Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

How To: Filter incoming BGP routing update using route-map

0

0

Article ID: KB5938 KB Last Updated: 13 Jul 2010Version: 3.0
Summary:
How To: Filter incoming BGP routing update using route-map
Symptoms:
NetScreen-500 ScreenOS 4.0.0r3 EBGP peer connection Route map Can't filter incoming BGP routing update
Solution:

In order to filter incoming BGP routing update, use route-map.

Example:

Step 1) Make a access-list to filter specific networks
ns500(untrust-vr)-> set access-list 2 permit ip 192.168.10.0/24 1
ns500(untrust-vr)-> set access-list 2 permit ip 192.168.11.0/24 2

Step 2) Make a route-map for it.
ns500(untrust-vr)-> set route-map name AS254-to-AS10 permit 1
ns500(untrust-vr/AS254-to-AS10-1)-> set match ip 2
--> 2 = access-list number
ns500(untrust-vr/AS254-to-AS10-1)-> exit

Step3) Add this route-map to existing neighbor configuration
ns500(untrust-vr)-> set protocol bgp
ns500(untrust-vr/bgp)-> set neighbor 10.1.1.2 route-map AS254-to-AS10 in
ns500(untrust-vr/bgp)-> exit

Step4) Refresh the BGP routing table to check the filtered BGP routing table
ns500(untrust-vr)-> exec protocol bgp neighbor 10.1.1.2 disconnect
start to close the connection

ns500(untrust-vr)-> get route
C - Connected, S - Static, A - Auto-Exported, I - Imported
iB - IBGP, eB - EBGP, O - OSPF, E1 - OSPF external type 1, E2 - OSPF external type 2

Total 4 entries

   ID IP-Prefix          Interface      Gateway         P   Pref    Mtr Vsys
------------------------------------------------------------------------------
*   3 172.16.3.0/24      eth3/1.3       0.0.0.0         CA    30      0 root
*   2 172.16.2.0/24      eth3/1.2       0.0.0.0         CA    30      0 root
*   1 172.16.1.0/24      eth3/1.1       0.0.0.0         CA    30      0 root
*   0 10.1.1.0/24        eth1/1         0.0.0.0         C      0      0 root


After several seconds later,

ns500(untrust-vr)-> get route
C - Connected, S - Static, A - Auto-Exported, I - Imported
iB - IBGP, eB - EBGP, O - OSPF, E1 - OSPF external type 1, E2 - OSPF external type 2

Total 6 entries

   ID IP-Prefix          Interface      Gateway         P   Pref    Mtr Vsys
------------------------------------------------------------------------------
*   3 172.16.3.0/24      eth3/1.3       0.0.0.0         CA    30      0 root
*   2 172.16.2.0/24      eth3/1.2       0.0.0.0         CA    30      0 root
*   1 172.16.1.0/24      eth3/1.1       0.0.0.0         CA    30      0 root
color="blue">*  10 192.168.11.0/24    eth1/1         10.1.1.2        eB    40      0 root
*  11 192.168.10.0/24    eth1/1         10.1.1.2        eB    40      0 root

*   0 10.1.1.0/24        eth1/1         0.0.0.0         C      0      0 root

.

Here is the problem or goal:

  • Can't filter incoming BGP routing update
  • How to filter incoming BGP routing update using route-map

Problem Environment:

  • NetScreen-500
  • ScreenOS 4.0.0r3
  • EBGP peer connection
  • Route map

Applicable Products:

  • NetScreen-5XT
  • NetScreen-25
  • NetScreen-50
  • NetScreen-100
  • NetScreen-204
  • NetScreen-208
  • NetScreen- 500
  • NetScreen-5200

Applicable ScreenOS:

  • 4.0.0


Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search