Filtering routes using prefix Lists in Juniper

  • 0
Mikrotik Configuration:
admin@IKF_CORE] >
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip hotspot user profile
set [ find default=yes ] idle-timeout=none keepalive-timeout=2m \
    mac-cookie-timeout=3d
/port
set 0 name=serial0
/routing bgp instance
set default as=1300
/tool user-manager customer
add backup-allowed=yes disabled=no login=admin password="" \
    paypal-accept-pending=no paypal-allowed=no paypal-secure-response=no \
    permissions=owner signup-allowed=no time-zone=-00:00
/ip address
add address=1.1.1.2/30 interface=ether1 network=1.1.1.0
add address=192.168.125.1/24 interface=ether8 network=192.168.125.0
/routing bgp network
add network=1.3.0.0/24 synchronize=no
add network=1.3.1.0/24
add network=1.3.2.0/24
add network=1.3.3.0/24
add network=1.3.4.0/24 synchronize=no
add network=1.3.5.0/24 synchronize=no
/routing bgp peer
add name=TATA remote-address=1.1.1.1 remote-as=1100
/system identity
set name=IKF_CORE
/system lcd
set contrast=0 enabled=no port=parallel type=24x4
/system lcd page
set time disabled=yes display-time=5s
set resources disabled=yes display-time=5s
set uptime disabled=yes display-time=5s
set packets disabled=yes display-time=5s
set bits disabled=yes display-time=5s
set version disabled=yes display-time=5s
set identity disabled=yes display-time=5s
set ether1 disabled=yes display-time=5s
set ether2 disabled=yes display-time=5s
set ether3 disabled=yes display-time=5s
set ether4 disabled=yes display-time=5s
set ether5 disabled=yes display-time=5s
set ether6 disabled=yes display-time=5s
set ether7 disabled=yes display-time=5s
set ether8 disabled=yes display-time=5s
[admin@IKF_CORE] >

Juniper Configuration:

root@TATA# show
## Last changed: 2019-03-28 01:05:16 UTC
version 10.1R1.8;
system {
    host-name TATA;
    root-authentication {
        encrypted-password "$1$K.6Gp.oA$.CvkXlWMxq8GDwxSnr4/D/"; ## SECRET-DATA
    }
    services {
        ftp;
        ssh;
        telnet;
    }
    syslog {
        user * {
            any emergency;
        }
        file messages {
            any notice;
            authorization info;
        }
        file interactive-commands {
            interactive-commands any;
        }
    }
}
interfaces {
    em0 {
        unit 0 {
            description IKF_CORE;
            family inet {
                address 1.1.1.1/30;
            }
        }
    }
}
protocols {
    bgp {
        traceoptions {
            file bgplog size 1000k files 10;
            flag all detail;
            flag open;
        }
        local-as 1100;
        group IKF {
            import IKF_IN;
            neighbor 1.1.1.2 {
                description IKF_CORE;
                peer-as 1300;
            }
            neighbor 1.1.1.6 {
                description IKF_MUMBAI;
                peer-as 1300;
            }
        }
    }
}
policy-options {
    prefix-list IKF_IN {
        1.3.0.0/24;
        1.3.1.0/24;
        1.3.2.0/24;
        1.3.3.0/24;
    }
    policy-statement IKF_IN {
        term 1 {
            from {
                prefix-list IKF_IN;
            }
            then accept;
        }
        term 2 {
            from {
                route-filter 0.0.0.0/0 orlonger;
            }
            then reject;
        }
    }
}

