From: nenad pudar (nenad.pudar@gmail.com)
Date: Fri May 20 2005 - 15:54:24 GMT-3
This is not bad idea ,however it requires maintaing of that as-path-group
To me the solution I described is good enough.
If some peers want to prepend their local routes to me this is a
signal to me to not prefer that path.
Even more I am working for big ISP which peers with almost everybody
of big players on Internet ,I just did a check there is no single one
that is prepending its local routes.
thanks
nenad
On 5/20/05, Scott Morris <swm@emanon.com> wrote:
> Well... You would need a separate filter for each of your peers (unless you
> have multiple peers going to the same AS number). But you can have multiple
> filters. However, I don't see what would be wrong with "(65001)+" which
> would treat the entire entry 65001 and allow one or more of them.
>
> You can create multiple as-path-group entries and then match different ones
> within your policy:
>
> + policy-options {
> + as-path-group MyFriends {
> + as-path AS65001 "(65001)+";
> + as-path AS65002 "(65002)+";
> + as-path AS65003 "(65003)+";
> + }
> + }
>
> Then in your import filter, just match on the group (any entry) instead of
> the specifics.
>
> HTH,
>
> Scott
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> nenad pudar
> Sent: Friday, May 20, 2005 2:12 PM
> To: swm@emanon.com
> Cc: Steve Ohnmacht; ccielab@groupstudy.com
> Subject: Re: Question for Juniper Config Expert
>
> Generic filter list that will match only the routes from neighboring AS +
> eventually prepends of the same
>
> So if neighbor is AS65001 then routes from 65001 (65001 65001 ....) will
> have lp of 92
>
> Specifying something like 65001+ is not a option since must be generic and
> be able to be applied for all peers regardless of AS number
>
> According the Juniper there is no way to accomplish above.
> The work around specified below is as-path list which allows a single AS
> in as-path.
>
> That means it will work for 65001 but will not 65001 65001 which to me is
> acceptable
>
> On 5/20/05, Scott Morris <swm@emanon.com> wrote:
> > What?
> >
> > Let's step back a bit... What specifically are you trying to accomplish?
> >
> > You can get MUCH bigger and more entertaining than filtering a single AS.
> > If you have anything longer, or including a space, you'll need to put
> > it in quotes though!
> >
> > Scott
> >
> > -----Original Message-----
> > From: nenad pudar [mailto:nenad.pudar@gmail.com]
> > Sent: Friday, May 20, 2005 1:51 PM
> > To: Steve Ohnmacht
> > Cc: swm@emanon.com; ccielab@groupstudy.com
> > Subject: Re: Question for Juniper Config Expert
> >
> > Thanks everybody
> >
> > Apparently the max we can get is
> > as-path 60 .;
> > This allows only single AS and not covers the prepending.
> > According to Juniper people this is max that we can do.
> >
> > Actual policy looks like this
> >
> > policy-statement PEER-IMPORT-AS-65001 {
> > term filter-default {
> > from {
> > route-filter 0.0.0.0/0 through 0.0.0.0/32;
> > }
> > then reject;
> > }
> > term filter-longer-than-24 {
> > from {
> > route-filter 0.0.0.0/0 prefix-length-range /25-/32;
> > }
> > then reject;
> > }
> > term leak-protect {
> > from as-path 61;
> > then {
> > metric 0;
> > local-preference 80;
> > community add xxxx:86;
> > community add ct8-comm;
> > next policy;
> > }
> > }
> > term AS65001-local-routes {
> > from as-path 60;
> > then {
> > metric 0;
> > local-preference 92;
> > community add xxxx:86;
> > community add ct8-comm;
> > next policy;
> > }
> > }
> > term default {
> > then {
> > metric 0;
> > local-preference 90;
> > community add xxxx:86;
> > community add ct8-comm;
> >
> >
> > nenad
> >
> > On 5/19/05, Steve Ohnmacht <gs.ohnmacht@gmail.com> wrote:
> > > Definately agree with you that Junos policies are interesting to say
> > > the least. Also IMO they can be pretty powerful as well... In the
> > > hacked example I gave, I was just basing it off the the ip as-path
> > > config provided. I see you took it a step further and actually
> > > applied it to bgp... :-)
> > >
> > > Talk to you guys later....
