RE: Question for Juniper Config Expert

From: Scott Morris (swm@emanon.com)
Date: Fri May 20 2005 - 15:01:40 GMT-3

What?

Let's step back a bit... What specifically are you trying to accomplish?

You can get MUCH bigger and more entertaining than filtering a single AS.
If you have anything longer, or including a space, you'll need to put it in
quotes though!

Scott

-----Original Message-----
From: nenad pudar [mailto:nenad.pudar@gmail.com]
Sent: Friday, May 20, 2005 1:51 PM
To: Steve Ohnmacht
Cc: swm@emanon.com; ccielab@groupstudy.com
Subject: Re: Question for Juniper Config Expert

Thanks everybody

Apparently the max we can get is
  as-path 60 .;
This allows only single AS and not covers the prepending.
 According to Juniper people this is max that we can do.

Actual policy looks like this

policy-statement PEER-IMPORT-AS-65001 {
    term filter-default {
        from {
            route-filter 0.0.0.0/0 through 0.0.0.0/32;
        }
        then reject;
    }
    term filter-longer-than-24 {
        from {
            route-filter 0.0.0.0/0 prefix-length-range /25-/32;
        }
        then reject;
    }
    term leak-protect {
        from as-path 61;
        then {
            metric 0;
            local-preference 80;
            community add xxxx:86;
            community add ct8-comm;
            next policy;
        }
    }
    term AS65001-local-routes {
        from as-path 60;
        then {
            metric 0;
            local-preference 92;
            community add xxxx:86;
            community add ct8-comm;
            next policy;
        }
    }
    term default {
        then {
            metric 0;
            local-preference 90;
            community add xxxx:86;
            community add ct8-comm;

nenad

On 5/19/05, Steve Ohnmacht <gs.ohnmacht@gmail.com> wrote:
> Definately agree with you that Junos policies are interesting to say
> the least. Also IMO they can be pretty powerful as well... In the
> hacked example I gave, I was just basing it off the the ip as-path
> config provided. I see you took it a step further and actually applied
> it to bgp... :-)
>
> Talk to you guys later....
>
> On 5/18/05, Scott Morris <swm@emanon.com> wrote:
> > I think the definitions you are creating there are like as-path-group
names.
> > You can simple name something in the policy:
> >
> > Policy-options {
> > null-as "()";
> > policy-statement my-routes {
> > term just-me {
> > from {
> > protocol bgp;
> > as-path null-as;
> > then accept;
> > }
> > term no-more {
> > then reject;
> > }
> > }
> > Protocol {
> > bgp {
> > neighbor x.x.x.x {
> > export my-routes;
> > }
> > }
> > }
> >
> > (Obviously you can make up your own term matches however you need
> > to)
> >
> > Otherwise, the deny-all isn't really necessary since you logically
reject
> > them in the next stanza anyway. Policy routing on the Junos is quite
> > entertaining to think through how things are or are not matched!
> >
> > http://www.juniper.net/techpubs/software/junos/junos70/swconfig70-po
> > licy/htm l/policy-extend-match-config3.html#1094490
> >
> > It may simply be semantic differences in newer versions of Junos.
> > Like you said, you had older configs around!
> >
> > Cheers,
> >
> > Scott
> >
> > -----Original Message-----
> > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
> > Of Steve Ohnmacht
> > Sent: Wednesday, May 18, 2005 7:17 PM
> > To: nenad pudar
> > Cc: ccielab@groupstudy.com
> > Subject: Re: Question for Juniper Config Expert
> >
> > It's been awhile since I've touched a juniper, but I'll take a crack
> > at this one... For junipers you would create a policy under the
> > policy-options section of the config, with your config below, a
> > juniper example would something like this:
> >
> > Take this for what it's worth no guarantees.... :) Also, with
> > junipers any route manipualtion is done via "JUNOS policies". I had
> > to look at some old configs i have saved for reference... HTH...
> >
> > policy-options {
> > as-path xxx-permit "^[0-9]+$"; <--- you may be able to represent
> > your regex with just an atom "."
> > as-path xxx-deny ".*";
> > policy-statement xxxx {
> > term permit {
> > from as-path xxx-permit;
> > then accept;
> > }
> > term deny {
> > from as-path xxx-deny;
> > then reject;
> > }
> > term deny-everything-else {
> > then reject;
> > }
> > }
> > }
> >
> >
> > On 5/18/05, nenad pudar <nenad.pudar@gmail.com> wrote:
> > > Hi
> > > I need to create generic filter list using regexp that will allow
> > > only routes from neighboring AS (+ eventually prepend from that
> > > AS)
> > >
> > > I am not looking for as-path from one specific AS but rather the
> > > generic filter list that can be applied for all existing and new
> > > bgp neighbors
> > >
> > > One of the way to configure this on Cisco router is ip as-path
> > > access-list xxx permit ^[0-9]+$ deny .*
> > >
> > >
> > > thanks
> > >
> > > nenad
> > >
> > > nenad
> > >
> > > __________________________________________________________________
> > > _____ Subscription information may be found at:
> > > http://www.groupstudy.com/list/CCIELab.html
> >
> > ____________________________________________________________________
> > ___ Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html

This archive was generated by hypermail 2.1.4 : Fri Jun 03 2005 - 10:11:59 GMT-3