The default final term in a policy is to accept any bgp route. So you will need to add a reject all term or policy to your chain for export and/or import as desired to restrict routes to just those explicitly called out in policy terms.
------------------------------
Steve Puluka BSEET - Juniper Ambassador
IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP - Retired)
http://puluka.com/home------------------------------
Original Message:
Sent: 04-28-2023 11:59
From: BHARGAV K
Subject: Direct and Default Routes are advertised to IBGP neighbor from routing-instance without a policy term
I have a JMX router in the lab with a routing-instance named Guest. MX is getting a default route from an upstream device. It is also having an IBGP neigh with a RR.
From MX-->upstream device, I'm advertising my directly connected routes and all the routes that i received from the RR with a specific community.
Question: RR is receiving the direct connected routes, default route from JMX. Even though i didn't mention it in the export policy. default route that i got is from upstream router. How it will be propagated to another IBGP neighbor (RR).. Because in IBGP, routes received from 1 IBGP peer should not be send to another IBGP peer.
This is my config...
LAB-JUNOS> show configuration routing-instances guest
instance-type vrf;
interface lt-0/1/10.1;
interface ae1.2023;
interface lo0.2023;
route-distinguisher 1.1.1.1:9;
vrf-import GUEST-VPN-IMPORT-POLICY;
vrf-export GUEST-VPN-EXPORT-POLICY;
vrf-target target:2:9;
vrf-table-label;
routing-options {
static {
route 12.12.12.12/32 next-hop 192.168.1.19;
}
}
protocols {
bgp {
group guest {
type internal;
hold-time 180;
export [ direct-routes ALLOW-GUEST-COMM-TO-UPSTREAM ];
neighbor 172.16.1.2 {
family inet {
any;
}
}
}
LAB-JUNOS> show configuration policy-options policy-statement GUEST-VPN-EXPORT-POLICY
term 1 {
from {
protocol direct;
route-filter 3.3.3.3/32 exact;
}
then {
community add GUEST-TARGET;
}
}
term not-the-private {
from {
route-filter 192.168.0.0/16 orlonger;
}
then reject;
}
term 2 {
then {
community add GUEST-TARGET-PE;
accept;
}
}
LAB-JUNOS> show configuration policy-options policy-statement GUEST-VPN-IMPORT-POLICY
term 1 {
from {
protocol bgp;
community GUEST-TARGET;
}
then accept;
}
term 4 {
then reject;
}
Thanks
------------------------------
BHARGAV K
------------------------------