Routing

after applying an import route policy to BGP to filter out route from an ASN, the related routes have been filtered locally, but the 'advertising-protocol' command still shows the routes being advertised.

applying an export does not change it either.

it this normal?

version is 23.2R2.21

Short answer No, but something tells me your config isn't quite correct.  Any chance you can provide the policy config and also the BGP config.  In addition, provide a d show route receive protocol bgp <neighbor-address> and also a show route.  These outputs may be lengthy so perhaps sharing them via an attachment/upload file would be best.  

Are you wanting to filter out a single route or all routes that come directly from a particular ASN or if the route ever transited that ASN??  

after applying an import route policy to BGP to filter out route from an ASN, the related routes have been filtered locally, but the 'advertising-protocol' command still shows the routes being advertised.

applying an export does not change it either.

it this normal?

version is 23.2R2.21

i am trying to block all routes from ASN 1620. but the routes are not learnt directly from that AS neighbor.

the 'show route aspath-regex' command matches nothing, but both 'received protocol' and 'advertised protocol' commands returns routes from ASN 1620.

import policy is applied to ibgp neighbor where the routes come from, while export policy is applied to ebgp neighbor where the routes should not go.

config below:

lab@R7> show configuration protocols bgp 
group ibgp {
    type internal;
    local-address 172.30.5.7;
    import ix;
    authentication-key "$9$JmUi.AtOREyQFCu"; ## SECRET-DATA
    export nhs;
    neighbor 172.30.5.8;
}
group P1-2 {
    log-updown;
    export ix;
    peer-as 1679.12483;
    neighbor 192.168.0.30;
}
lab@R7> show configuration policy-options                     
policy-statement ix {
    from as-path ix;
    then reject;
}
as-path ix 1620;

and output below:

lab@R7> show route aspath-regex 1620 

inet.0: 877 destinations, 1457 routes (877 active, 0 holddown, 0 hidden)

iso.0: 1 destinations, 1 routes (1 active, 0 holddown, 0 hidden)

inet6.0: 48 destinations, 48 routes (48 active, 0 holddown, 0 hidden)

lab@R7> show route receive-protocol bgp 172.30.5.8 

inet.0: 877 destinations, 1457 routes (877 active, 0 holddown, 0 hidden)
  Prefix  Nexthop       MED     Lclpref    AS path
* 0.0.0.0/4               192.168.1.3                  100        (65000) 1620 61671 I
* 0.0.0.0/5               192.168.1.3                  100        (65000) 1620 61671 27075 I
* 1.64.0.0/10             192.168.1.3                  100        (65000) 1620 61671 I
* 1.84.160.0/20           192.168.1.3                  100        (65000) 1620 33112 I
* 1.96.0.0/11             192.168.1.3                  100        (65000) 1620 33112 63164 40776 51777 I
* 1.161.192.0/21          192.168.1.3                  100        (65000) 1620 33112 30404 32138 45045 I
  1.166.89.0/24           172.30.5.8                   100        110047427 56422 47123 34908 57085 3090 19128 2
1300 I

lab@R7> show route advertising-protocol bgp 192.168.0.30 

inet.0: 877 destinations, 1457 routes (877 active, 0 holddown, 0 hidden)
  Prefix  Nexthop       MED     Lclpref    AS path
* 0.0.0.0/4               Self                                    1620 61671 I
* 0.0.0.0/5               Self                                    1620 61671 27075 I
* 1.64.0.0/10             Self                                    1620 61671 I
* 1.84.160.0/20           Self                                    1620 33112 I
* 1.96.0.0/11             Self                                    1620 33112 63164 40776 51777 I
* 1.161.192.0/21          Self                                    1620 33112 30404 32138 45045 I
* 1.176.0.0/12            Self                                    1620 33112 49129 16320 52954 I
* 2.0.0.0/7               Self                                    1620 61671 60177 3091 5721 1770 35283 6098 414
07 ?

Short answer No, but something tells me your config isn't quite correct.  Any chance you can provide the policy config and also the BGP config.  In addition, provide a d show route receive protocol bgp <neighbor-address> and also a show route.  These outputs may be lengthy so perhaps sharing them via an attachment/upload file would be best.  

