Routing

Hi,

 

Have a requirement of having Multiple communities to be matched for the route to be accepted.

Normally under single policy-term if multiple communities are listed logic is only OR operation.

I need to find a way whereby only when multiple BGP commnuties are matched the route is accepted.

How do we do this?

#BGPCommunitiesANDoperation

Configure multiple community members under the same community name like below to do AND operation:

set policy-options community TEST members "111:222 111:333 111:444"

 

 

Hi,

 

We are using the below configuration

[edit policy-options]
+ community TEST members [ 1000:333 1000:4900 1000:4500 1000:4100 ];

[edit policy-options policy-statement exp-spl-sub-prefixes]
+ term match-community {
+ from {
+ protocol bgp;
+ community TEST;
+ }
+ then accept;
+ }
+ term next-policy {
+ then next policy;
+ }

 

But when tested for route with just one BGP Community it show route as accepted

 

> test policy TEST 45.112.196.0/22

45.112.196.0/22 *[BGP/170] 1w0d 14:11:31, localpref 250, from x.x.x.x
AS path: 45630 134088 I, validation-state: unverified
> to y.y.y.y via xe-0/1/0.0, Push 556552

Policy exp-spl-sub-prefixes: 1 prefix accepted, 0 prefix rejected

 

As mentioned earlier, all members should be inside double quotes like below:
set policy-options community TEST members "1000:333 1000:4900 1000:4500 1000:4100"

 

[edit]
+ policy-options {
+ community TEST members "1000:333 1000:4900 1000:4500 1000:4100";
+ }

 

I think you added the community members like below:

set policy-options community TEST members 1000:333
set policy-options community TEST members 1000:4900
set policy-options community TEST members 1000:4500
set policy-options community TEST members 1000:4100

 

[edit]
+ policy-options {
+ community TEST members [ 1000:333 1000:4900 1000:4500 1000:4100 ];
+ }

 

 

Changed it as below

> show configuration policy-options community TEST
members "1000:333 1000:4900 1000:4500 1000:4100";

 

But the result still is 

> test policy TEST 45.112.196.0/22

45.112.196.0/22 *[BGP/170] 1w0d 15:55:33, localpref 250, from x.x.x.x
AS path: 45630 134088 I, validation-state: unverified
> to y.y.y.y via xe-0/1/0.0, Push 556552

Policy exp-spl-sub-prefixes: 1 prefix accepted, 0 prefix rejected

Please share the complete configuration that you are using including: 1) show configuration policy-options community <> 2) show configuration policy-options policy-statement <> 3) show configuration protocol bgp group <> 4) show bgp neighbor <>

Hello,

This route is likely acepted by default "accept" action of "test policy" command, because You have "next policy" at the end and made this route to fall through to the "default accept" of the "test policy".

Please change "term match-community then accept" to "then reject", re-test and report back.

As a side note, I work with BGP communities in JUNOS all the time, and they do work as documentation describes.

However, it may NOT be what You infer from reading the documentation 

AND is achieved by listing all communities on a single line with square brackets, quotes are not necessary

HTH

Thx

Alex

Hi,

 

Yes. The mistake was from my end of allowing prefixes in the end. The solution given is correct.