Re: Question for Juniper Config Expert

From: nenad pudar (nenad.pudar@gmail.com)
Date: Fri May 20 2005 - 15:12:03 GMT-3

Generic filter list that will match only the routes from neighboring
AS + eventually prepends of the same

So if neighbor is AS65001 then routes from 65001 (65001 65001 ....)
will have lp of 92

Specifying something like 65001+ is not a option since must be
generic and be able to be applied for all peers regardless of AS
number

According the Juniper there is no way to accomplish above.
The work around specified below is as-path list which allows a
single AS in as-path.

That means it will work for 65001 but will not 65001 65001 which to me
is acceptable

On 5/20/05, Scott Morris <swm@emanon.com> wrote:
> What?
>
> Let's step back a bit... What specifically are you trying to accomplish?
>
> You can get MUCH bigger and more entertaining than filtering a single AS.
> If you have anything longer, or including a space, you'll need to put it in
> quotes though!
>
> Scott
>
> -----Original Message-----
> From: nenad pudar [mailto:nenad.pudar@gmail.com]
> Sent: Friday, May 20, 2005 1:51 PM
> To: Steve Ohnmacht
> Cc: swm@emanon.com; ccielab@groupstudy.com
> Subject: Re: Question for Juniper Config Expert
>
> Thanks everybody
>
> Apparently the max we can get is
> as-path 60 .;
> This allows only single AS and not covers the prepending.
> According to Juniper people this is max that we can do.
>
> Actual policy looks like this
>
> policy-statement PEER-IMPORT-AS-65001 {
> term filter-default {
> from {
> route-filter 0.0.0.0/0 through 0.0.0.0/32;
> }
> then reject;
> }
> term filter-longer-than-24 {
> from {
> route-filter 0.0.0.0/0 prefix-length-range /25-/32;
> }
> then reject;
> }
> term leak-protect {
> from as-path 61;
> then {
> metric 0;
> local-preference 80;
> community add xxxx:86;
> community add ct8-comm;
> next policy;
> }
> }
> term AS65001-local-routes {
> from as-path 60;
> then {
> metric 0;
> local-preference 92;
> community add xxxx:86;
> community add ct8-comm;
> next policy;
> }
> }
> term default {
> then {
> metric 0;
> local-preference 90;
> community add xxxx:86;
> community add ct8-comm;
>
>
> nenad
>
> On 5/19/05, Steve Ohnmacht <gs.ohnmacht@gmail.com> wrote:
> > Definately agree with you that Junos policies are interesting to say
> > the least. Also IMO they can be pretty powerful as well... In the
> > hacked example I gave, I was just basing it off the the ip as-path
> > config provided. I see you took it a step further and actually applied
> > it to bgp... :-)
> >
> > Talk to you guys later....
> >
> > On 5/18/05, Scott Morris <swm@emanon.com> wrote:
> > > I think the definitions you are creating there are like as-path-group
> names.
> > > You can simple name something in the policy:
> > >
> > > Policy-options {
> > > null-as "()";
> > > policy-statement my-routes {
> > > term just-me {
> > > from {
> > > protocol bgp;
> > > as-path null-as;
> > > then accept;
> > > }
> > > term no-more {
> > > then reject;
> > > }
> > > }
> > > Protocol {
> > > bgp {
> > > neighbor x.x.x.x {
> > > export my-routes;
> > > }
> > > }
> > > }
> > >
> > > (Obviously you can make up your own term matches however you need
> > > to)
> > >
> > > Otherwise, the deny-all isn't really necessary since you logically
> reject
> > > them in the next stanza anyway. Policy routing on the Junos is quite
> > > entertaining to think through how things are or are not matched!
> > >
> > > http://www.juniper.net/techpubs/software/junos/junos70/swconfig70-po
> > > licy/htm l/policy-extend-match-config3.html#1094490
> > >
> > > It may simply be semantic differences in newer versions of Junos.
> > > Like you said, you had older configs around!
> > >
> > > Cheers,
> > >
> > > Scott
> > >
> > > -----Original Message-----
> > > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
> > > Of Steve Ohnmacht
> > > Sent: Wednesday, May 18, 2005 7:17 PM
> > > To: nenad pudar
> > > Cc: ccielab@groupstudy.com
> > > Subject: Re: Question for Juniper Config Expert
> > >
> > > It's been awhile since I've touched a juniper, but I'll take a crack
> > > at this one... For junipers you would create a policy under the
> > > policy-options section of the config, with your config below, a
> > > juniper example would something like this:
> > >
> > > Take this for what it's worth no guarantees.... :) Also, with
> > > junipers any route manipualtion is done via "JUNOS policies". I had
> > > to look at some old configs i have saved for reference... HTH...
> > >
> > > policy-options {
> > > as-path xxx-permit "^[0-9]+$"; <--- you may be able to represent
> > > your regex with just an atom "."
> > > as-path xxx-deny ".*";
> > > policy-statement xxxx {
> > > term permit {
> > > from as-path xxx-permit;
> > > then accept;
> > > }
> > > term deny {
> > > from as-path xxx-deny;
> > > then reject;
> > > }
> > > term deny-everything-else {
> > > then reject;
> > > }
> > > }
> > > }
> > >
> > >
> > > On 5/18/05, nenad pudar <nenad.pudar@gmail.com> wrote:
> > > > Hi
> > > > I need to create generic filter list using regexp that will allow
> > > > only routes from neighboring AS (+ eventually prepend from that
> > > > AS)
> > > >
> > > > I am not looking for as-path from one specific AS but rather the
> > > > generic filter list that can be applied for all existing and new
> > > > bgp neighbors
> > > >
> > > > One of the way to configure this on Cisco router is ip as-path
> > > > access-list xxx permit ^[0-9]+$ deny .*
> > > >
> > > >
> > > > thanks
> > > >
> > > > nenad
> > > >
> > > > nenad
> > > >
> > > > __________________________________________________________________
> > > > _____ Subscription information may be found at:
> > > > http://www.groupstudy.com/list/CCIELab.html
> > >
> > > ____________________________________________________________________
> > > ___ Subscription information may be found at:
> > > http://www.groupstudy.com/list/CCIELab.html

This archive was generated by hypermail 2.1.4 : Fri Jun 03 2005 - 10:11:59 GMT-3