06-junos bgp and policy

8/10/2019 06-Junos Bgp and Policy

1/99

JUNOS BGP and Policy


2/99

JUNOS BGP Basics and Policy This Presentation will show examples of BGP Policies

covering: BGP Show Commands

BGP Tracing

Juniper BGP Policy Basics

Import/Export Policies

Route Reflectors

Juniper Networks, Inc. Copyright 2000 - Proprietary & Confidential 2

Local Preference MED

Communities

Next Hop Self

AS Path Regular Expressions

Route-filters

Prefix Lists

Test and View Policies


3/99

Juniper Default Route Preference

Values

Route Source Default Preference

direct /local 0

Static 5RSVP 7

LDP 9


OSPF internal route 10IS-IS Level 1 15

IS-IS Level 2 18

Redirects 30

Generated or aggregate 130

OSPF AS external routes 150

BGP 170


4/99

Cisco Default Administrative Distances

Route Source Default Preference

Connected interface 0

Static route 1External BGP 20

EIGRP (internal) 90


OSPF 110

ISIS 115

RIP 120

EGP 140

EIGRP (external) 170

Internal BGP 200

Unknown 255


5/99

BGP Route Selection Process (Juniper) Can the BGP next-hop (BNH) be reached?

If Yes, proceed

If No, stop processing

Prefer the path with the higher local preference.

Prefer the path with the shorter AS path.

Prefer the path with lower Origin code.


.

Prefer paths learned via EBGP over routes via IBGP

Prefer the path with the lower IGP metric to BGP next-hop

Prefer paths where BNH is resolved in inet.3 over inet.0

Prefer paths where BNH has greater number of equal costpaths

Prefer paths with the shortest cluster-List length

Prefer the path with lower router ID (RID)

Prefer the path with the lower peer IP address.


6/99

BGP Soft configuration

Default on Juniper

Must be turned on for Cisco



7/99

BGP Show Commands



8/99

Show BGP Routesuser@host> show route protocol bgp ?

Possible completions:

Execute this command

Destination prefix and mask information

advertising-protocol Information transmitted by a particular routingprotocol

aspath-regex Entries learned via a specific AS path

best Show longest match

brief Brief view

community List of communities to match, including wildcards

damped Entries that have been suppressed due to route


detail Detailed viewexact Show exact match

extensive Extensive view

inactive Inactive entries

next-hop Entries pointing to a particular next hop

output Entries sending packets out a particular interface

range Show entire prefix range

receive-protocol Information learned from a particular routing

protocolsource-gateway Entries learned from a particular router

table Entries in a particular routing table

terse Terse view


9/99

BGP Information Several commands display a wide variety of BGP

information either from the protocol itself or from

BGP routes

user@host> show bgp ?

Possible com letions:


group Show the BGP group databaseneighbor Show the BGP neighbor database

summary Show an overview of the BGP

information


10/99

Show BGP Neighboruser@host> show bgp neighbor

Peer: 11.1.1.2+179 AS 29 Local: 11.1.1.1+1048 AS 29

Type: Internal State: Established Flags:

Last State: OpenConfirm Last Event: RecvKeepAlive

Last Error: None

Options: Holdtime: 90 Preference: 170

Number of flaps: 1

Error: "Cease" Sent: 1 Recv: 0

Peer ID: 11.1.1.2 Local ID: 0.0.0.0 Active Holdtime: 90

NLRI advertised by peer: unicast

NLRI for this session: unicast


Group B t: Sen state: n sync

Table inet.0Active Prefixes: 0

Received Prefixes: 0

Suppressed due to damping: 0

Table inet.2

Active Prefixes: 0

Received Prefixes: 0

Suppressed due to damping: 0

Last traffic (seconds): Received 25 Sent 21 Checked 21Input messages: Total 4143 Updates 0 Octets 78717

Output messages: Total 4156 Updates 10 Octets 79303

Output Queue[0]: 0

Output Queue[1]: 0


11/99

Show BGP Summary show bgp summary

View basic information about all BGP neighbors

user@host> show bgp summaryGroups: 12 Peers: 26 Unestablished peers: 2

Peer AS InPkt OutPkt OutQ Flaps Last Up/Dn State|#Act/Recv/Da

131.103.0.2 45 1225 55263 50511 0 18:22:14 47769/50591/0

192.168.1.1 33 911 0 0 0 18:22:27 Active

192.168.1.97 23 10458 2201 41043 0 18:22:03 0/0/0


. . .

