Hello,
"condition" is not supported in forwarding-table export policy, only in
BGP/IGP export policy.
You have to insert a "BGP-exporter" intermediate node between
peer|upstream and Your MX, this could be a logical system on MX itself.
Thx
Alex
On 18/02/2016 10:14, Vincent Bernat wrote:
❦ 17 février 2016 21:07 GMT, Alexander Arseniev <arsen...@btinternet.com> :
True, one cannot match on "next-hop" in "condition", only on exact
prefix+table name.
But this can be done using "route isolation" approach.
So, the overall approach is:
1/ create a separate table and leak a 0/0 route there matching on 0/0
exact + next-hop ("isolate the interested route"). Use
"instance-import" + policy.
2/ create condition
policy-options {
condition default-to-upstream {
if-route-exists {
0.0.0.0/0;
table isolate-0/0.inet.0;
}
}
3/ use condition to match & reject the specifics:
policy-options {
policy-statement reject-same-nh-as-0/0 {
term 1 {
from {
protocol bgp;
route-filter 0/0 longer;
condition default-to-upstream;
next-hop 198.18.1.1;
}
then reject;
}
term 2 {
from {
protocol bgp;
route-filter 0/0 longer;
next-hop 198.18.1.1;
}
then accept;
}
Just by curiosity, I tried your approach and it almost work. However,
for some reason, the condition can match when there is no route in the
associated table. I didn't do exactly as you proposed, so maybe I am
doing something wrong. I am not really interested in getting to the
bottom of this matter. I just post my current configuration in case
somebody is interested:
https://github.com/vincentbernat/network-lab/blob/d984d6c5f847b96a131b240d91346b46bfaecac9/lab-vmx-fullview/vMX1.conf#L106-L115
If I enable term 4, it catches all routes whose next-hop is
192.0.2.129 despite the condition being false. In the RIB, I have many
routes whose next-hop is 192.0.2.129:
root@vMX1# run show route next-hop 192.0.2.129
inet.0: 1110 destinations, 1869 routes (1110 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
0.0.0.0/0 [BGP/140] 00:38:12, MED 10, localpref 100
AS path: 65002 ?, validation-state: unverified
> to 192.0.2.129 via ge-0/0/1.0
[OSPF/150] 00:37:31, metric 10, tag 0
> to 192.0.2.129 via ge-0/0/1.0
1.0.240.0/20 *[BGP/140] 00:38:12, MED 10, localpref 100
AS path: 65002 3257 3356 4651 9737 23969 I,
validation-state: unverified
> to 192.0.2.129 via ge-0/0/1.0
1.1.1.0/24 *[BGP/140] 00:38:12, MED 10, localpref 100
AS path: 65002 8758 15576 6772 13030 226 I,
validation-state: unverified
> to 192.0.2.129 via ge-0/0/1.0
[...]
But none of them make it to the FIB:
root@vMX1# run show route forwarding-table matching 1.1.1.0/24
Routing table: default.inet
Internet:
Routing table: __master.anon__.inet
Internet:
The peer.inet.0 table is empty:
root@vMX1# run show route summary
Autonomous system number: 64512
Router ID: 192.0.2.128
inet.0: 1110 destinations, 1869 routes (1110 active, 0 holddown, 0 hidden)
Direct: 3 routes, 3 active
Local: 3 routes, 3 active
OSPF: 2 routes, 1 active
BGP: 1861 routes, 1103 active
upstream.inet.0: 1 destinations, 1 routes (1 active, 0 holddown, 0 hidden)
BGP: 1 routes, 1 active
Adding a static route to peer.inet.0 doesn't help (I added a discard
route). Switching the default to the peer doesn't change anything (term
3 also matches anything). Tested on vMX 14.1R1. Maybe a bug in
if-route-exists?
_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
