Junos
Junos

Assigning community to direct routes without using policy and prefix-lists

‎08-13-2019 02:34 PM

I need to be able to assign a community to certain direct/connected routes on an MX router, but not all of them. I know this can be easily done through policy and prefix-list. However, I'm trying to avoid having to update the prefix-list each time these certain interfaces are configured because there are multiple hands in the cookie jar. In my experience when you have multiple people configuring, the prefix-lists quickly become grossly outdated.

 

My ideal solution would be an option to add the community directly on the family inet address in the interface configuration. I don't think that's possible based on my research thus far though. 

5 REPLIES 5
Junos

Re: Assigning community to direct routes without using policy and prefix-lists

[ Edited ]
‎08-13-2019 07:28 PM

Hello,

 


@slai wrote:

 

My ideal solution would be an option to add the community directly on the family inet address in the interface configuration. I don't think that's possible based on my research thus far though. 


 

Correct, this is not supported.

 


@slai wrote:

I need to be able to assign a community to certain direct/connected routes on an MX router, but not all of them.


 

You can have interfaces referenced directly in the policy, like below:

 

set policy-options policy-statement SELECT-MATCH-DIRECT term t1 from interface [ ge-0/0/0.0 ae0.0 xe-0/1/0.999 . . . ]
set policy-options policy-statement SELECT-MATCH-DIRECT term t1 then community add BLAH

 

Then if someone updates subnet on ae0.0, it will be automatically picked up by this policy.

Of course, any newly created logical interfaces with "family inet|inet6" will need to be added to this policy (manually or programmatically - i.e. You can have a commit script which checks if the IFL need to be referenced in the policy and adds/removes it).

 

HTH

Thx

Alex

_____________________________________________________________________

Please ask Your Juniper account team about Juniper Professional Services offerings.
Juniper PS can design, test & build the network/part of the network as per Your requirements

+++++++++++++++++++++++++++++++++++++++++++++

Accept as Solution = cool !
Accept as Solution+Kudo = You are a Star !
Junos

Re: Assigning community to direct routes without using policy and prefix-lists

‎08-14-2019 02:42 AM

You can also have a prefix list craeted via apply path to automatically add the ip addresses as configured on an interface.

 

set policy prefix-list My_list apply-path "interface ae0 unit <*> family inet <*>"

 

Steve Puluka BSEET - Juniper Ambassador
IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)
http://puluka.com/home
Junos

Re: Assigning community to direct routes without using policy and prefix-lists

‎08-14-2019 05:42 AM

@aarseniev wrote:

You can have interfaces referenced directly in the policy, like below:

 

set policy-options policy-statement SELECT-MATCH-DIRECT term t1 from interface [ ge-0/0/0.0 ae0.0 xe-0/1/0.999 . . . ]
set policy-options policy-statement SELECT-MATCH-DIRECT term t1 then community add BLAH

 

Then if someone updates subnet on ae0.0, it will be automatically picked up by this policy.

Of course, any newly created logical interfaces with "family inet|inet6" will need to be added to this policy (manually or programmatically - i.e. You can have a commit script which checks if the IFL need to be referenced in the policy and adds/removes it).


We'd like to keep our standard export policies identical across all of our MX's for consistency. However, we did consider policy chaining, but that wasn't ideal either due to the number of steps involved with creating and inserting a policy into the chain.

 

I think we may look into a programmatic approach through NSO to provision prefix-lists since there doesn't seem like a clean approach that would keep things consistent.

Junos

Re: Assigning community to direct routes without using policy and prefix-lists

‎08-14-2019 05:47 AM

@spuluka wrote:

You can also have a prefix list craeted via apply path to automatically add the ip addresses as configured on an interface.

 

set policy prefix-list My_list apply-path "interface ae0 unit <*> family inet <*>"

 


Yep we considered this as well, but because we are assigning the communities based on the type of service associated with an IFL, we don't want to wild card an entire interface. And assigning an entire physical interface per service wouldn't be an efficient use of expensive MX ports.

Junos

Re: Assigning community to direct routes without using policy and prefix-lists

‎08-14-2019 06:39 AM

One thing we could look at is allocating a VLAN range for certain types of service. The IFL unit id matches the VLAN ID by our standard configuration practice. The thought is to apply a certain range through an apply-path prefix-list.  The challenge here is how many VLANs to carve out for each type of service. Also, I don't know if the apply-path function supports ranges. It looks like it only supports wildcards.

 

set policy prefix-list My_list apply-path "interface ae0 unit <3000-3500> family inet <*>"