InPkt Number of packets received from the peer.

OutPkt Number of packets sent to the peer.

OutQ Count of the number of BGP packets that are queued to be transmitted to a particular neighbor. It normally

is 0 because the queue usually is emptied quickly.

Last Up/Down time since the neighbor transitioned to or from the established state.


12/99

Show BGP Next Hopjuniper@R1> show route table inet.0 hidden detail

inet.0: 20 destinations, 20 routes (18 active, 0 holddown, 2 hidden)

+ = Active Route, - = Last Active, * = Both

10.1.0.0/32 (1 entry, 0 announced)

BGP Preference: 170/-101

Next hop type: Unusable

State:

Local AS: 65501 Peer AS: 65501

Age: 24:23 Metric2: 0

Task: BGP_65501.192.168.254.4+179


BGP next hop: 172.16.1.2

Localpref: 100

Router ID: 192.168.254.4

10.2.0.0/32 (1 entry, 0 announced)

BGP Preference: 170/-101

Next hop type: Unusable

State:


Age: 24:23 Metric2: 0

Task: BGP_65501.192.168.254.4+179

AS path: 65520 I


Localpref: 100

Router ID: 192.168.254.4


13/99

Show BGP Routes show route receive-protocolbgp

Look at routes received by a peer beforepolicy is

applieduser@host> show route receive-protocol bgp 11.1.1.1


Prefix Nexthop MED Lclpref AS path

10.0.0.0/8 11.1.1.1 100 I


. . . . . .

show route advertising-protocolbgp Look at routes being advertised to a specific peer

user@host> show route advertising-protocol bgp 11.1.1.2


Prefix Nexthop MED Lclpref AS path

10.0.0.0/8 Self 100 I

172.16.0.0/12 Self 100 I


14/99

Looking at Specific Routes show route extensive

Look at specific entries in the routing table

user@host> show route 172.16.0.0 extensiveinet.0: 6 destinations, 6 routes (5 active, 0 holddown, 1 hidden)

+ = Active Route, - = Last Active, * = Both

172.16.0.0/12 (1 entry, 1 announced)

TSI:

BGP_Sync_Any dest 172.16.0.0/12 MED 0


*BGP Preference: 170/-101

Nexthop: 11.1.1.1 via fxp0.0, selected

State:


Age: 1d 9:46:54 Metric2: 0

Task: BGP_29.11.1.1.1+1048

Announcement bits (2): 0-KRT 2-BGP_Sync_Any

AS path: I


Localpref: 100

Router ID: 172.18.1.1


15/99

BGP Tracing



16/99

General Tracing Tracing for each software feature shares similar

configuration

[edit feature-name]

user@host# show

traceoptions {

file filename [replace] [size size] [files number] [no-stamp];


flag flag [flag-modifier] [disable];

}

Each feature allows tracing to only one file

You can trace multiple options (flags) to each file


17/99

General Tracing General Flags

allAll tracing operations

generalAll normal operations and routing table changes (combination

of normal and route)normalAll normal operations

policyRouting policy operations and actions

routeRouting table changes


taskInterface transactions and processingtimerTimer usage

ModifiersdetailDetailed trace information

receivePackets being receivedsendPackets being transmitted


18/99

BGP Tracing Configuration parameters for tracing under BGP

[edit protocols bgp]

user@host# showtraceoptions {

file filename [replace] [size size] [files number] [no-stamp];

flag flag [flag-modifier] [disable];

}



19/99

Trace Flags for BGP[edit protocols bgp traceoptions]

user@host# set flag ?

