Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[Junos] Apply-group behavior: Why isn't it taking effect under logical-systems or routing-instances?

0

0

Article ID: KB21458 KB Last Updated: 30 Jul 2020Version: 2.0
Summary:
This article describes the issue of Apply-groups only acting on the configuration hierarchy which exists within them, regardless of where they are configured.
Symptoms:

Consider this configuration, which has a BGP peer in the main instance, and a BGP peer in a routing-instance:

lab@Lesh# show
groups {
    local-pref {
        protocols {
            bgp {
                group <*> {
                    local-preference 50;
                }
            }
        }
    }
}
routing-options {
    autonomous-system 65000;
}
protocols {
    bgp {
        apply-groups local-pref;
        group isp {
            peer-as 65042;
            neighbor 192.168.42.1;
        }
    }
}
routing-instances {
    customer {
        instance-type vrf;
        route-distinguisher 192.168.42.2:65000;
        vrf-target target:65000:42;
        protocols {
            bgp {
                apply-groups local-pref;
                group customer {
                    peer-as 65010;
                    neighbor 10.1.1.1;
                }
            }
        }
    }
}


The apply-group is set in two places, under [edit protocols bgp] and [edit routing-instances customer protocols bgp], but it only takes effect in one place:

lab@Lesh# show | display inheritance
routing-options {
    autonomous-system 65000;
}
protocols {
    bgp {
        group isp {
            ##
            ## '50' was inherited from group 'local-pref'
            ##
            local-preference 50;
            peer-as 65042;
            neighbor 192.168.42.1;
        }
    }
}
routing-instances {
    customer {
        instance-type vrf;
        route-distinguisher 192.168.42.2:65000;
        vrf-target target:65000:42;
        protocols {
            bgp {
                group customer {
                    peer-as 65010;
                    neighbor 10.1.1.1;
                }
            }
        }
    }
}

Solution:

This is due to Junos being lax about where an apply-group is configured. It can be anywhere, up to the place where it should be taking affect, so in this case it can be configured under any of these:
[edit]
[edit protocols]
[edit protocols bgp]
[edit protocols bgp group isp]

It will not have any effect if configured under:
[edit protocols bgp group isp neighbor 192.168.42.1]
... because this is deeper than the group is configured for.

So we need to modify the local-pref apply-group to account for routing-instances, and the value can be different:
lab@Lesh# set groups local-pref routing-instances <*> protocols bgp group <*> local-preference 51

And the part for the main instance will be removed to prove the point about where apply-groups can be configured:
lab@Lesh# delete groups local-pref protocols

This is the new group:
lab@Lesh# show
groups {
    local-pref {
        routing-instances {
            <*> {
                protocols {
                    bgp {
                        group <*> {
                            local-preference 51;
                        }
                    }
                }
            }
        }
    }
}

This is the new configuration, after apply-groups take affect:
lab@Lesh# show | display inheritance
routing-options {
    autonomous-system 65000;
}
protocols {
    bgp {
        group isp {
            ##
            ## '50' was inherited from group 'local-pref'
            ##
            local-preference 50;
            peer-as 65042;
            neighbor 192.168.42.1;
        }
    }
}
routing-instances {
    customer {
        instance-type vrf;
        route-distinguisher 192.168.42.2:65000;
        vrf-target target:65000:42;
        protocols {
            bgp {
                group customer {
                    ##
                    ## '51' was inherited from group 'local-pref'
                    ##
                    local-preference 51;
                    peer-as 65010;
                    neighbor 10.1.1.1;
                }
            }
        }
    }
}


So for the apply-group to take effect it can be configured under any of these:
[edit]
[edit routing-instances]
[edit routing-instances customer]
[edit routing-instances customer protocols]
[edit routing-instances customer protocols bgp]
[edit routing-instances customer protocols bgp group isp]


When working with apply-groups, it is wise to check your work with:
lab@Lesh# show | display inheritance

See also KB9299 - How to use configuration groups for logical systems on M, MX and T-series routers?, which focuses on logical-systems.

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search