[j-nsp] i suck at bgp import policy - help?

ryanL ryan.landry at gmail.com
Sat Jan 19 18:30:32 EST 2013

hi. i am certainly doing something wrong.

on a bgp neighbor i have the following policy:


i've reduced it to basics, which says:

    from policy DEFAULT-ROUTE;
    then reject;
    then {
        local-preference 200;
        community set COMM-TRANSIT;

where policy DEFAULT-ROUTE is:

from {
    route-filter exact;
then accept;

accept AND reject = reject, right? i performed a no-term basic test
for a reject AND reject, which accepted all routes, so i'm pretty sure
my head isn't too far up my...

anyways, the above policies unfortunately result in all routes being
received, but not accepted.

Peer                     AS      InPkt     OutPkt    OutQ   Flaps Last
Up/Dwn State|#Active/Received/Accepted/Damped...
<removed>          <removed>     163888        184       0       0
1:15:38 0/431093/0/0         0/0/0/0

if i remove the DENY-BASICS term, all routes go active and get stamped
with my community and local-pref value.

i've tried other DENY related terms, such as filtering out long
as-paths, or just RFC1918, or even just spoofs of my own netblock.
normal stuff. routes stay hidden due to:

   State: <Hidden Ext>
   Inactive reason: Unusable path

so, what am i screwing up on here? this is on 12.2R2.4. i'm
effectively trying to follow the cymru secure junos bgp template,
among others.



More information about the juniper-nsp mailing list