Possible completions:

all Trace everythingaspath Trace aspath regular expression operations

damping Trace damping operations

general Trace general events

keepalive Trace BGP keepalive events


normal Trace normal events

open Trace BGP open packets

packets Trace all BGP protocol packets

policy Trace policy processing

route Trace routing information

state Trace state transitions

task Trace routing protocol task processing

timer Trace routing protocol timer processing

update Trace BGP update packets


20/99

BGP Tracing Example[edit protocols]

user@host# show

bgp {

damping;

traceoptions {

file BGP-Events;

flag normal;

}

rou external {


type external;

peer-as 54;

neighbor 11.1.1.1 {

traceoptions {

file problem-neighbor;

flag damping detail;

}}

}

}


21/99

View Logs and Traces By default, trace files are stored in /var/log

Viewing stored log files

user@host> show log

total 5778

-rw-r--r-- 1 root bin 1429 Feb 25 10:11 BGP-Events

-rw-r--r-- 1 root bin 17734 Feb 17 17:26 bgp.log


- - -- -- -

-rw-r--r-- 1 root bin 486 Feb 25 10:11 critical-rw-r--r-- 1 root bin 793495 Feb 25 10:11 dcd

-rw-r--r-- 1 root bin 999987 Feb 2 09:55 dcd.0

-rw-r--r-- 1 root bin 999956 Jan 15 11:35 dcd.1

-rw-r--r-- 1 root bin 41217 Feb 25 10:51 general-routing

-rw-rw-r-- 1 root wheel 56056 Feb 25 10:11 lastlog

-rw-rw-r-- 1 root wheel 20519 Jan 8 10:18 messages

-rw-r--r-- 1 root bin 4095 Feb 25 10:05 ospf-log

-rw-r--r-- 1 root bin 438 Feb 25 10:05 problem-neighbor


22/99

View Logs and Traces View a specific log

user@host> show log filename

Exampleuser@host> show log dcdFeb 25 10:06:13 Test /kernel: fxp0: link down

Feb 25 10:06:20 Test /kernel: fxp1: link up, speed = 10000000,

linktype = 1


, ,= 0x1e1,

prtnr = 0x21, expan = 0x0, exten = 0x400

Feb 25 10:11:08 Test /kernel: fxp1: link down

Feb 25 10:11:10 Test /kernel: fxp0: link up, speed = 10000000,linktype = 1

Feb 25 10:11:10 Test /kernel: fxp0: bmcr = 0x1000, status = 0x782d, ad

= 0x1e1,

prtnr = 0x21, expan = 0x0, exten = 0x400

[additional information]


23/99

Monitor Traces Use themonitor CLI command to view real-time log

information

user@host>monitor (start | stop) filenames

Shows new entries in monitored files until canceled


Like Unix tail -f


24/99

Monitor Example

user@host>monitor start system-log

*** system-log***

Jul 20 15:07:34 hang sshd[5845]: log: Generating 768 bit RSA key.

Jul 20 15:07:35 hang sshd[5845]: log: RSA key generation complete.

Jul 20 15:07:35 hang sshd[5845]: log: Connection from 204.69.248.180 port 912

Jul 20 15:07:37 hang sshd[5845]: log: RSA authentication for root accepted.


Jul 20 15:07:37 hang sshd[5845]: log: ROOT LOGIN as 'root' from snowcone.jimbo.com

Jul 20 15:07:37 hang sshd[5847]: log: executing remote command as root: scp -t /tmp

Jul 20 15:07:37 hang sshd[5845]: log: Closing connection to 14.32.69.5


25/99

Delete Traces To stop a tracing operation, delete the trace flag

or disable it

[edit protocols bgp traceoptions]

user@host# delete flag open



26/99

Establish EBGP and IBGP peers



27/99

Establish BGP Peers

EBGP Peering


AS 100SmallNet

AS 200BigNet

172.1.1.1 172.1.1.2


28/99

Establish EBGP peers EBGP Example:

routing-options {

router-id 1.1.1.1;

autonomous-system 100;

