Your policy expression is wrong (mix of logical AND and default TRUE): a route cannot be AT THE SAME TIME 130.130.130.130/32 AND 30.30.30.30/32.
Default action in a policy (no match) is «next-policy» which is a «non terminating action» (that is, policy parsing continues).
When you use either subpolicies chains/expressions, or policy expressions (like here), you must think about the default behaviour and the boolean test results (which are not used in policy chains).
In policy expressions, you have a boolean test. The boolean result of the default action «next-policy» is TRUE. Therefore, the default boolean result of a policy in a policy expression is TRUE.
About the two routes:
For the route 130.130.130.130/32: it doesn't match in the first policy, the default result is next-policy/TRUE, then it matches and is accepted in the second policy (result is TRUE/accept): global/final expression result is accept/TRUE.
For the route 30.30.30.30/32: it matches and is accepted in the first policy, but doesn't match the second one and therefore go through its default action next-policy/TRUE ; there are no next policy, so the default policy for the pseudo-protocol for DIRECT routes is applied, which is: reject (FALSE). So the route isn't announced as the global/final expression result is reject/FALSE.
Summary: In policy boolean expressions (not talking about policy chains here), all the policies must end with an ending default reject term to have something working, or you must expect discrepancies / complete mess/ going bonkers, with behaviours you won't understand.
Solutions:
1) Policy Chain (instead of policy expression)
actually, in such a case, you would typically use a policy CHAIN here, and not a policy EXPRESSION.
In these conditions you would do this:
set policy-options policy-statement reject term reject then reject
delete protocols bgp group INT export
set protocols bgp group INT export [ TEST1 TEST2 reject ]
in this case all the 2 TEST policies will be parsed one by one (with a default non-terminating «next-term» action if no match), without any consideration of boolean result. The ending third policy acts as a match-and-reject-all-stuff-that-did-not-match-before ; «reject» being a terminating action.
2) Fixing Policy Expressions
If you absolutely want to use a policy boolean EXPRESSION (to understand how it works, as was your intention), you'll need to add a last default reject term in each of your policies used in the policy expression.
And of course you need to replace the logical AND by a logical OR.
set policy-options policy-statement TEST1 term default-reject then reject
set policy-options policy-statement TEST2 term default-reject then reject
delete protocols bgp group INT export
set protocols bgp group INT export ( TEST1 || TEST2 )
Of course the solution 1 is better, simpler, more understandable.
You should read Juniper Understanding Policy Expressions
------------------------------
Olivier Benghozi
------------------------------
Original Message:
Sent: 07-20-2025 13:58
From: LEEBAHI
Subject: Logical && operator for BGP export
Hi everyone,
I am trying to understand how logical && operator works for BGP export.
Sample topology:
MX1 should announce both 30.30.30.30/32 and 130.130.130/32 to IBGP peer 100.100.100.3 because of logical && export under BGP but I do not see that:
CONFIG on MX1:
What am I missing ?
Much appreciated!!
------------------------------
Be kind!!
------------------------------