Hi Alex,
That looks like what I want, thanks!
Here's a brief test I tried:
Policy definitions:
as-path 3257_originate "^3257+.*";
policy-statement as_3257_import {
term gtt {
from {
protocol bgp;
as-path 3257_originate;
}
then accept;
}
term reject-all {
then reject;
}
}
policy-statement as_3257_import-test {
term gtt {
from {
protocol bgp;
as-path 3257_originate;
as-path-unique-count 2 orlower;
}
then accept;
}
term reject-all {
then reject;
}
}
This route has 3 unique AS hops and includes prepending, it should pass the
as_3257_import policy, but fail the as_3257_import-test policy
# run show route 1.32.208.0/24
inet.0: 760463 destinations, 1010435 routes (760460 active, 2 holddown, 1
hidden)
Restart Complete
+ = Active Route, - = Last Active, * = Both
1.32.208.0/24 *[BGP/170] 1d 19:59:15, MED 1347, localpref 100
AS path: 3257 7473 7473 7473 64050 64050 I,
validation-state: unverified
As expected, the route passes as_3257_import policy test. This policy is
not using the as-path-unique-count configuration knob:
# run test policy as_3257_import 1.32.208.0/24
inet.0: 760502 destinations, 1010269 routes (760495 active, 6 holddown, 1
hidden)
Restart Complete
+ = Active Route, - = Last Active, * = Both
1.32.208.0/24 *[BGP/170] 1d 20:02:52, MED 1347, localpref 100
AS path: 3257 7473 7473 7473 64050 64050 I,
validation-state: unverified
Policy as_3257_import: 1 prefix accepted, 0 prefix rejected
As expected, the same route fails the test using the policy that includes
the as-path-unique-count knob with value 2 orlower. The route has too many
unique AS hops:
# run test policy as_3257_import-test 1.32.208.0/24
Policy as_3257_import-test: 0 prefix accepted, 1 prefix rejected
Now we update unique count to 3:
policy-statement as_3257_import-test {
term gtt {
from {
protocol bgp;
as-path 3257_originate;
as-path-unique-count 3 orlower;
}
then accept;
}
term reject-all {
then reject;
}
}
Now the test policy succeeds as expected:
# run test policy as_3257_import-test 1.32.208.0/24
inet.0: 760500 destinations, 1010273 routes (760405 active, 94 holddown, 1
hidden)
Restart Complete
+ = Active Route, - = Last Active, * = Both
1.32.208.0/24 *[BGP/170] 1d 20:03:02, MED 1347, localpref 100
AS path: 3257 7473 7473 7473 64050 64050 I,
validation-state: unverified
Policy as_3257_import-test: 1 prefix accepted, 0 prefix rejected
kind regards,
-andy
On Thu, Sep 12, 2019 at 9:20 PM Alexander Arseniev <arseniev@btinternet.com>
wrote:
> Hello,
>
> Does this help?
>
>
> https://www.juniper.net/documentation/en_US/junos/information-products/topic-collections/release-notes/16.1/m-mx-t-series-toc.html
> <https://www.juniper.net/documentation/en_US/junos/information-products/topic-collections/release-notes/16.1/m-mx-t-series-toc.html#jd0e11155>
>
> Support for unique AS path count ( MX Series)—Starting with Junos OS
> Release 16.1R4, you can configure a routing policy to determine the number
> of unique autonomous systems (ASs) present in the AS path. The unique AS
> path count helps determine whether a given AS is present in the AS path
> multiple times, typically as prepended ASs. In earlier Junos releases it
> was not possible to implement this counting behavior using the as-path regular
> expression policy. This feature permits the user to configure a policy
> based on the number of AS hops between the route originator and receiver.
> This feature ignores ASs in the as-path that are confederation ASs, such
> as confed_seq and confed_set.
>
> To configure AS path count, include the as-path-unique-count count (equal
> | orhigher | orlower) configuration statement at the [edit policy-options
> policy-statement policy_name from] hierarchy level.
>
>
> Thanks
>
> Alex
>
>
> On 13/09/2019 00:18, Andy Litzinger wrote:
>
> Hi All,
> I thought this would be in a cookbook somewhere but I can't find it. Is
> there a way to write an as-path regex so it will match a providers ASN
> (e.g. 1234) one or more times and then 1 or 2 more ASNs zero or more
> times? I'm hoping to be able to account for AS prepending.
>
> I'm an Enterprise network and one of my upstream ISPs is sending me full
> routes + default. I want to filter the routes down to networks that are
> directly connected or at most 2 hops away from my ISP, but also allow for
> AS prepending. It's the prepending that is tripping me up or else I think
> this would suffice: "^1234+ .{0,2}"
>
> I think with cisco you can do this with backreferences, but Junos doesn't
> seem to support those.
>
> TIA,
> -andy
> _______________________________________________
> juniper-nsp mailing list juniper-nsp@puck.nether.nethttps://puck.nether.net/mailman/listinfo/juniper-nsp
>
>
_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