Are you wanting to filter out a single route or all routes that come directly from a particular ASN or if the route ever transited that ASN??  

after applying an import route policy to BGP to filter out route from an ASN, the related routes have been filtered locally, but the 'advertising-protocol' command still shows the routes being advertised.

applying an export does not change it either.

it this normal?

version is 23.2R2.21

try updating your as-path ix  to read ".* 1620 .*"    <--be sure to include the quotes

This will match any routes that have AS 1620 in the AS-Path.  According to your policy, it will block them.  

i am trying to block all routes from ASN 1620. but the routes are not learnt directly from that AS neighbor.

the 'show route aspath-regex' command matches nothing, but both 'received protocol' and 'advertised protocol' commands returns routes from ASN 1620.

import policy is applied to ibgp neighbor where the routes come from, while export policy is applied to ebgp neighbor where the routes should not go.

config below:

lab@R7> show configuration protocols bgp 
group ibgp {
    type internal;
    local-address 172.30.5.7;
    import ix;
    authentication-key "$9$JmUi.AtOREyQFCu"; ## SECRET-DATA
    export nhs;
    neighbor 172.30.5.8;
}
group P1-2 {
    log-updown;
    export ix;
    peer-as 1679.12483;
    neighbor 192.168.0.30;
}
lab@R7> show configuration policy-options                     
policy-statement ix {
    from as-path ix;
    then reject;
}
as-path ix 1620;

and output below:

lab@R7> show route aspath-regex 1620 

inet.0: 877 destinations, 1457 routes (877 active, 0 holddown, 0 hidden)

iso.0: 1 destinations, 1 routes (1 active, 0 holddown, 0 hidden)

inet6.0: 48 destinations, 48 routes (48 active, 0 holddown, 0 hidden)

lab@R7> show route receive-protocol bgp 172.30.5.8 

inet.0: 877 destinations, 1457 routes (877 active, 0 holddown, 0 hidden)
  Prefix  Nexthop       MED     Lclpref    AS path
* 0.0.0.0/4               192.168.1.3                  100        (65000) 1620 61671 I
* 0.0.0.0/5               192.168.1.3                  100        (65000) 1620 61671 27075 I
* 1.64.0.0/10             192.168.1.3                  100        (65000) 1620 61671 I
* 1.84.160.0/20           192.168.1.3                  100        (65000) 1620 33112 I
* 1.96.0.0/11             192.168.1.3                  100        (65000) 1620 33112 63164 40776 51777 I
* 1.161.192.0/21          192.168.1.3                  100        (65000) 1620 33112 30404 32138 45045 I
  1.166.89.0/24           172.30.5.8                   100        110047427 56422 47123 34908 57085 3090 19128 2
1300 I

lab@R7> show route advertising-protocol bgp 192.168.0.30 

inet.0: 877 destinations, 1457 routes (877 active, 0 holddown, 0 hidden)
  Prefix  Nexthop       MED     Lclpref    AS path
* 0.0.0.0/4               Self                                    1620 61671 I
* 0.0.0.0/5               Self                                    1620 61671 27075 I
* 1.64.0.0/10             Self                                    1620 61671 I
* 1.84.160.0/20           Self                                    1620 33112 I
* 1.96.0.0/11             Self                                    1620 33112 63164 40776 51777 I
* 1.161.192.0/21          Self                                    1620 33112 30404 32138 45045 I
* 1.176.0.0/12            Self                                    1620 33112 49129 16320 52954 I
* 2.0.0.0/7               Self                                    1620 61671 60177 3091 5721 1770 35283 6098 414
07 ?

Short answer No, but something tells me your config isn't quite correct.  Any chance you can provide the policy config and also the BGP config.  In addition, provide a d show route receive protocol bgp <neighbor-address> and also a show route.  These outputs may be lengthy so perhaps sharing them via an attachment/upload file would be best.  

