Hi all,
I'm trying to get some BGP community based policies working on Olives and have problems with communities being dropped at the AS border.
The example topology (attached) consists of two ASes (1 and 2).
Routers R3 and R4 set the BGP communities (2:400 and 2:700 accordingly) on egress sessions.
Router R2 sets the additive community 2:500 to everything it learns from iBGP.
Now the problem is, R2 doesn't readvertise those communities to R1, though has everything in its routing table.
R1's config is as following:
routing-options {
router-id 10.0.0.1;
autonomous-system 1;
}
protocols {
bgp {
export advert;
group as2 {
type external;
peer-as 2;
neighbor 10.0.6.2;
}
}
ospf {
area 0.0.0.0 {
interface lo0.0 {
passive;
}
interface em1.0 {
passive;
}
}
}
}
policy-options {
prefix-list em0 {
10.254.100.0/24;
}
policy-statement advert {
term 1 {
from protocol [ local direct static ];
then {
community + 300;
next term;
}
}
term 2 {
from {
prefix-list-filter em0 exact reject;
}
}
then accept;
}
community 300 members 1:300;
}
R2 is configured as this:
routing-options {
router-id 10.0.0.5;
autonomous-system 2;
}
protocols {
bgp {
group as1 {
type external;
export export;
neighbor 10.0.6.1 {
local-address 10.0.6.2;
peer-as 1;
}
}
group mesh {
type internal;
local-address 10.0.0.5;
import adverts;
peer-as 2;
neighbor 10.0.0.6;
neighbor 10.0.0.7;
}
}
ospf {
area 0.0.0.0 {
interface lo0.0 {
passive;
}
interface em1.0 {
passive;
}
interface em3.0;
interface em4.0;
}
}
}
policy-options {
policy-statement adverts {
then {
community add 500;
accept;
}
}
policy-statement export {
then accept;
}
community 500 members 2:500;
community wildcard members *:*;
}
when I check the communities on R2 I get this:
root@R2> show route community 2:400
inet.0: 24 destinations, 46 routes (24 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
10.0.0.7/32 [BGP/170] 15:37:03, localpref 100, from 10.0.0.7
AS path: I
> to 10.0.8.2 via em5.0
10.0.8.0/24 [BGP/170] 15:37:03, localpref 100, from 10.0.0.7
AS path: I
> to 10.0.8.2 via em5.0
10.254.100.0/24 [BGP/170] 15:37:03, localpref 100, from 10.0.0.7
AS path: I
> to 10.0.8.2 via em5.0
which are the routes from R3 and this:
root@R2> show route community 2:500
inet.0: 24 destinations, 46 routes (24 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
10.0.0.6/32 [BGP/170] 15:38:38, localpref 100, from 10.0.0.6
AS path: I
> to 10.0.7.2 via em4.0
10.0.0.7/32 [BGP/170] 15:38:38, localpref 100, from 10.0.0.7
AS path: I
> to 10.0.8.2 via em5.0
10.0.0.10/32 [BGP/170] 15:38:38, localpref 100, from 10.0.0.10
AS path: I
> to 10.0.7.2 via em4.0
10.0.7.0/24 [BGP/170] 15:38:38, localpref 100, from 10.0.0.6
AS path: I
> to 10.0.7.2 via em4.0
10.0.8.0/24 [BGP/170] 15:38:38, localpref 100, from 10.0.0.7
AS path: I
> to 10.0.8.2 via em5.0
10.0.10.0/24 [BGP/170] 15:38:38, localpref 100, from 10.0.0.6
AS path: I
> to 10.0.7.2 via em4.0
[BGP/170] 15:38:38, localpref 100, from 10.0.0.10
AS path: I
> to 10.0.7.2 via em4.0
10.254.100.0/24 [BGP/170] 15:38:38, localpref 100, from 10.0.0.6
AS path: I
> to 10.0.7.2 via em4.0
[BGP/170] 15:38:38, localpref 100, from 10.0.0.7
AS path: I
> to 10.0.8.2 via em5.0
[BGP/170] 15:38:38, localpref 100, from 10.0.0.10
AS path: I
> to 10.0.7.2 via em4.0
which are R2's own routes, marked by a community on an ingress policy. In the same way, I'm able to see the routes from R4, marked with appropriate communities.
However, when I go to R1 and try to see any communities attached to the routes, I get nothing:
root@R1> show route community 500
inet.0: 23 destinations, 47 routes (23 active, 0 holddown, 6 hidden)
while the session is up and the R2 is advertising the prefixes as it should, just there's no communities:
root@R1> show route receive-protocol bgp 10.0.6.2 extensive
inet.0: 23 destinations, 47 routes (23 active, 0 holddown, 6 hidden)
* 10.0.0.5/32 (1 entry, 1 announced)
Accepted
Nexthop: 10.0.6.2
AS path: 2 I
* 10.0.0.6/32 (1 entry, 1 announced)
Accepted
Nexthop: 10.0.6.2
MED: 1
AS path: 2 I
* 10.0.0.7/32 (1 entry, 1 announced)
Accepted
Nexthop: 10.0.6.2
MED: 1
AS path: 2 I
10.0.1.0/24 (4 entries, 1 announced)
Accepted
Nexthop: 10.0.6.2
AS path: 2 I
10.0.6.0/24 (4 entries, 1 announced)
Accepted
Nexthop: 10.0.6.2
AS path: 2 I
* 10.0.7.0/24 (1 entry, 1 announced)
Accepted
Nexthop: 10.0.6.2
AS path: 2 I
* 10.0.8.0/24 (1 entry, 1 announced)
Accepted
Nexthop: 10.0.6.2
AS path: 2 I
10.254.100.0/24 (3 entries, 1 announced)
Accepted
Nexthop: 10.0.6.2
AS path: 2 I
What I'm doing wrong? Why the border router strips the communities off the advertisements?
Also - is it normal, that without a policy configured, junos wouldn't advertise anything through the BGP session by default?
Any comments are greatly appreciated, thanks!