[j-nsp] Managing large route-filter-lists
Brian Rak
brak at gameservers.com
Tue May 22 11:46:44 EDT 2018
On 5/22/2018 10:03 AM, Brian Rak wrote:
>
>
> On 5/22/2018 12:58 AM, Phil Shafer wrote:
>> Brian Rak writes:
>>> The downside seems to be that these can blow up the router somehow...
>> Not blow up, but obfuscate. Imagine a user (or support person) who
>> is unaware that ephemeral databases are in use and resorts to pulling
>> out hair, muttering profanity, and sticking pins in their "Mr. Phil
>> Voodoo Doll" (tm) [batteries sold separately] when their "show
>> configuration" output doesn't correlate to their true operational
>> state. The warning is more about "yes, I'm aware" than about
>> voiding warranties, explosions, or sharks with lasers.
>>
>> Thanks,
>> Phil
> Ah, I can imagine a number of situations where using an ephemeral
> configuration can cause all sorts of confusion. At least for us, the
> efficiency advantages definitely outweigh the additional complexity here.
>
> Thanks!
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
Well, actually they can blow up the router too. I just managed to crash
the routing process by committing an invalid bgp community to an
ephemeral config:
This takes out routing until you delete it:
<config>
<configuration>
<policy-options>
<community>
<name>cl-FROM-AS13030</name>
<members>
large:20473:300:13030
</members>
</community>
</policy-options>
</configuration>
</config>
This works fine:
<config>
<configuration>
<policy-options>
<community operation="replace">
<name>cl-FROM-AS13030</name>
<members>large:20473:300:13030</members>
</community>
</policy-options>
</configuration>
</config>
Under normal configuration mode, the former isn't actually accepted.
Junos seems to be parsing the former as:
policy-options {
community cl-FROM-AS13030 members "
large:20473:300:13030\n ";
}
More information about the juniper-nsp
mailing list