Are you wanting to filter out a single route or all routes that come directly from a particular ASN or if the route ever transited that ASN??  

after applying an import route policy to BGP to filter out route from an ASN, the related routes have been filtered locally, but the 'advertising-protocol' command still shows the routes being advertised.

applying an export does not change it either.

it this normal?

version is 23.2R2.21

it works after changing to that regex.

however, according to below URL, shouldn't ASN alone work too?

https://www.juniper.net/documentation/us/en/software/junos/routing-policy/topics/concept/policy-configuring-as-path-regular-expressions-to-use-as-routing-policy-match-conditions.html

i also tried "^1620$" and it did not work.

try updating your as-path ix  to read ".* 1620 .*"    <--be sure to include the quotes

This will match any routes that have AS 1620 in the AS-Path.  According to your policy, it will block them.  

i am trying to block all routes from ASN 1620. but the routes are not learnt directly from that AS neighbor.

the 'show route aspath-regex' command matches nothing, but both 'received protocol' and 'advertised protocol' commands returns routes from ASN 1620.

import policy is applied to ibgp neighbor where the routes come from, while export policy is applied to ebgp neighbor where the routes should not go.

config below:

lab@R7> show configuration protocols bgp 
group ibgp {
    type internal;
    local-address 172.30.5.7;
    import ix;
    authentication-key "$9$JmUi.AtOREyQFCu"; ## SECRET-DATA
    export nhs;
    neighbor 172.30.5.8;
}
group P1-2 {
    log-updown;
    export ix;
    peer-as 1679.12483;
    neighbor 192.168.0.30;
}
lab@R7> show configuration policy-options                     
policy-statement ix {
    from as-path ix;
    then reject;
}
as-path ix 1620;

and output below:

lab@R7> show route aspath-regex 1620 

inet.0: 877 destinations, 1457 routes (877 active, 0 holddown, 0 hidden)

iso.0: 1 destinations, 1 routes (1 active, 0 holddown, 0 hidden)

inet6.0: 48 destinations, 48 routes (48 active, 0 holddown, 0 hidden)

lab@R7> show route receive-protocol bgp 172.30.5.8 

inet.0: 877 destinations, 1457 routes (877 active, 0 holddown, 0 hidden)
  Prefix  Nexthop       MED     Lclpref    AS path
* 0.0.0.0/4               192.168.1.3                  100        (65000) 1620 61671 I
* 0.0.0.0/5               192.168.1.3                  100        (65000) 1620 61671 27075 I
* 1.64.0.0/10             192.168.1.3                  100        (65000) 1620 61671 I
* 1.84.160.0/20           192.168.1.3                  100        (65000) 1620 33112 I
* 1.96.0.0/11             192.168.1.3                  100        (65000) 1620 33112 63164 40776 51777 I
* 1.161.192.0/21          192.168.1.3                  100        (65000) 1620 33112 30404 32138 45045 I
  1.166.89.0/24           172.30.5.8                   100        110047427 56422 47123 34908 57085 3090 19128 2
1300 I

lab@R7> show route advertising-protocol bgp 192.168.0.30 

inet.0: 877 destinations, 1457 routes (877 active, 0 holddown, 0 hidden)
  Prefix  Nexthop       MED     Lclpref    AS path
* 0.0.0.0/4               Self                                    1620 61671 I
* 0.0.0.0/5               Self                                    1620 61671 27075 I
* 1.64.0.0/10             Self                                    1620 61671 I
* 1.84.160.0/20           Self                                    1620 33112 I
* 1.96.0.0/11             Self                                    1620 33112 63164 40776 51777 I
* 1.161.192.0/21          Self                                    1620 33112 30404 32138 45045 I
* 1.176.0.0/12            Self                                    1620 33112 49129 16320 52954 I
* 2.0.0.0/7               Self                                    1620 61671 60177 3091 5721 1770 35283 6098 414
07 ?

Short answer No, but something tells me your config isn't quite correct.  Any chance you can provide the policy config and also the BGP config.  In addition, provide a d show route receive protocol bgp <neighbor-address> and also a show route.  These outputs may be lengthy so perhaps sharing them via an attachment/upload file would be best.  

Are you wanting to filter out a single route or all routes that come directly from a particular ASN or if the route ever transited that ASN??  

after applying an import route policy to BGP to filter out route from an ASN, the related routes have been filtered locally, but the 'advertising-protocol' command still shows the routes being advertised.

applying an export does not change it either.

it this normal?

version is 23.2R2.21