Mailing List Archive: As-path filtering via policy

As-path filtering via policy

Apr 12, 2003, 1:22 AM

Post #1 of 3 (1335 views)

Hi all. I am up late studying and perhaps I am not seeing this
correctly but here it goes:

I have a customer router, call it C1, its AS# is 11. Because I do not
have any other routers to advertise this route (among other things) so
that it shows up in my local router with a different as-path, I have it
configured to advertise the route 200.200.0.0/23 and ADD the as-path "99
66" before adding the local AS # which is 11. C1 also has other routes
being advertised to my local router whos AS path have not been modified.

My local router that is peering to C1 has the following policies and bgp
configuration:

[edit]
lab@SJ-R1#
policy-statement EBGP-Import-0 {
term Customer-AS-Only {
from as-path C1;
then next policy;
}
}
policy-statement EBGP-Import-1 {
<snip>

as-path C1 ".* 11";

[edit]
lab@SJ-R1# show protocols bgp
log-updown;
group Customer-Peer {
type external;
import [ EBGP-Import-0 EBGP-Import-1 ];
export EBGP-Export;
multipath;
neighbor 10.200.8.1 {
peer-as 11;
}
}

Now, I am trying to filter out any routes that do not originate in AS
11. I define the as-path for which I am filtering on but the end
results are not what I expect, here it is:

[edit]
lab@SJ-R1# run show route protocol bgp 200.200/23 detail

inet.0: 29 destinations, 29 routes (25 active, 0 holddown, 5 hidden)
+ = Active Route, - = Last Active, * = Both

200.200.0.0/23 (1 entry, 1 announced)
*BGP Preference: 170/-101<<<<<<< NOTICE THAT IT IS ACTIVE
Source: 10.200.8.1
Nexthop: 10.200.8.1 via fxp2.0, selected
State: <Active Ext>
Local AS: 77 Peer AS: 11
Age: 30:43
Task: BGP_11.10.200.8.1+1025
Announcement bits (3): 0-KRT 4-BGP.0.0.0.0+179 5-Resolve
inet.0
AS path: 11 99 66 I <<<<<<<< NOTICE THE AS-PATH
Communities: 77:200
Localpref: 100
Router ID: 192.168.0.1

[edit]
lab@SJ-R1#

So as you can see, the route is still being accepted. What am I doing
wrong?

Thanks,

Mario

As-path filtering via policy [ In reply to ]

cliff at juniper

Apr 12, 2003, 1:59 AM

Post #2 of 3 (1321 views)

Permalink

Mario,

Try adding a 'then reject' in your first policy

> lab@SJ-R1#
> policy-statement EBGP-Import-0 {
> term Customer-AS-Only {
> from as-path C1;
> then next policy;
> }
then reject <<<<<< or you can put this inside
another term
> }

Without this, the default action is 'accept', so any route that doesn't
match your from 'as-path C1' gets accepted.

Regards,
Cliff

> -----Original Message-----
> From: Junoguy [mailto:junoguy@earthlink.net]
> Sent: Friday, April 11, 2003 10:23 PM
> To: juniper-nsp@puck.nether.net
> Cc: juniper@groupstudy.com
> Subject: [j-nsp] As-path filtering via policy
>
>
> Hi all. I am up late studying and perhaps I am not seeing
> this correctly but here it goes:
>
> I have a customer router, call it C1, its AS# is 11. Because
> I do not have any other routers to advertise this route
> (among other things) so that it shows up in my local router
> with a different as-path, I have it configured to advertise
> the route 200.200.0.0/23 and ADD the as-path "99 66" before
> adding the local AS # which is 11. C1 also has other routes
> being advertised to my local router whos AS path have not
> been modified.
>
>
> My local router that is peering to C1 has the following
> policies and bgp
> configuration:
>
>
> [edit]
> lab@SJ-R1#
> policy-statement EBGP-Import-0 {
> term Customer-AS-Only {
> from as-path C1;
> then next policy;
> }
> }
> policy-statement EBGP-Import-1 {
> <snip>
>
> as-path C1 ".* 11";
>
>
>
> [edit]
> lab@SJ-R1# show protocols bgp
> log-updown;
> group Customer-Peer {
> type external;
> import [ EBGP-Import-0 EBGP-Import-1 ];
> export EBGP-Export;
> multipath;
> neighbor 10.200.8.1 {
> peer-as 11;
> }
> }
>
>
> Now, I am trying to filter out any routes that do not
> originate in AS 11. I define the as-path for which I am
> filtering on but the end results are not what I expect, here it is:
>
> [edit]
> lab@SJ-R1# run show route protocol bgp 200.200/23 detail
>
> inet.0: 29 destinations, 29 routes (25 active, 0 holddown, 5 hidden)
> + = Active Route, - = Last Active, * = Both
>
> 200.200.0.0/23 (1 entry, 1 announced)
> *BGP Preference: 170/-101<<<<<<< NOTICE THAT IT IS ACTIVE
> Source: 10.200.8.1
> Nexthop: 10.200.8.1 via fxp2.0, selected
> State: <Active Ext>
> Local AS: 77 Peer AS: 11
> Age: 30:43
> Task: BGP_11.10.200.8.1+1025
> Announcement bits (3): 0-KRT
> 4-BGP.0.0.0.0+179 5-Resolve inet.0
> AS path: 11 99 66 I <<<<<<<< NOTICE THE AS-PATH
> Communities: 77:200
> Localpref: 100
> Router ID: 192.168.0.1
>
>
>
> [edit]
> lab@SJ-R1#
>
>
>
> So as you can see, the route is still being accepted. What
> am I doing wrong?
>
>
> Thanks,
>
>
> Mario
>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp@puck.nether.net
> http://puck.nether.net/mailman/listinfo/junipe> r-nsp
>

As-path filtering via policy [ In reply to ]

gmartine at mafalda

Apr 13, 2003, 3:36 PM

Post #3 of 3 (1314 views)

Permalink

> > lab@SJ-R1#
> > policy-statement EBGP-Import-0 {
> > term Customer-AS-Only {
> > from as-path C1;
> > then next policy;
> > }
> then reject <<<<<< or you can put this inside
> another term
> > }
>
> Without this, the default action is 'accept', so any route that doesn't
> match your from 'as-path C1' gets accepted.

Basically the default import policy for EBGP learned routes is accept.

>
> Regards,
> Cliff