[j-nsp] Only announce BGP learned networks

Julien Goodwin jgoodwin at studio442.com.au
Mon Feb 20 09:30:39 EST 2012 

On 21/02/12 01:10, Jonas Björklund wrote:
> policy-statement my-export-routes {
>     term t10 {
>         from {
>             protocol bgp;
>             route-filter 1.2.3.0/21 prefix-length-range /21-/24;
>             route-filter 4.5.6.0/20 prefix-length-range /20-/24;
>         }
>         then accept;
>     }
>     term t100 {
>         then reject;
>     }
> }
> 
> Some of my network begin to be announced. But not all of them.
> 
> The one which was learned by OSPF *AND* BGP was not able to pass the
> policy. Only those which was learned from BGP.
> 
> I want all networks learned from BGP (even those from OSPF) pass the
> policy.

Then remove "from protocol bgp". The router is doing exactly what you
asked, you're simply missing two things:

1. Only active routes are considered in filters (for values of only that
suffice for this)

2. IGP (OSPF, IS-IS) routes are preferred over BGP in JunOS, unlike IOS

The way I do self export is a little more complex, but prevents route spam:

1. For my large blocks (really anything in more then one OSPF area) I
configure an aggregate route covering them, for example:
set routing-options aggregate route 10.23.64.0/18

Unless you specifically add a policy these will never be advertised
outside the router.

2. For all blocks I'm advertising I create a prefix-list:

set policy-options prefix-list self 10.23.64.0/18
set policy-options prefix-list self 10.2.3.4/24

3. Inside my outbound chain I simply do:
set policy-options policy-statement self-out from prefix-list self
set policy-options policy-statement self-out then accept

Which means the prefixes I expect (and *only* those exact prefixes) get
advertised.

(This only makes sense in smaller networks with few edge BGP speakers,
larger networks should use their existing confederation / reflector
boundries as points to inject that regions self into BGP)
-- 
Julien Goodwin
Studio442
"Blue Sky Solutioneering"

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 262 bytes
Desc: OpenPGP digital signature
URL: <https://puck.nether.net/pipermail/juniper-nsp/attachments/20120221/a61707f7/attachment.sig>

More information about the juniper-nsp mailing list