[edit]
root@TATA#

[edit]
root@TATA# show
## Last changed: 2019-03-28 01:05:16 UTC
version 10.1R1.8;
system {
    host-name TATA;
    root-authentication {
        encrypted-password "$1$K.6Gp.oA$.CvkXlWMxq8GDwxSnr4/D/"; ## SECRET-DATA
    }
    services {
        ftp;
        ssh;
        telnet;
    }
    syslog {
        user * {
            any emergency;
        }
        file messages {
            any notice;
            authorization info;
        }
        file interactive-commands {
            interactive-commands any;
        }
    }
}
interfaces {
    em0 {
        unit 0 {
            description IKF_CORE;
            family inet {
                address 1.1.1.1/30;
            }
        }
    }
}
protocols {
    bgp {
        traceoptions {
            file bgplog size 1000k files 10;
            flag all detail;
            flag open;
        }
        local-as 1100;
        group IKF {
            import IKF_IN;
            neighbor 1.1.1.2 {
                description IKF_CORE;
                peer-as 1300;
            }
            neighbor 1.1.1.6 {
                description IKF_MUMBAI;
                peer-as 1300;
            }
        }
    }
}
policy-options {
    prefix-list IKF_IN {
        1.3.0.0/24;
        1.3.1.0/24;
        1.3.2.0/24;
        1.3.3.0/24;
    }
    policy-statement IKF_IN {
        term 1 {
            from {
                prefix-list IKF_IN;
            }
            then accept;
        }
        term 2 {
            from {
                route-filter 0.0.0.0/0 orlonger;
            }
            then reject;
        }
    }
}

[edit]
root@TATA#
----------------------

root@TATA> show route

inet.0: 5 destinations, 5 routes (3 active, 0 holddown, 2 hidden)
+ = Active Route, - = Last Active, * = Both

1.1.1.0/30         *[Direct/0] 09:22:28
                    > via em0.0
1.1.1.1/32         *[Local/0] 09:22:28
                      Local via em0.0
1.3.0.0/24         *[BGP/170] 00:27:36, localpref 100
                      AS path: 1300 I
                    > to 1.1.1.2 via em0.0
-----------------------

