Re: Question for Juniper Config Expert

From: nenad pudar (nenad.pudar@gmail.com)
Date: Fri May 20 2005 - 14:50:59 GMT-3

• Next message: Scott Morris: "RE: ISDN Basic-Net 3"
• Previous message: simon hart: "RE: ISDN Basic-Net 3"
• Maybe in reply to: nenad pudar: "Question for Juniper Config Expert"
• Next in thread: Scott Morris: "RE: Question for Juniper Config Expert"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Thanks everybody

Apparently the max we can get is
  as-path 60 .;
This allows only single AS and not covers the prepending.
 According to Juniper people this is max that we can do.

Actual policy looks like this

policy-statement PEER-IMPORT-AS-65001 {
    term filter-default {
        from {
            route-filter 0.0.0.0/0 through 0.0.0.0/32;
        }
        then reject;
    }
    term filter-longer-than-24 {
        from {
            route-filter 0.0.0.0/0 prefix-length-range /25-/32;
        }
        then reject;
    }
    term leak-protect {
        from as-path 61;
        then {
            metric 0;
            local-preference 80;
            community add xxxx:86;
            community add ct8-comm;
            next policy;
        }
    }
    term AS65001-local-routes {
        from as-path 60;
        then {
            metric 0;
            local-preference 92;
            community add xxxx:86;
            community add ct8-comm;
            next policy;
        }
    }
    term default {
        then {
            metric 0;
            local-preference 90;
            community add xxxx:86;
            community add ct8-comm;

nenad

On 5/19/05, Steve Ohnmacht <gs.ohnmacht@gmail.com> wrote:
> Definately agree with you that Junos policies are interesting to say
> the least. Also IMO they can be pretty powerful as well... In the
> hacked example I gave, I was just basing it off the the ip as-path
> config provided. I see you took it a step further and actually applied
> it to bgp... :-)
>
> Talk to you guys later....
>
> On 5/18/05, Scott Morris <swm@emanon.com> wrote:
> > I think the definitions you are creating there are like as-path-group names.
> > You can simple name something in the policy:
> >
> > Policy-options {
> > null-as "()";
> > policy-statement my-routes {
> > term just-me {
> > from {
> > protocol bgp;
> > as-path null-as;
> > then accept;
> > }
> > term no-more {
> > then reject;
> > }
> > }
> > Protocol {
> > bgp {
> > neighbor x.x.x.x {
> > export my-routes;
> > }
> > }
> > }
> >
> > (Obviously you can make up your own term matches however you need to)
> >
> > Otherwise, the deny-all isn't really necessary since you logically reject
> > them in the next stanza anyway. Policy routing on the Junos is quite
> > entertaining to think through how things are or are not matched!
> >
> > http://www.juniper.net/techpubs/software/junos/junos70/swconfig70-policy/htm
> > l/policy-extend-match-config3.html#1094490
> >
> > It may simply be semantic differences in newer versions of Junos. Like you
> > said, you had older configs around!
> >
> > Cheers,
> >
> > Scott
> >
> > -----Original Message-----
> > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> > Steve Ohnmacht
> > Sent: Wednesday, May 18, 2005 7:17 PM
> > To: nenad pudar
> > Cc: ccielab@groupstudy.com
> > Subject: Re: Question for Juniper Config Expert
> >
> > It's been awhile since I've touched a juniper, but I'll take a crack at this
> > one... For junipers you would create a policy under the policy-options
> > section of the config, with your config below, a juniper example would
> > something like this:
> >
> > Take this for what it's worth no guarantees.... :) Also, with junipers any
> > route manipualtion is done via "JUNOS policies". I had to look at some old
> > configs i have saved for reference... HTH...
> >
> > policy-options {
> > as-path xxx-permit "^[0-9]+$"; <--- you may be able to represent your
> > regex with just an atom "."
> > as-path xxx-deny ".*";
> > policy-statement xxxx {
> > term permit {
> > from as-path xxx-permit;
> > then accept;
> > }
> > term deny {
> > from as-path xxx-deny;
> > then reject;
> > }
> > term deny-everything-else {
> > then reject;
> > }
> > }
> > }
> >
> >
> > On 5/18/05, nenad pudar <nenad.pudar@gmail.com> wrote:
> > > Hi
> > > I need to create generic filter list using regexp that will allow only
> > > routes from neighboring AS (+ eventually prepend from that AS)
> > >
> > > I am not looking for as-path from one specific AS but rather the
> > > generic filter list that can be applied for all existing and new bgp
> > > neighbors
> > >
> > > One of the way to configure this on Cisco router is ip as-path
> > > access-list xxx permit ^[0-9]+$ deny .*
> > >
> > >
> > > thanks
> > >
> > > nenad
> > >
> > > nenad
> > >
> > > _______________________________________________________________________
> > > Subscription information may be found at:
> > > http://www.groupstudy.com/list/CCIELab.html
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html

• Next message: Scott Morris: "RE: ISDN Basic-Net 3"
• Previous message: simon hart: "RE: ISDN Basic-Net 3"
• Maybe in reply to: nenad pudar: "Question for Juniper Config Expert"
• Next in thread: Scott Morris: "RE: Question for Juniper Config Expert"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Fri Jun 03 2005 - 10:11:59 GMT-3