From: Steve Ohnmacht (gs.ohnmacht@gmail.com)
Date: Thu May 19 2005 - 12:14:15 GMT-3
Definately agree with you that Junos policies are interesting to say
the least. Also IMO they can be pretty powerful as well... In the
hacked example I gave, I was just basing it off the the ip as-path
config provided. I see you took it a step further and actually applied
it to bgp... :-)
Talk to you guys later....
On 5/18/05, Scott Morris <swm@emanon.com> wrote:
> I think the definitions you are creating there are like as-path-group names.
> You can simple name something in the policy:
>
> Policy-options {
> null-as "()";
> policy-statement my-routes {
> term just-me {
> from {
> protocol bgp;
> as-path null-as;
> then accept;
> }
> term no-more {
> then reject;
> }
> }
> Protocol {
> bgp {
> neighbor x.x.x.x {
> export my-routes;
> }
> }
> }
>
> (Obviously you can make up your own term matches however you need to)
>
> Otherwise, the deny-all isn't really necessary since you logically reject
> them in the next stanza anyway. Policy routing on the Junos is quite
> entertaining to think through how things are or are not matched!
>
> http://www.juniper.net/techpubs/software/junos/junos70/swconfig70-policy/htm
> l/policy-extend-match-config3.html#1094490
>
> It may simply be semantic differences in newer versions of Junos. Like you
> said, you had older configs around!
>
> Cheers,
>
> Scott
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> Steve Ohnmacht
> Sent: Wednesday, May 18, 2005 7:17 PM
> To: nenad pudar
> Cc: ccielab@groupstudy.com
> Subject: Re: Question for Juniper Config Expert
>
> It's been awhile since I've touched a juniper, but I'll take a crack at this
> one... For junipers you would create a policy under the policy-options
> section of the config, with your config below, a juniper example would
> something like this:
>
> Take this for what it's worth no guarantees.... :) Also, with junipers any
> route manipualtion is done via "JUNOS policies". I had to look at some old
> configs i have saved for reference... HTH...
>
> policy-options {
> as-path xxx-permit "^[0-9]+$"; <--- you may be able to represent your
> regex with just an atom "."
> as-path xxx-deny ".*";
> policy-statement xxxx {
> term permit {
> from as-path xxx-permit;
> then accept;
> }
> term deny {
> from as-path xxx-deny;
> then reject;
> }
> term deny-everything-else {
> then reject;
> }
> }
> }
>
>
> On 5/18/05, nenad pudar <nenad.pudar@gmail.com> wrote:
> > Hi
> > I need to create generic filter list using regexp that will allow only
> > routes from neighboring AS (+ eventually prepend from that AS)
> >
> > I am not looking for as-path from one specific AS but rather the
> > generic filter list that can be applied for all existing and new bgp
> > neighbors
> >
> > One of the way to configure this on Cisco router is ip as-path
> > access-list xxx permit ^[0-9]+$ deny .*
> >
> >
> > thanks
> >
> > nenad
> >
> > nenad
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Fri Jun 03 2005 - 10:11:59 GMT-3