Customers may sometimes forget to configure a then
statement under a policy statement and export that policy under the Border Gateway Protocol (BGP). This may result in unexpected routing actions due to the default routing policies that are used. See Default Routing Policies for more information.
This article explains that a SLAX script can be added to check the policy statements that are exported under BGP, and configured to result in a commit failure if a then
statement is not present in such a policy.
Using default routing policies may lead to unexpected BGP routing actions and/or incorrectly advertised routes.
This is because a then
statement was not added under the exported policy statement.
Configure a SLAX script to check the policy statements that are exported under BGP. If a then
statement is not present, the script will ensure that commit fails.
To add the commit
script, perform the following steps:
- Log in to shell as the
root
user.
user@Router-re0> start shell user root
Password:
root@Router-re0:/var/home/labroot #
-
Create a file under /var/db/scripts/commit
.
root@Router-re0:/var/home/labroot # cd /var/db/scripts/commit
root@Router-re0:/var/db/scripts/commit # vi check-bgp-policy.slax
-
Paste the following lines and save the file (wq
).
version 1.0;
ns junos = "http://xml.juniper.net/junos/*/junos";
ns xnm = "http://xml.juniper.net/xnm/1.1/xnm";
ns jcs = "http://xml.juniper.net/junos/commit-scripts/1.0";
import "../import/junos.xsl";
param $po = commit-script-input/configuration/policy-options;
match configuration {
apply-templates protocols/bgp;
}
match export {
param $test = .;
for-each ($po/policy-statement[name == $test]/term) {
if (from && not(then/accept)) {
<xnm:error> {
call jcs:edit-path($dot = $test);
call jcs:statement($dot = $test);
<message> "Check the policy you just created and applied to BGP does not have a then statement, please check it";
}
}
}
}
-
Exit from shell and apply the commit
script to the configuration:
set system scripts commit file check-bgp-policy.slax
Example
lab@Router-re0# show policy-options policy-statement testfrom
term 1 {
from {
route-filter 0.0.0.0/0 exact;
}
}
[edit]
lab@Router-re0# show protocols bgp
export testfrom;
[edit]
lab@Router-re0# commit check
re0:
[edit protocols bgp export]
'export testfrom;'
Check the policy you just created and applied to BGP does not have a then statement, please check it
error: 1 error reported by commit scripts
error: commit script failure