oot@TATA> Mar 28 01:10:05.806642 task_process_events: recv ready for BGP_1300_1100.1.1.1.2+51194
Mar 28 01:10:05.806661 task_job_create_background: create prio 4 job Read peer for task BGP_1300_1100.1.1.1.2+51194
Mar 28 01:10:05.806669 background dispatch running job Read peer for task BGP_1300_1100.1.1.1.2+51194
Mar 28 01:10:05.806671 bgp_read_v4_message: receiving packet(s) from 1.1.1.2 (External AS 1300)
Mar 28 01:10:05.806677
Mar 28 01:10:05.806677 BGP RECV 1.1.1.2+51194 -> 1.1.1.1+179
Mar 28 01:10:05.806680 BGP RECV message type 2 (Update) length 47
Mar 28 01:10:05.806681 BGP RECV Update PDU length 47
Mar 28 01:10:05.806683 BGP RECV flags 0x40 code Origin(1): IGP
Mar 28 01:10:05.806714 BGP RECV flags 0x40 code ASPath(2) length 6: 1300
Mar 28 01:10:05.806716 BGP RECV flags 0x40 code NextHop(3): 1.1.1.2
Mar 28 01:10:05.806721 BGP RECV         1.3.0.0/24
Mar 28 01:10:05.806763 bgp_should_merge_as2_and_as4_path():2083 AS4-Peer 1.1.1.2 (External AS 1300)(RECV): No merge of as-paths required as the peer is 4 byte as capable
Mar 28 01:10:05.806766 bgp_process_aspath_and_aggr_attr():2512 AS4-Peer 1.1.1.2 (External AS 1300)(RECV): bgp_should_merge_as2_and_as4_path() says NO
Mar 28 01:10:05.806768 bgp_process_aspath_and_aggr_attr():2549 AS4-Peer 1.1.1.2 (External AS 1300)(RECV): Merged asp: path_len 4, path_seg_len 2, path2_len 0, path2_seg_len 0, path4_len 0, path4_seg_len 0, path_attr_len 0, path_aggr_len 0, path4_aggr_len 0, path4_flags 0x0, path_flags 0x0
Mar 28 01:10:05.806779 bgp_rcv_nlri: Peer 1.1.1.2 (External AS 1300)
Mar 28 01:10:05.806781 bgp_rcv_nlri: 1.3.0.0/24
Mar 28 01:10:05.806877 CHANGE   1.3.0.0/24         gw 1.1.1.2         BGP      pref 170/-101 metric  em0.0 <Active Ext>  as 1300
Mar 28 01:10:05.806883 ADD      1.3.0.0/24         gw 1.1.1.2         BGP      pref 170/-101 metric  em0.0 <Active Ext>  as 1300
Mar 28 01:10:05.806888 rt_close: 1 route proto BGP_1300_1100.1.1.1.2+51194
Mar 28 01:10:05.806888
Mar 28 01:10:05.806915 bgp_read_v4_message: done with 1.1.1.2 (External AS 1300) received 47 octets 1 update 1 route
Mar 28 01:10:05.806919 task_job_delete: delete background job Read peer for task BGP_1300_1100.1.1.1.2+51194
Mar 28 01:10:05.806924 background dispatch completed job Read peer for task BGP_1300_1100.1.1.1.2+51194
Mar 28 01:10:05.806938 rt_flash_update_callback: flash BGP_Group_IKF (inet.0) start
Mar 28 01:10:05.806940 bgp_rt_policy_start: flash update group IKF type External
Mar 28 01:10:05.806971 bgp_rt_policy_end: group IKF type External 0 routes ready 0 deferred
Mar 28 01:10:05.806975 rt_flash_update_callback: flash BGP_Group_IKF (inet.0) done
Mar 28 01:10:08.001571 task_process_events: recv ready for BGP_1300_1100.1.1.1.2+51194
Mar 28 01:10:08.001614 task_job_create_background: create prio 4 job Read peer for task BGP_1300_1100.1.1.1.2+51194
Mar 28 01:10:08.001622 background dispatch running job Read peer for task BGP_1300_1100.1.1.1.2+51194
Mar 28 01:10:08.001624 bgp_read_v4_message: receiving packet(s) from 1.1.1.2 (External AS 1300)
Mar 28 01:10:08.001639
Mar 28 01:10:08.001639 BGP RECV 1.1.1.2+51194 -> 1.1.1.1+179
Mar 28 01:10:08.001642 BGP RECV message type 4 (KeepAlive) length 19
Mar 28 01:10:08.001645 bgp_read_v4_message: done with 1.1.1.2 (External AS 1300) received 19 octets 0 updates 0 routes
Mar 28 01:10:08.001646 task_job_delete: delete background job Read peer for task BGP_1300_1100.1.1.1.2+51194
Mar 28 01:10:08.001657 background dispatch completed job Read peer for task BGP_1300_1100.1.1.1.2+51194
Mar 28 01:10:08.039231 task_timer_dispatch: calling BGP_1300_1100.1.1.1.2+51194_Traffic, late by 0.005
Mar 28 01:10:08.039239 bgp_keepalive_timeout: peer 1.1.1.2 (External AS 1300) last checked 31 last recv'd 0 last sent 29 last keepalive 29
Mar 28 01:10:08.039241 bgp_send: sending 19 bytes to 1.1.1.2 (External AS 1300)
Mar 28 01:10:08.039242
Mar 28 01:10:08.039242 BGP SEND 1.1.1.1+179 -> 1.1.1.2+51194
Mar 28 01:10:08.039244 BGP SEND message type 4 (KeepAlive) length 19
Mar 28 01:10:08.039994 task_timer_reset: reset BGP_1300_1100.1.1.1.2+51194_Traffic
Mar 28 01:10:08.039999 task_timer_set_oneshot_latest: timer BGP_1300_1100.1.1.1.2+51194_Traffic interval set to 25.756627
Mar 28 01:10:08.040001 task_timer_dispatch: returned from BGP_1300_1100.1.1.1.2+51194_Traffic, rescheduled in 25.756
Mar 28 01:10:10.889876 task_timer_dispatch: calling BGP RT Background_BGP reuse, late by 0.162
Mar 28 01:10:10.889902 bgp_reuse_scan: Starting scan
Mar 28 01:10:10.889906 task_timer_dispatch: returned from BGP RT Background_BGP reuse, rescheduled in 19.805
root@TATA> monitor stop


No comments:

Post a Comment

Subscribe to: Post Comments (Atom)