}

protocols {


bgp {

group AS200 {

type external;

description "EBGP Peer to BIGNET - AS200";

peer-as 200;

neighbor 172.1.1.2;

}}

}


29/99

Establish EBGP peers EBGP Example:

routing-options {

router-id 2.2.2.2;

autonomous-system 200;

}

protocols {


bgp {

group AS100 {

type external;

description "EBGP Peer to SmallNet AS100";

peer-as 100;

neighbor 172.1.1.1;

}}

}


30/99

Establish iBGP Peers


IBGP Peering

AS 100


31/99

Local-address Address to establish and accept TCP sessions from a peer

Without local-address, the TCP connection is sourced fromthe physical interface

Just like Ciscos update-source loopback0

protocols {

bgp {


group InternalPeers {

type internal;

local-address 1.1.1.1;

neighbor 2.2.2.2;

neighbor 3.3.3.3;

neighbor 4.4.4.4;

neighbor 5.5.5.5;

}

}

}


32/99

Establish IBGP peers IBGP Example:

routing-options {

router-id 1.1.1.1;autonomous-system 100;

}

protocols {


group InternalPeers {type internal;


neighbor 2.2.2.2;

neighbor 3.3.3.3;

neighbor 4.4.4.4;neighbor 5.5.5.5;

}

}

}


33/99

JUNOS BGP Policy Basics



34/99

When to Apply PolicyYou do not want to importall learned routes into

the routing table

You do not want to advertiseall learned routes toneighboring routers


You want one protocol to receive routes fromanother protocol (redistribution)

You want to modify information (attributes)associated with a route


35/99

JUNOS BGP Route Advertisement JUNOS software default BGP

advertisement rules

Active routes only

All BGP learned routes (except IBGP rule)

Advertise-inactive knob available


Export policies needed toAdvertise static routes

Advertise aggregate routes

Advertise default route

Redistribute other routes to BGP


36/99

BGP Default Policy BGP

Import

All routes learned from BGP neighbors Export

Transmit all routes learned from BGP neighbors to all BGPneighbors


Only active routes can be exported


37/99

Import vs Export Import Policy

Apply an import routing policy to control the routes that

the routing protocol process uses to determine activeroutes.

Affect routes that BGP receives froma neighbor.


Export Policy Apply an export routing policy to control the routes that

a BGP advertises toits neighbors.


38/99

Import vs Export

Neighbors

Routingtable

Neighbors

ImportRoutes Routes

Export


Protocol

Forwardingtable

Protocol

PFE


39/99

Applying Policy BGP global filter syntax

protocols {bgp {

export [policy-list ];

import [policy-list ];


}}


40/99

Import Policy Use Example:

protocols {

bgp {

group SomeRegional.ISP {

type external;


multihop;

import customer-routes;

peer-as 500;

neighbor 6.6.6.6;}

}

}


41/99

Export Policy Use Example:

protocols {

bgp {


group Internal-Peers {


type internal;

export nexthopself;

neighbor 2.2.2.2;

neighbor 1.1.1.1;

neighbor 9.9.9.9;


42/99

You can have both Import/Exportprotocols {

bgp {


group Some-Customer {

import customer-routes;

export advertise-policy;


type external;

neighbor 2.2.2.2;

neighbor 1.1.1.1;

neighbor 9.9.9.9;}

}}


43/99

Configuring Policy Policies are made up of terms

Terms are made up of match conditions and

actions Match conditions can be split into from and to

parts


PolicyPolicy

TermTerm

MatchMatchconditioncondition

ActionAction

TermTerm

MatchMatchconditioncondition

ActionAction


44/99

Basic Policy syntaxpolicy-options {

policy-statementpolicy-name{term term-name{

from {match-conditions;

}


t en

action;}

}final-action;

