[j-nsp] mx-class units now advertisement management interface networks in BGP
Doug Hanks
dhanks at juniper.net
Thu Sep 27 16:30:28 EDT 2012
It's working as designed.
Junos leaves the BGP advertisements in the hands of the operator. What you've done is created an export policy that just happens to match fxp0; this isn't Junos' fault.
If you want to advertise direct interfaces, but exclude fxp0, you could do something like this that you could cut and paste across N routers without having to modify (thanks Harry for confirming):
term block-fxp {
from interface fxp0.0;
then reject;
}
term 2 {
from protocol direct;
then accept;
}
From: Jo Rhett <jrhett at netconsonance.com<mailto:jrhett at netconsonance.com>>
Date: Thu, 27 Sep 2012 13:06:30 -0700
To: Harry Reynolds <harry at juniper.net<mailto:harry at juniper.net>>, dhanks <dhanks at juniper.net<mailto:dhanks at juniper.net>>
Cc: "juniper-nsp at puck.nether.net<mailto:juniper-nsp at puck.nether.net>" <juniper-nsp at puck.nether.net<mailto:juniper-nsp at puck.nether.net>>
Subject: Re: [j-nsp] mx-class units now advertisement management interface networks in BGP
Reply to Harry and Doug both since you mostly asked the same question.
On Sep 27, 2012, at 12:13 PM, Harry Reynolds wrote:
It might help if you posted your BGP export policy. IIRC, there is a no-readvertise flag available for a static but not aware of any inherent blocking of the advertisement of an fxpo address via BGP, more so if your export permits it.
To me it is a bug to advertise a route which you won't route packets for. Obviously it's your fault if you advertise a route and have a packet filter blocking packets -- the routing engine isn't responsible for this. But fxp0 is supposedly on its own routing fabric. I can't send packets in ae0 destined for something on the fxp0 network.
If a route visible in one routing engine was advertised out by another routing engine (with no route-sharing between them) this would be a bug, yes? Why isn't fxp0 treated the same way?
Finally, we have the same export policy on every node in our network. Having to break that out, and hand-tune every export policy to explicitly deny the fxp0 interface's routes is a lot of work with zero gain. If for some reason Juniper feels that it's important to someone somewhere to announce a route you won't accept packets for, why isn't there any easy method to disable this nonsensical, nonfunctional, nobody in their right mind would or could use it (non)functionality?
Obviously, a feature request for "protocol bgp { interface fxp0 { ignore; }}" would do the trick, but I struggle to believe that you've never seen this problem before, and you don't have a better way to prevent this behavior.
--
Jo Rhett
Net Consonance : net philanthropy to improve open source and internet projects.
More information about the juniper-nsp
mailing list