[j-nsp] Filtering the export of VRF routes with iBGP export filters....

David Ball davidtball at gmail.com
Tue Mar 29 08:55:59 EDT 2011


  Finally found a 'solution' to this....as a refresher, I was unable
to match on a VRF route's original 'community' attribute in an MP-BGP
export policy because the original route attributes were being stuffed
into the Attribute Set which couldn't be matched in the policy.  This
was being done as a result of my use of 'independent-domain' in my VRF
([edit routing-instances myinstance routing-options autonomous-system
MY-ASN independent-domain].  As it turns out, I don't require
independent-domain in that particular VRF, and as such will be
removing it.  Testing shows that, as expected, without
independent-domain, the communities are all strung together in the
normal 'community' attribute, and can then be used as a match
condition in the export policy.  Use of the 'vpn-apply-export' knob
was also required in the MP-BGP config to ensure the MP-BGP export
policy was applied (otherwise, only the vrf-export policy would be).
  Many thanks to those who provided suggestions, including ATAC.

David


On 30 August 2010 15:30, Jeff Richmond <jeff.richmond at gmail.com> wrote:
> I would be interested if you find a solution. We have had 2 JTAC cases open on this exact same thing, and both ended in JTAC giving up and not being able to present a workable solution. My scenario is slightly different, but still would require the exact functionality you are looking for
>
> Regards,
> -Jeff
>
> On Aug 30, 2010, at 1:25 PM, David Ball wrote:
>
>> Ts/MXs running 10.0.R3.10
>>
>> I don't have access to my actual configs, but think I can verbalize
>> anyways.
>>
>>  Does anyone know if it's possible to filter a given VRF route prior to
>> export to an iBGP peer?  Naturally, the route itself includes an RD and RT,
>> and I can't get my 'match' clauses to work.
>>
>>  I've been trying matching on things like community (ie. community SOMENAME
>> members target:###:###), on RIB (ie. rib bgp.l3vpn.0), and also using a
>> route-filter (which I don't believe supports VRF routes), but with no
>> success.  For interest's sake, I'm running in 'route-reflector-ready' mode,
>> in that routes are being exported from bgp.l[2|3]vpn.0 rather than from the
>> individual routing tables themselves, hence my trying to match on the
>> bgp.l3vpn.0 RIB instead of an individual VRF's RIB.
>>
>>  I was sure I saw a workaround listed here, but can't find it in the
>> archives for the life of me.
>>
>> David
>> _______________________________________________
>> juniper-nsp mailing list juniper-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
>



More information about the juniper-nsp mailing list