}}


45/99

Match Conditions General

Route metrics

Metric

Preference

Color

Interface name


Neighbor address Next-hop address

Protocol

bgp, direct, dvmrp, isis, local, mpls, ospf,

pim-dense, pim-sparse, rip, static, aggregate


46/99

Match Conditions Some match conditions are protocol specific

OSPF Area ID, external type

Tag and tag2 fields


Level number BGP

Autonomous system path (AS path)

Community name

Local preference Origin


47/99

Match Actions Modify

Metric

(protocol specific) Preference

(global routing preference)


Next-hop address


48/99

Match Actions Modify

OSPF

Type 1 or type 2 external link advertisement Tag and tag2 fields

BGP

Pre end AS ath


Add, delete, or set community Change route damping parameters

Change local preference value

Change protocol origin


49/99

Policy Match Actions Terminate

Accept route

Reject (or suppress) route

Flow Control

Skip to next policy


Skip to next term

Trace

Log the match to a trace file, continue processingterm


50/99

Policy Match Examplepolicy-statement advertise-policy {

term advertise {

from community transit;then next policy;

}


erm ca c -a

then reject;

}


51/99

Policy Terms Policies contain collections of terms

Terms contain a condition and an action to

apply to each route


Route Term

Accept

Reject

Term

Accept

Reject

...Lastterm

Nextpolicy

Accept

Reject


52/99

Policy Terms Example:

policy-statement advertise-policy {

term advertise {from community transit;

then accept;


term do-not-advertise {from community Tier-1;

then reject;

}

term catch-all {then reject;

}


53/99

Chained Policies Policies can be chained together to increase their

effectiveness

Accept Accept Accept Accept


Route Policy

Reject

Policy

Reject

... Lastpolicy Defaultpolicy

Reject Reject


54/99

Chained Policies Example:

protocols {

bgp {

group Regional.ISP.AS47 {

type external;

multihop;


import [martian-filter long-prefix-filter as-47-filter ];

peer-as 500;

neighbor 6.6.6.6;

Policies are done sequentially.


55/99

BGP Filtering points

BGP has three filtering points

Global Groups of neighbors


Neighbor policy overrides group and global policies

Group policy overrides global policy


56/99


protocols {

bgp {

export nexthopself1;




neighbor 2.2.2.2;neighbor 1.1.1.1;

neighbor 9.9.9.9;}

}}


57/99


58/99


protocols {

bgp {



type internal;


. . .

neighbor 1.1.1.1;export nexthopself3;

neighbor 9.9.9.9;}

}}


59/99


protocols {

bgp {



export nexthopself;

type internal;


ne g or . . . ;

neighbor 1.1.1.1;export localpref;


60/99

Advertising Networks


d i i k


61/99

Advertising Networks

A network that resides within an AS is saidto originate from that network. To inform

other ASs about its networks, the ASadvertises them. BGP provides three ways


originates: Redistributing Dynamic Routes

Redistributing Static Routes

Redistributing Aggregates

R di t ib ti D i R t


62/99

Redistributing Dynamic Routes

protocols {

bgp {

group peer-to-someNET {

export redistribute-ospf;

peer-as 9999;neighbor 23.43.12.16;

}

}

}


policy-options {

policy-statement redistribute-ospf {from {

protocol ospf;

}

then accept;

}

}

BAD BAD BAD BAD


63/99

C t th t ti t


64/99

Create the static route

routing-options {

static {

route 9.0.0.0/8 discard;

}

}


Reject

Drop packets to destination; send ICMP unreachables

Discard Drop packets to destination; send no ICMP unreachables

Create a policy


65/99

Create a policy

policy-options {

policy-statement redistribute-static {

from {

protocol static;

route-filter 9.0.0.0/8 exact;


then accept;}

}

Export the policy


66/99

Export the policy

protocols {

bgp {

group peer-to-BIGNET {

export redistribute-static;

peer-as 9999;


}}

}

The whole config


67/99

The whole config

routing-options {

static {

route 9.0.0.0/8 discard;

}

}protocols {

bgp {


ex ort redistribute-static;


peer-as 9999;

neighbor 23.43.12.16;}

}

}

policy-options {

policy-statement redistribute-static {

from {protocol static;


}

then accept;

}

}

Redistributing Aggregate Routes


68/99


Route aggregation allows you to combinegroups of routes with common addresses

into a single entry in the routing table.


s ecreases e s ze o e rou ng a e

as well as the number of routeadvertisements sent by the router.



