Routing

 View Only
last person joined: 2 days ago 

Ask questions and share experiences about ACX Series, CTP Series, MX Series, PTX Series, SSR Series, JRR Series, and all things routing, including portfolios and protocols.
  • 1.  Advertising " interace lo0 " vs using a route filter ?? sh

    Posted 4 days ago



    Is  there are fundamental difference  between 

    [edit policy-options policy-statement ALLOW-LOOPBACK]
    root@dc1-leaf2# show 
    term LOOPBACKS {
        from interface lo0.0;
        then accept;
    }
    term REJECT {
        then reject;
    }

    AND


    [edit policy-options policy-statement ALLOW-LOOPBACK]
    root@dc1-leaf1# show 
    term LOOPBACKS {
        from {
            protocol direct;
            route-filter 192.0.2.0/24 prefix-length-range /32-/32;
        }
        then accept;
    }
    term REJECT {
        then reject;
    }

    If there are secondary addresses on the Lo0, this would be caught as well, but I'm wondering if there might be some other subtlety I'm unaware of.  Where but referencing the physical, I might be matching something unexpected.  Just considering the best practice. 

    Thank you for  any opinions 

    Simon



    ------------------------------
    JNCIE-ENT 907
    ------------------------------


  • 2.  RE: Advertising " interace lo0 " vs using a route filter ?? sh

    Posted 3 days ago

    Hi Simon,

    - The first policy will allow and advertise every IP address configured for the interface lo0.0. Consider the following.

    jcluser@SLF1# show interfaces lo0.0 | display inheritance no-comments 
    family inet {
        address 172.16.254.2/32;
        address 172.16.254.3/32;
        address 192.168.1.1/32;
    }
    
    jcluser@SLF1# show policy-options policy-statement bgp-export 
    term loopbacks {
        from interface lo0.0;
        then accept;
    }
    term reject {
        then reject;
    }
    
    jcluser@SLF1# show protocols bgp group vmx 
    export bgp-export;
    neighbor 10.10.10.2 {
        peer-as 64551;
    }
    
    jcluser@SLF1# run show route advertising-protocol bgp 10.10.10.2 
    
    Warning: License key missing; requires 'bgp' license
    
    
    inet.0: 20 destinations, 30 routes (20 active, 0 holddown, 0 hidden)
    Limit/Threshold: 1048576/1048576 destinations
      Prefix  Nexthop       MED     Lclpref    AS path
    * 172.16.254.2/32         Self                                    I
    * 172.16.254.3/32         Self                                    I
    * 192.168.1.1/32          Self                                    I

    - With the policy 2, all the /32 prefixes within that range will match irrespective of whether they are assigned on lo0.0 interface. So, all the /32 IPs configured on the loopback within that range + any /32 IP configured on an interface within that range (the probability of a /32 on another interface is very less though) will be matched. Consider this, where only the 172. IPs configured on the loopbacks get advertized, and not the 192.

    jcluser@SLF1# show interfaces lo0.0 | display inheritance no-comments 
    family inet {
        address 172.16.254.2/32;
        address 172.16.254.3/32;
        address 192.168.1.1/32;
    }
    
    
    jcluser@SLF1# show policy-options policy-statement direct 
    term loopbacks {
        from {
            protocol direct;
            route-filter 172.16.254.0/24 prefix-length-range /32-/32;
        }
        then accept;
    }
    term reject {
        then reject;
    }
    
    jcluser@SLF1# show protocols bgp group vmx 
    export direct;
    neighbor 10.10.10.2 {
        peer-as 64551;
    }
    
    jcluser@SLF1# run show route advertising-protocol bgp 10.10.10.2 
    
    Warning: License key missing; requires 'bgp' license
    
    
    inet.0: 20 destinations, 30 routes (20 active, 0 holddown, 0 hidden)
    Limit/Threshold: 1048576/1048576 destinations
      Prefix  Nexthop       MED     Lclpref    AS path
    * 172.16.254.2/32         Self                                    I
    * 172.16.254.3/32         Self                                    I
    
    

    - A better way probably is to combine both the policies into one, where only the required prefixes from lo0.0 interface is matched. Consider this.

    jcluser@SLF1# show interfaces lo0.0 | display inheritance no-comments 
    family inet {
        address 172.16.254.2/32;
        address 172.16.254.3/32;
        address 192.168.1.1/32;
    }
    
    jcluser@SLF1# show policy-options policy-statement loopbacks-direct-export                                                                                
    term loopbacks {
        from {
            interface lo0.0;
            route-filter 172.16.254.0/24 prefix-length-range /32-/32;
        }
        then accept;
    }
    term reject {
        then reject;
    }
    
    
    jcluser@SLF1# run show route advertising-protocol bgp 10.10.10.2                                                                                          
    
    Warning: License key missing; requires 'bgp' license
    
    
    inet.0: 20 destinations, 30 routes (20 active, 0 holddown, 0 hidden)
    Limit/Threshold: 1048576/1048576 destinations
      Prefix  Nexthop       MED     Lclpref    AS path
    * 172.16.254.2/32         Self                                    I
    * 172.16.254.3/32         Self                                    I
    
    [edit]
    jcluser@SLF1# show protocols bgp group vmx 
    export loopbacks-direct-export;
    neighbor 10.10.10.2 {
        peer-as 64551;
    }
    

    Hope this helps.

    Regards



    ------------------------------
    Sheetanshu Shekhar
    ------------------------------



  • 3.  RE: Advertising " interace lo0 " vs using a route filter ?? sh

    Posted yesterday

    Thankyou
    Sheetanshu Shekhar




    ------------------------------
    JNCIE-ENT 907
    ------------------------------