[j-nsp] empty as-lists ?
Alexandre Snarskii
snar at snar.spb.ru
Sun Apr 20 13:18:33 EDT 2025
Hi!
Somewhat stupid question: are there any way to configure as-list that
does not contain any member ? With prefix-lists/route-filter-lists it's
trivial (delete policy-options prefix-list NNN; set policy-options prefix-list NNN;),
with classic as-path filters it's possible albeit a bit tricky
(set policy-options as-path none "!.*"), but I don't see any way to
create empty as-list or empty current one: on emptying it gets fully
removed from configuration and policy-options referencing it are not
valid anymore :(
Test scenario: create as-list with some members, reference it in policy:
[edit policy-options]
+ policy-statement as-test {
+ term ok {
+ from {
+ as-path-origins as-list-group as0;
+ }
+ then accept;
+ }
+ then reject;
+ }
[edit policy-options]
+ as-list-group as0 {
+ as-list as0 members [ 65533 65534 ];
+ }
so far so good, commit check succeeds. Now, some days/weeks/years after
as-set becomes empty or nonexistant for whatever reason, generated as-list
becomes empty, and attempt to upload it on router results in warning and
commit check failure:
load replace terminal relative
[Type ^D at a new line to end input]
policy-options {
replace:
as-list-group as0 {
}
}
[edit policy-options]
'as-list-group as0'
warning: statement has no contents; ignored
load complete
commit check
[edit]
'policy-options'
Policy error: as0 as-list-group referenced (in term ok) but not defined
error: configuration check-out failed
Ok, let's try to generate "not that empty" as-list, indicating that
"yes, it's empty, but it is deliberately":
[Type ^D at a new line to end input]
policy-options {
replace:
as-list-group as0 {
as-list aNone members [ ];
}
}
load complete
ok, warning is not here anymore, but commit check still fails with
the same error..
Are there any other options better than encoding some fake ASN into
empty as-list ?
PS: tested with 22.4R3-S3.3 and 23.4R2-S2.1 if that matters.
More information about the juniper-nsp
mailing list