Hi
Source prefixes filtering does not work even I have disabled route validation.
We would like to deny flow route 0.0.0.0/.0(src) to 0.0.0.0/0(dst) flow route announced from exabgp. We have applied safeguard policy to deny the source 0.0.0.0/0 prefix.
We also applied route-filter but only work for destination IP prefix.
The question is how can I block 0.0.0.0/0 to 0.0.0.0/0 (*.*) route flow ? Thanks.Protocols FLOW BGPMX204> show configuration protocols bgp group IBGP4-FLOW
type internal;
neighbor 10.6.30.108 {
local-address 10.6.0.7;
import FLOWSPEC-DEFAULT;
family inet {
flow {
no-validate ACCEPT-ALL;
}
}
export DENY-ALL;
peer-as 65533;
local-as 65533;
}
policy-statementMX204> show configuration policy-options policy-statement FLOWSPEC-DEFAULT
term REJECT-ANY-ANY {
from {
rib inetflow.0;
source-address-filter 0.0.0.0/0 exact;
}
then reject;
}
show route table inetflow.0 extensive <-- can't block *.*MX204> show route table inetflow.0 extensive
inetflow.0: 9 destinations, 9 routes (9 active, 0 holddown, 0 hidden)
Limit/Threshold: 30000/27000 destinations
*,*,dscp=0/term:9 (1 entry, 1 announced)
TSI:
KRT in dfwd;
Action(s): rate-limit 800000kbps,count
*BGP Preference: 170/-101
Next hop type: Fictitious, Next hop index: 0
Address: 0x5070c9c
Next-hop reference count: 11
Next hop:
State: <Active Int Ext SendNhToPFE>
Local AS: 65533 Peer AS: 65533
Age: 38
Validation State: unverified
Task: BGP_65533_65533.10.6.30.108
Announcement bits (1): 0-Flow
AS path: I
Communities: 65533:19999 traffic-rate:0:100000000
Accepted
Localpref: 100
Router ID: 10.6.30.108
Thread: junos-main
------------------------------
Benjamin CL
------------------------------