Routing
Reply
Super Contributor
davidjdv
Posts: 113
Registered: ‎02-26-2008
0

Re: Blocking local routes advertised to BGP

OK - but I suppose that no routes are advertised at all now (since the EBGP group is inactive) :smileywink:

You can double-check this with the 'show route advertising-protocol bgp ...' commands described above.

 

Please let us know exactly what you want to advertise (and/or block) and we can help you with the config.

 

Cheers,

/david 

Contributor
PeteW
Posts: 17
Registered: ‎12-22-2008
0

Re: Blocking local routes advertised to BGP

Yep, thats ok and I appreciate that there are no routes advertised currently. It alleviates the current problem until we can work out the routes that "should" be advertised via iBGP.

 

Pete 

 

 

Recognized Expert
erdems
Posts: 191
Registered: ‎12-30-2008
0

Re: Blocking local routes advertised to BGP

Hi PeteW,

 

 As David pointed out, you may want to alter your import/export policies to cover 'safety' mechanisms

as the first couple of terms, like the following example:

 

policy-statement ebgp-export {
    term no-small-prefixes {
        from {
            route-filter 0.0.0.0/0 prefix-length-range /25-/32;
        }
        then reject;
    }
    term no-martians {
        from {
            route-filter 0.0.0.0/8 orlonger;
            route-filter 10.0.0.0/8 orlonger;
            route-filter 127.0.0.0/8 orlonger;
            route-filter 169.254.0.0/16 orlonger;
            route-filter 172.16.0.0/12 orlonger;
            route-filter 192.0.2.0/24 orlonger;
            route-filter 192.168.0.0/16 orlonger;
            route-filter 198.18.0.0/15 orlonger;
            route-filter 224.0.0.0/3 orlonger;
        }
        then reject;
    }
    term no-privates {
        from as-path private;
        then reject;
    }
    term accepted-prefixes { ## <<< this is where you start 'accepting'

       then accept;
    }
}

 

Applying similar import policies to your ebgp sessions (e.g. start with rejecting the 'usual suspects' then accept what you want later) might be a good idea as well.

 

I had read somewhere that paranoia was one's best friend while configuring BGP, and I still do believe that :-)

 

Cheers,

Erdem

____________________________________________
If you think your question's answered, please
mark the respective post as "Accepted Solution".

Kudos are an excellent way of showing appreciation, too.
Contributor
PeteW
Posts: 17
Registered: ‎12-22-2008
0

Re: Blocking local routes advertised to BGP

Many thanks for your assistance guys, the issue is now resolved and all appropriate routes are being advertised :smileywink:
Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.