-rib {
         term Uplink1.inet.0 {
             from {
                 rib A.inet.0;
                 protocol bgp;
             }
             then reject;
         }
     }
}

To move routes from one instance to another you need rib-groups.

-- 
Cougar

On Sun, 21 Nov 2010, Lawrence Wong wrote:

> Thanks Richard. I've read through the JUNOS docs as well, but couldn't seem to
> figure out how to limit the context of the filtering to the routing-instance 
as
> the routing-policy is specified in the global configuration and not
> routing-instance.
>
> i.e. the box has a routing-instance A => BGP routes found in routing-instance 
A
> should not go into the FIB for routing-instance A. But BGP routes from
> routing-instance A received by the main box should go into the main FIB.
>
> i've tried this but it does not seem to have any effect at all on the box.
>
>
> policy-statement reject-bgp {
> from {
>          protocol bgp;
> instance A;
>
> }
> then {
> reject;
> }
> }
>
>
> Do you happen to know of any examples/samples configuration that I can refer 
>to?
>
> Thanks!
>
>
>
> ----- Original Message ----
> From: Richard A Steenbergen <ras at e-gerbil.net>
> To: Lawrence Wong <lawrencewong72 at yahoo.com>
> Cc: juniper-nsp at puck.nether.net
> Sent: Mon, November 22, 2010 1:21:17 AM
> Subject: Re: [j-nsp] Filtering RIB -> FIB Routes
>
> On Sun, Nov 21, 2010 at 05:02:58PM -0800, Lawrence Wong wrote:
>> Hi everyone,
>>
>> I'm new to JUNOS and would like to enquire if it's possible to filter
>> routes found in the RIB from going onto the FIB? This is on a J4350
>> box running 10.3R1.9 in Packet Mode (MPLS configured and enabled).
>
>http://www.juniper.net/techpubs/software/junos/junos93/swconfig-policy/applying-routing-policies-to-the-forwarding-table.html
>l
>
>
> -- 
> Richard A Steenbergen <ras at e-gerbil.net>       http://www.e-gerbil.net/ras
> GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC)
>


      



More information about the juniper-nsp mailing list