Hi Simon,
- The first policy will allow and advertise every IP address configured for the interface lo0.0. Consider the following.
jcluser@SLF1# show interfaces lo0.0 | display inheritance no-comments
family inet {
address 172.16.254.2/32;
address 172.16.254.3/32;
address 192.168.1.1/32;
}
jcluser@SLF1# show policy-options policy-statement bgp-export
term loopbacks {
from interface lo0.0;
then accept;
}
term reject {
then reject;
}
jcluser@SLF1# show protocols bgp group vmx
export bgp-export;
neighbor 10.10.10.2 {
peer-as 64551;
}
jcluser@SLF1# run show route advertising-protocol bgp 10.10.10.2
Warning: License key missing; requires 'bgp' license
inet.0: 20 destinations, 30 routes (20 active, 0 holddown, 0 hidden)
Limit/Threshold: 1048576/1048576 destinations
Prefix Nexthop MED Lclpref AS path
* 172.16.254.2/32 Self I
* 172.16.254.3/32 Self I
* 192.168.1.1/32 Self I
- With the policy 2, all the /32 prefixes within that range will match irrespective of whether they are assigned on lo0.0 interface. So, all the /32 IPs configured on the loopback within that range + any /32 IP configured on an interface within that range (the probability of a /32 on another interface is very less though) will be matched. Consider this, where only the 172. IPs configured on the loopbacks get advertized, and not the 192.
jcluser@SLF1# show interfaces lo0.0 | display inheritance no-comments
family inet {
address 172.16.254.2/32;
address 172.16.254.3/32;
address 192.168.1.1/32;
}
jcluser@SLF1# show policy-options policy-statement direct
term loopbacks {
from {
protocol direct;
route-filter 172.16.254.0/24 prefix-length-range /32-/32;
}
then accept;
}
term reject {
then reject;
}
jcluser@SLF1# show protocols bgp group vmx
export direct;
neighbor 10.10.10.2 {
peer-as 64551;
}
jcluser@SLF1# run show route advertising-protocol bgp 10.10.10.2
Warning: License key missing; requires 'bgp' license
inet.0: 20 destinations, 30 routes (20 active, 0 holddown, 0 hidden)
Limit/Threshold: 1048576/1048576 destinations
Prefix Nexthop MED Lclpref AS path
* 172.16.254.2/32 Self I
* 172.16.254.3/32 Self I
- A better way probably is to combine both the policies into one, where only the required prefixes from lo0.0 interface is matched. Consider this.
jcluser@SLF1# show interfaces lo0.0 | display inheritance no-comments
family inet {
address 172.16.254.2/32;
address 172.16.254.3/32;
address 192.168.1.1/32;
}
jcluser@SLF1# show policy-options policy-statement loopbacks-direct-export
term loopbacks {
from {
interface lo0.0;
route-filter 172.16.254.0/24 prefix-length-range /32-/32;
}
then accept;
}
term reject {
then reject;
}
jcluser@SLF1# run show route advertising-protocol bgp 10.10.10.2
Warning: License key missing; requires 'bgp' license
inet.0: 20 destinations, 30 routes (20 active, 0 holddown, 0 hidden)
Limit/Threshold: 1048576/1048576 destinations
Prefix Nexthop MED Lclpref AS path
* 172.16.254.2/32 Self I
* 172.16.254.3/32 Self I
[edit]
jcluser@SLF1# show protocols bgp group vmx
export loopbacks-direct-export;
neighbor 10.10.10.2 {
peer-as 64551;
}
Hope this helps.
Regards
------------------------------
Sheetanshu Shekhar
------------------------------
Original Message:
Sent: 02-03-2025 04:16
From: Simon Bingham (technical debt collector)
Subject: Advertising " interace lo0 " vs using a route filter ?? sh
Is there are fundamental difference between
[edit policy-options policy-statement ALLOW-LOOPBACK]
root@dc1-leaf2# show
term LOOPBACKS {
from interface lo0.0;
then accept;
}
term REJECT {
then reject;
}
AND
[edit policy-options policy-statement ALLOW-LOOPBACK]
root@dc1-leaf1# show
term LOOPBACKS {
from {
protocol direct;
route-filter 192.0.2.0/24 prefix-length-range /32-/32;
}
then accept;
}
term REJECT {
then reject;
}
If there are secondary addresses on the Lo0, this would be caught as well, but I'm wondering if there might be some other subtlety I'm unaware of. Where but referencing the physical, I might be matching something unexpected. Just considering the best practice.
Thank you for any opinions
Simon
------------------------------
JNCIE-ENT 907
------------------------------