Professional Documents
Culture Documents
DD2491, p1 2008
Import
Export
RIB
Protocols
FIB
Protocol
direct and static RIP BGP IS-IS OSPF MPLS
DD2491, p1 2008
RIB
Pool of routes received from peers Import policy for filtering and attribute manipulation Decision process to select best routes Pool of routes used by router Export policy for filtering and attribute manipulation Pool of routes that the router advertises
DD2491, p1 2008
AdjRIBIn
AdjRIBOut
AdjRIBOut
AdjRIBOut
AdjRIBIn
AdjRIBOut
DD2491, p1 2008
BGP RIBs
BGP routing table consists of three parts
Adj-RIB-In
One per peer BGP speaker Stores routing information learned from peer Filtered/manipulated input policy engine
Loc-RIB
Selected best routes by decision process to each available destination
Adj-RIB-Out
One per peer BGP speaker Stores routing information selected for advertisement to peer Output policy applied to Loc-RIB before going into Adj-RIB-Out This is redistributed if REFRESH capability is used
DD2491, p1 2008
Import/Export Policy
Import policy
Affects routes received from peer BGP speakers Filtering based on IP prefixes, AS_PATH and other BGP attributes Manipulates path attributes to influence its own decision process
Export policy
Affects routes in Loc-RIB (candidates for advertisement)
In JunoS: only active BGP routes
DD2491, p1 2008
AS1 AS2
10.0.0.0/24 0/0
Use10.0.0.0/24fromAS1 Use0/0and10.2.0.0/24fromAS2
10.0.0.0/24
import policy
10.0.0.0/24 10.2.0.0/24 0/0
RIB
export policy
10.0.0.0/24 10.2.0.0/24
AS4
Deny0/0fromAS1 Give10.0.0.0/24fromAS1betterpref
DD2491, p1 2008
Peer properties
Many configurations can be made on global, group and peer level. More specific is preferred (peer before group before global)
DD2491, p1 2008
See: http://www.juniper.net/techpubs/software/junos/junos90/
advertisepeerasAdvertiseroutesreceivedfromthesameautonomous system authenticationalgorithmAuthenticationalgorithmname authenticationkeyMD5authenticationkey authenticationkeychainKeychainname clusterClusteridentifier dampingEnablerouteflapdamping descriptionTextdescription disableDisableBGP +exportExportpolicy >familyProtocolfamilyforNLRIsinupdates >gracefulrestartBGPgracefulrestartoptions >groupDefineapeergroup holdtimeHoldtimeusedwhennegotiatingwithapeer +importImportpolicy includempnexthopIncludeNEXTHOPattributeinmultiprotocolupdates ipsecsaIPSecSAname keepHowtoretainroutesintheroutingtable
DD2491, p1 2008
DD2491, p1 2008
Policy1
term1 term1
term2 term2
term3 term3
Policy2
default policy
DD2491, p1 2008
Applying policies
protocol bgp { export p0; import p1; group external-peers { type external; export p2; import p3; neighbor 192.168.200.14{ export p4; import p5; } } } Global properties
Group properties
Peer properties
Export policy evaluation order: p4->p2->p0 If verdict (accept, reject) policy chain is terminated Side-effects may still apply
DD2491, p1 2008
Policy-options statements
# set policy-options ?
Policy-statement matches
# set policy-options policy-statement <name> term <name> from ?
aspath community family localpreference metric neighbor nexthop origin preference prefixlist protocol routefilter ...
DD2491, p1 2008
Policy-statement actions
# set policy-options policy-statement <name> term <name> then ?
Sideeffectswithaccept:
as-path-prepend community color external load-balance per-packet local-preference metric next-hop origin preference
DD2491, p1 2008
Lab overview
Tier1 AS65500 .1
172.16.10X.0/30
172.16.X+1.0/30
172.16.X.0/30
RTX1
1/0/0
.2 0/0/0 1/0/1
1/0/1
1/0/0
.1 .2 0/0/0
RTX2
1/0/0
RTX4
1/0/1
.1 .2 0/0/0
RTX3
1/0/1 1/0/0
ASX1
ASX
10.X.8.0/24 10.X.9.0/24 10.X.10.0/24 10.X.11.0/24
ASX+1
DD2491, p1 2008