69/99


An aggregate route becomes active when ithas one or more contributing routes.

A contributing route is an active route that


s a more spec c ma c or e aggrega e

destination.



70/99


routing-options {

aggregate {

route 9.0.0.0/8;

}

}protocols {

bgp {


ex ort redistribute-a re ates;


peer-as 9999;

neighbor 23.43.12.16;}

}

}

policy-options {

policy-statement redistribute-aggregates {

from {protocol aggregate;


}

then accept;

}

}

Route Filter


71/99

Route Filter


Route Filter


72/99

Route Filter

To specify route prefixes in policies, include oneor more route-filter options in the from statementof the policy-statement statement

Multiple route filters in a single term


Route Filters


73/99

Route Filters

[]

term term-name {

from {route-filterprefix/prefix-length match-type ;

[]

}

;


[]

Match type can be

Exact, orlonger, longer, upto, through

Multiple route filters in a single term

Evaluation of route filters has special rules

Route Filter Example 1


74/99


Create the Policy on the gateway routerpolicy-options {

policy-statementAS600customer-routes {

term routes-to-accept {

from {

protocol BGP;


-Logical



route-filter 4.0.0.0/8 exact;}

then accept;

}

term reject-routes {

then reject;}

function



75/99


Apply the policy on the gateway routerprotocols {

bgp {

group As600Regional.ISP {type external;

multihop;

-


peer-as 500;

neighbor 6.6.6.6;

Route Filter Match Action


76/99


term term-name {

from {

route-filter dest-prefix match-type;

route-filter dest-prefix match-type;[]

}

then


}

If the route matches the filter and an action isspecified, it takes effect immediately and the

then portion of the term is ignored

If one or more patterns match and no action isspecified, the then portion is executed



77/99

term term-name {

from {

route-filter dest-prefix match-type ;



[]

}

Logical

ORfunction


;

}

Multiple filters with similar prefixes match the longestprefix

Action associated with longest filter is performed



78/99

p

Create the Policy on the gateway routerpolicy-options {

policy-statementAS600customer-routes {


from {

protocol BGP;

route-filter 1.0.0.0/8 exact reject;

-



route-filter 4.0.0.0/8 exact;}

then accept;

}

term reject-routes {

then reject;}

Match Typesexact


79/99

Exactly match a single prefix and prefix length

term sample {


from route-filter 192.168/16 exact;

then accept;}

Includes192.168.0.0/16

ExcludesEverything else

Match Typesorlonger


80/99

Greater than or equal to

Match a range of routes having themost-significant bits in common as described by the prefix

length

term sample {


from route-filter 192.168/16 orlonger;

then accept;}

Includes192.168.0.0/16 192.168.12.4/30

192.168.0.0/17 192.168.12.128/32

192.168.4.0/24

Excludes192.0.0.0/8 192.169.1.0/24

192.170.0.0/16

Match Typeslonger


81/99

Match a range of routes having themost-significant bits in common as described bythe prefix length, except the exact match

Greater than

term sample {


from route-filter 192.168/16 longer;

then accept;}

Includes192.168.12.4/30

192.168.0.0/17 192.168.12.128/32

192.168.4.0/24

Excludes192.0.0.0/8 192.169.1.0/24

192.170.0.0/16 192.168.0.0/16

Match Typesupto


82/99

Match a range of routes having themost-significant bits in common as described by the firstprefix length, but not exceeding the second prefix length

term sample {


from route-filter 192.168/16 upto /24;

then accept;}

Includes192.168.0.0/16

192.168.0.0/17

192.168.4.0/24

Excludes192.0.0.0/8 192.169.1.0/24

192.170.0.0/16 192.168.5.4/30

192.168.12.128/32

Match Typesthrough


83/99

Match a contiguous set of routes from the firstprefix-prefix length pair to the secondprefix-prefix length pair

