Routing

Expand all | Collapse all

filtered specific communities

Jump to Best Answer
  • 1.  filtered specific communities

    Posted 04-17-2020 07:16

    Hi!
    Unfortunately, I have little experience with Juniper.
    I have a question:
    I cannot configure policy to advertise a network for ISP.

     

    I have multiple connections eBGP, and I need to advertise part of my networks.

    protocols {
      bgp {
        group ISP {
        type external;
        peer-as XXXX;
        neighbor YY.YY.YY.YY {
        import ISP-IN;
        export ISP-OUT;
      }
     policy-statement ISP-OUT {
            term 1 {
                from {
                    prefix-list-filter deny_gt_24 orlonger;
                    prefix-list-filter gray_networks orlonger;
                }
                then reject;
            }
            term 2 {
                from community EXPORT-DENY;
                then reject;
            }
            term 3 {
                from community EXPORT-ALLOW;
                then {
                    as-path-prepend "ZZZZ ZZZZ";
                    accept;
                }
            }
    
            then reject;
    
    community EXPORT-DENY members [ ZZZZ:205 ZZZZ:210 ZZZZ:220 ];
    community EXPORT-ALLOW members [ ZZZZ:100 ZZZZ:110 ]
    
    

    I see term 1 working - "gray networks" are blocked.
    But, term 2 and 3 don't work.

    If I configuring the last "then accept", then all networks are advertised except term 1.
    Community are working:

    run show route community ZZZ:205
    
    inet.0: 826821 destinations, 1578859 routes (826820 active, 0 holddown, 1 hidden)
    + = Active Route, - = Last Active, * = Both
    1.0.4.0/22         *[BGP/170] 00:05:49, MED 1739, localpref 50
                          AS path:  6939 4826 38803 56203 I, validation-state: unverified
                        > to AA.AA.AA.AA via xe-0/1/0.2
    1.0.4.0/24         *[BGP/170] 00:05:49, MED 1739, localpref 50
                          AS path:  6939 4826 38803 56203 I, validation-state: unverified
                        > to AA.AA.AA.AA via xe-0/1/0.2
    ......

     

    What am I doing wrong?
    Thanks

     



  • 2.  RE: filtered specific communities
    Best Answer

    Posted 04-17-2020 11:22

    Hello,

     


    @TRFL wrote:

     

    What am I doing wrong?
     

     

    Likely classic "logical OR versus logical AND" mistake. You configured logical AND:

     


    @TRFL wrote:
    
    
    community EXPORT-DENY members [ ZZZZ:205 ZZZZ:210 ZZZZ:220 ];
    community EXPORT-ALLOW members [ ZZZZ:100 ZZZZ:110 ]
    
    
     

     


     In plain English : only prefixes that have ALL of the 3 communities will match EXPORT-DENY expression.

    And only prefixes that have BOTH communities will match EXPORT-ALLOW expression.

     

    HTH

    Thx

    Alex

     

     

     

     



  • 3.  RE: filtered specific communities

    Posted 04-21-2020 06:09

    Thank you! You were right!
    I did so:

    community EXPORT-DENY1 members ZZZZ:205;
    community EXPORT-DENY2 members ZZZZ:210;
    community EXPORT-DENY3 members ZZZZ:220;
    
    community EXPORT-ALLOW1 members ZZZZ:100;
    community EXPORT-ALLOW2 members ZZZZ:110;
    
     policy-statement ISP-OUT {
            term 1 {
                from {
                    prefix-list-filter deny_gt_24 orlonger;
                    prefix-list-filter gray_networks orlonger;
                }
                then reject;
            }
            term 2 {
                from community [EXPORT-DENY1 EXPORT-DENY2 EXPORT-DENY3];
                then reject;
            }
            term 3 {
                from community [EXPORT-ALLOW1 EXPORT-ALLOW2];
                then {
                    as-path-prepend "ZZZZ ZZZZ";
                    accept;
                }
            }
    
            then reject;
    

    I got the necessary result.
    It works as it should.
    Juniper setup is very different from cisco.

    Thank you!

     

     



  • 4.  RE: filtered specific communities

    Posted 04-21-2020 06:50

    Hello,

     


    @TRFL wrote:


    Juniper setup is very different from cisco.

     

    Oh yes it is and this book https://www.amazon.com/Juniper-Cisco-Routing-Protocols-Multivendor/dp/0471215929  will teach You the differences and nuances You need to know

     

    HTH

    Thx

    Alex