> > >
> > > On 5/18/05, Scott Morris <swm@emanon.com> wrote:
> > > > I think the definitions you are creating there are like
> > > > as-path-group
> > names.
> > > > You can simple name something in the policy:
> > > >
> > > > Policy-options {
> > > > null-as "()";
> > > > policy-statement my-routes {
> > > > term just-me {
> > > > from {
> > > > protocol bgp;
> > > > as-path null-as;
> > > > then accept;
> > > > }
> > > > term no-more {
> > > > then reject;
> > > > }
> > > > }
> > > > Protocol {
> > > > bgp {
> > > > neighbor x.x.x.x {
> > > > export my-routes;
> > > > }
> > > > }
> > > > }
> > > >
> > > > (Obviously you can make up your own term matches however you need
> > > > to)
> > > >
> > > > Otherwise, the deny-all isn't really necessary since you logically
> > reject
> > > > them in the next stanza anyway. Policy routing on the Junos is quite
> > > > entertaining to think through how things are or are not matched!
> > > >
> > > >
> http://www.juniper.net/techpubs/software/junos/junos70/swconfig70-policy/htm
> l/policy-extend-match-config3.html#1094490
> > > >
> > > > It may simply be semantic differences in newer versions of Junos.
> > > > Like you said, you had older configs around!
> > > >
> > > > Cheers,
> > > >
> > > > Scott
> > > >
> > > > -----Original Message-----
> > > > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On
> > > > Behalf Of Steve Ohnmacht
> > > > Sent: Wednesday, May 18, 2005 7:17 PM
> > > > To: nenad pudar
> > > > Cc: ccielab@groupstudy.com
> > > > Subject: Re: Question for Juniper Config Expert
> > > >
> > > > It's been awhile since I've touched a juniper, but I'll take a
> > > > crack at this one... For junipers you would create a policy under
> > > > the policy-options section of the config, with your config below,
> > > > a juniper example would something like this:
> > > >
> > > > Take this for what it's worth no guarantees.... :) Also, with
> > > > junipers any route manipualtion is done via "JUNOS policies". I
> > > > had to look at some old configs i have saved for reference... HTH...
> > > >
> > > > policy-options {
> > > > as-path xxx-permit "^[0-9]+$"; <--- you may be able to
> > > > represent your regex with just an atom "."
> > > > as-path xxx-deny ".*";
> > > > policy-statement xxxx {
> > > > term permit {
> > > > from as-path xxx-permit;
> > > > then accept;
> > > > }
> > > > term deny {
> > > > from as-path xxx-deny;
> > > > then reject;
> > > > }
> > > > term deny-everything-else {
> > > > then reject;
> > > > }
> > > > }
> > > > }
> > > >
> > > >
> > > > On 5/18/05, nenad pudar <nenad.pudar@gmail.com> wrote:
> > > > > Hi
> > > > > I need to create generic filter list using regexp that will
> > > > > allow only routes from neighboring AS (+ eventually prepend from
> > > > > that
> > > > > AS)
> > > > >
> > > > > I am not looking for as-path from one specific AS but rather the
> > > > > generic filter list that can be applied for all existing and new
> > > > > bgp neighbors
> > > > >
> > > > > One of the way to configure this on Cisco router is ip as-path
> > > > > access-list xxx permit ^[0-9]+$ deny .*
> > > > >
> > > > >
> > > > > thanks
> > > > >
> > > > > nenad
> > > > >
> > > > > nenad
> > > > >
> > > > > ________________________________________________________________
> > > > > __ _____ Subscription information may be found at:
> > > > > http://www.groupstudy.com/list/CCIELab.html
> > > >
> > > > __________________________________________________________________
> > > > __ ___ Subscription information may be found at:
> > > > http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Fri Jun 03 2005 - 10:11:59 GMT-3