Not used very oftencovers a corner case

term sample {


from route-filter 192.168/16 through 192.168.16/20;

then accept;}

Includes192.168.0.0/16 192.168.0.0/19

192.168.0.0/17 192.168.16.0/20

192.168.0.0/18

Excludes192.168.128.0/17 192.168.0.0/20

192.168.192.0/18

192.168.224.0/19



84/99

This policy will reject routes with a destination prefix of 0.0.0.0and a mask length from 0 through 8, and accept all other routes:

[edit]

policy-options {

policy-statement from-hall2 {

term 1 {


from {

route-filter 0.0.0.0/0 upto 0.0.0.0/8 reject;}

}

then accept;



85/99

Reject all unwanted routes (Martians):

policy-options {

policy-statement reject-unwanted-routes {

term drop-bogus-routes {

from {

route-filter 0/0 exact; # Default


route- ter or onger; oop ac s

route-filter 10/8 orlonger; # Reserved A block

route-filter 172.16/12 orlonger; # Reserved B block

route-filter 192.168/16 orlonger; # Reserved C block

route-filter 224/4 orlonger; # Multicast

route-filter 192.0/16 orlonger; # IANA reserved-2

}

then reject;


86/99

Prefix List


87/99

You can define and name a set of IP addressprefixes and use them in the configuration forrouting policy statements and firewall filters.

Note: Per-prefix policy actions cannot be applied


to individual prefixes in the list or to the collection

of prefixes in the list. It is all or nothing.

Prefix List Example


88/99

Create the named prefix list

[edit policy-options]

prefix-list ISP1-acceptable-routes {

1.0.0.0/8;

2.0.0.0/8;


. . .

}

Prefix List Example


89/99

Use the named prefix list in a policypolicy-statement customer-routes {


from {prefix-list ISP1-acceptable-routes;

}


then accept;

}term reject-routes {

then reject;

}

then next policy;

Route Reflectors


90/99


BGP Route Reflection (example)


91/99

Route Reflection

Non-clientpeers


IBGP Peering

RouteReflectors

Reflector

Clients

Reflector

Clients

Cluster2.2.2.2

Cluster1.1.1.1


92/99

no-client-reflect


93/99

RouteReflector

Non-clientpeers

Non-clientpeers

Clients are fully


IBGP Peering

RouteReflectorClients



es e

Cluster1.1.1.1

no-client-reflect


94/99

protocols {

bgp {

export static-to-bgp;

group ibgp {

type internal;

local-address 2.2.2.2;peer-as 100;

neighbor 5.5.5.5;

}


group rrc uster

type internal;

local-address 2.2.2.2;no-client-reflect;

cluster 192.128.1.1;

peer-as 100;

neighbor 1.1.1.1;

neighbor 3.3.3.3;

}

}



95/99




96/99

Test how policies respond to individual prefixes

Not all match conditions are supported Generally useful for matching route

filter-style policies


to protocol xxxcanno e eva ua e an a ways

passes

Default protocol policies are not evaluated



97/99

Given the policypolicy-options {

policy-statement lab-routes {

from {

route-filter default exact reject;route-filter 10.0.0.0/8 orlonger accept;

route-filter 192.0.2.0/24 orlonger accept;

}


then reject;

}

}

Test it against all routes in tableuser@host# run test policy lab-routes 0.0.0.0/0

Test it against a specific route

user@host# run test policy lab-routes 10.49.0.0/16



98/99

Use the show policy command to view each

policyuser@host> show policy

Configured policies:

lab-routes

user@host> show policy lab-routes

Policy lab-routes:


from

0.0.0.0/0 reject

10.0.0.0/8 orlonger accept192.0.2.0/24 orlonger accept

then reject

user@host>


99/99

Thank you!

06-junos bgp and policy

Documents