Routing

Expand all | Collapse all

Multi policies in the BGP export term. Only the first policy will annonced to neighbor?

Jump to Best Answer
  • 1.  Multi policies in the BGP export term. Only the first policy will annonced to neighbor?

    Posted 04-06-2015 13:13

    Hello,

     

    I am not a very experinced BGP in Junos system and would require some help.

     

    In my case, I need to export some usally IP prefixes to my provider and also need to export some /32 IPs to get the provider to blackhole them.  As the provider only provide one Peer IP to accept both the IP prefixes and the /32 IPs, so that I will need to export 2 policies to them,  one is for the IP prefixes, and another for the /32 IPs.

     

    Then the problem is once I add both the policies in the export term, I found that only the policy in the first place will aonnonce to the provider. 

     

    Here is the config from my MX router,

    MX80# show protocols bgp group uplink_1                                             
    type external;
    neighbor 64.x.x.1 {
        description "[peer-as: 111 cust: 64.x.x.x/30 peer: 64.x.x.x/30 key: ]";
        local-address 64.x.x.2;
        import [ no-default no-rfc1918-dsua bgp-in ];
        export [ no-rfc1918-dsua bgp-out provider_blackhole ];
        peer-as 111;
    }
    
    [edit]

     

     

    You see above, that bgp-out will export the IP such as many /24 prefixes from my AS,  and the provider_blackhole will export /32 IPs for blackhole.  If I get the export term order as bgp-out before provider_blackhole,the IP prefixes such as /24 will annonce to the provider,  if I get the export term order as provider_blackhole before bgp-out ,the /32 IPs will annonce to the provider for blackhole.

     

    Which I will need both the IP prefixes and the /32 IPs annonce to the provider. But seems now only the export will work only with the first policy in the export policies order.

     

    Anybody know how to get them both work at the same time?

     

     

    Thank you very much.



  • 2.  RE: Multi policies in the BGP export term. Only the first policy will annonced to neighbor?
    Best Answer

     
    Posted 04-06-2015 19:03
    Instead of creating second policy can you create another term on first policy.
    Something like below
    Policy options term1 -- your first policy conditions
    Policy options term2 -- your second policy conditions


  • 3.  RE: Multi policies in the BGP export term. Only the first policy will annonced to neighbor?

     
    Posted 04-06-2015 21:13

    Can you include the policy statements you are using ? I'm guessing you are using a reject at the end of both policies,

    if so. After the reject the other policy will not be used.

    What I would do is to include a Blackhole term in the policy just like @rsuraj suggested



  • 4.  RE: Multi policies in the BGP export term. Only the first policy will annonced to neighbor?

    Posted 04-07-2015 00:29

    Hello,

     

    Yes, there are reject command at each end of the policy so break to active the 2nd policy.  Finally, I setup a new policy to including all terms as rsuraj said.

     

     

    Thank you all.



  • 5.  RE: Multi policies in the BGP export term. Only the first policy will annonced to neighbor?

     
    Posted 04-07-2015 04:17

    You are welcome 🙂



  • 6.  RE: Multi policies in the BGP export term. Only the first policy will annonced to neighbor?

    Posted 04-08-2015 11:27

    Using a policy chain like that on import/export works, but it will stop processing as soon as it matches the first terminating action (accept / reject).  If a terminating action is found then all processing on that route stops, it doesn't go to the next policy.

     

    If you want to use a policy chain like that, you need to make sure that the policies earlier in the chain don't have a default action set.  Then you need to make sure that the last policy in the chain has the proper default action you want.  If you don't set one then the default BGP behavior will apply.

     

    They way you configured the policies with a default reject is what you would do when you are using a policy as a subroutine (calling a policy from within a policy).  When used as a subroutine you absolutely must be sure that you set a default action or the subroutine will almost certainly pick up more than you wanted.

     

    I initially built our configurations around the policy chain method.  Over time I found that people would stick things into an existing policy in a chain that was only necesary for one peer, but because the policy was used on multiple peers it started to make a mess of what was being sent to the different peers.  I've since started shifting to using policy subroutines, with a unique policy per peer that simply references the subroutine policies.  If someone needs to update something for a peer then they should simpy update that peer's policy, not the subroutine that affects multiple peers.

     

    Cheers!

     

    -Chad



  • 7.  RE: Multi policies in the BGP export term. Only the first policy will annonced to neighbor?

    Posted 04-25-2018 06:45

    Please share some example configuration for multiple FBF for single IP address (Single VLAN)