User Details
User Details
- User Since
- Jun 9 2021, 7:09 PM (149 w, 2 d)
Jun 10 2021
Jun 10 2021
tsantiago.work added a comment to T2645: Editing route-map action requires adding a new rule.
@Viacheslav This is confirmed fixed, I'm guessing it got fixed during the period between reporting it and now.
Jun 9 2021
Jun 9 2021
tsantiago.work added a comment to T3609: BGP Peer Group Changes Slow.
Here's the complete BGP policy config, since the route-maps include prefix-lists, AS paths, and large communities:
set policy prefix-list BGP-REDISTRIBUTE rule 10 action 'deny' set policy prefix-list BGP-REDISTRIBUTE rule 10 description 'Block WDC07 peering' set policy prefix-list BGP-REDISTRIBUTE rule 10 prefix '192.168.63.0/28' set policy prefix-list BGP-REDISTRIBUTE rule 20 action 'permit' set policy prefix-list BGP-REDISTRIBUTE rule 20 description 'Allow SL WDC07' set policy prefix-list BGP-REDISTRIBUTE rule 20 ge '23' set policy prefix-list BGP-REDISTRIBUTE rule 20 prefix '192.168.48.0/20' set policy prefix-list BGP-REDISTRIBUTE rule 30 action 'permit' set policy prefix-list BGP-REDISTRIBUTE rule 30 description 'Allow SL services' set policy prefix-list BGP-REDISTRIBUTE rule 30 prefix '10.0.0.0/8' set policy prefix-list BGP-REDISTRIBUTE rule 40 action 'permit' set policy prefix-list BGP-REDISTRIBUTE rule 40 description 'Allow SL services' set policy prefix-list BGP-REDISTRIBUTE rule 40 ge '9' set policy prefix-list BGP-REDISTRIBUTE rule 40 prefix '10.0.0.0/8' set policy prefix-list BGP-BACKBONE-DAL13 rule 10 action 'permit' set policy prefix-list BGP-BACKBONE-DAL13 rule 10 description 'Allow DAL13' set policy prefix-list BGP-BACKBONE-DAL13 rule 10 ge '23' set policy prefix-list BGP-BACKBONE-DAL13 rule 10 prefix '192.168.16.0/20' set policy prefix-list BGP-BACKBONE-IN description 'Inbound backbone routes from other sites' set policy prefix-list BGP-BACKBONE-IN rule 10 action 'deny' set policy prefix-list BGP-BACKBONE-IN rule 10 description 'Block default route' set policy prefix-list BGP-BACKBONE-IN rule 10 prefix '0.0.0.0/0' set policy prefix-list BGP-BACKBONE-IN rule 20 action 'deny' set policy prefix-list BGP-BACKBONE-IN rule 20 description 'Block WDC07 primary' set policy prefix-list BGP-BACKBONE-IN rule 20 ge '21' set policy prefix-list BGP-BACKBONE-IN rule 20 prefix '192.168.48.0/20' set policy prefix-list BGP-BACKBONE-IN rule 30 action 'deny' set policy prefix-list BGP-BACKBONE-IN rule 30 description 'Block loopbacks' set policy prefix-list BGP-BACKBONE-IN rule 30 ge '25' set policy prefix-list BGP-BACKBONE-IN rule 30 prefix '192.168.253.0/24' set policy prefix-list BGP-BACKBONE-IN rule 40 action 'deny' set policy prefix-list BGP-BACKBONE-IN rule 40 description 'Block backbone peering' set policy prefix-list BGP-BACKBONE-IN rule 40 ge '25' set policy prefix-list BGP-BACKBONE-IN rule 40 prefix '192.168.254.0/24' set policy prefix-list BGP-BACKBONE-IN rule 999 action 'permit' set policy prefix-list BGP-BACKBONE-IN rule 999 description 'Allow everything else' set policy prefix-list BGP-BACKBONE-IN rule 999 ge '1' set policy prefix-list BGP-BACKBONE-IN rule 999 prefix '0.0.0.0/0' set policy prefix-list BGP-BACKBONE-INT rule 10 action 'permit' set policy prefix-list BGP-BACKBONE-INT rule 10 description 'Allow int' set policy prefix-list BGP-BACKBONE-INT rule 10 ge '23' set policy prefix-list BGP-BACKBONE-INT rule 10 prefix '192.168.0.0/20' set policy prefix-list6 BGP-BACKBONE-DAL13-V6 rule 10 action 'permit' set policy prefix-list6 BGP-BACKBONE-DAL13-V6 rule 10 description 'Allow DAL13' set policy prefix-list6 BGP-BACKBONE-DAL13-V6 rule 10 ge '64' set policy prefix-list6 BGP-BACKBONE-DAL13-V6 rule 10 prefix 'fd52:d62e:8011:1000::/52' set policy prefix-list6 BGP-BACKBONE-IN-V6 description 'Inbound backbone routes from other sites' set policy prefix-list6 BGP-BACKBONE-IN-V6 rule 10 action 'deny' set policy prefix-list6 BGP-BACKBONE-IN-V6 rule 10 description 'Block default route' set policy prefix-list6 BGP-BACKBONE-IN-V6 rule 10 prefix '::/0' set policy prefix-list6 BGP-BACKBONE-IN-V6 rule 20 action 'deny' set policy prefix-list6 BGP-BACKBONE-IN-V6 rule 20 description 'Block WDC07 primary' set policy prefix-list6 BGP-BACKBONE-IN-V6 rule 20 ge '53' set policy prefix-list6 BGP-BACKBONE-IN-V6 rule 20 prefix 'fd52:d62e:8011:2000::/52' set policy prefix-list6 BGP-BACKBONE-IN-V6 rule 30 action 'deny' set policy prefix-list6 BGP-BACKBONE-IN-V6 rule 30 description 'Block peering and stuff' set policy prefix-list6 BGP-BACKBONE-IN-V6 rule 30 ge '53' set policy prefix-list6 BGP-BACKBONE-IN-V6 rule 30 prefix 'fd52:d62e:8011:f000::/52' set policy prefix-list6 BGP-BACKBONE-IN-V6 rule 999 action 'permit' set policy prefix-list6 BGP-BACKBONE-IN-V6 rule 999 description 'Allow everything else' set policy prefix-list6 BGP-BACKBONE-IN-V6 rule 999 ge '1' set policy prefix-list6 BGP-BACKBONE-IN-V6 rule 999 prefix '::/0' set policy prefix-list6 BGP-BACKBONE-INT-V6 rule 10 action 'permit' set policy prefix-list6 BGP-BACKBONE-INT-V6 rule 10 description 'Allow int' set policy prefix-list6 BGP-BACKBONE-INT-V6 rule 10 ge '64' set policy prefix-list6 BGP-BACKBONE-INT-V6 rule 10 prefix 'fd52:d62e:8011::/52' set policy prefix-list6 BGP-REDISTRIBUTE-V6 rule 10 action 'deny' set policy prefix-list6 BGP-REDISTRIBUTE-V6 rule 10 description 'Block WDC07 peering' set policy prefix-list6 BGP-REDISTRIBUTE-V6 rule 10 prefix 'fd52:d62e:8011:23e3::/64' set policy prefix-list6 BGP-REDISTRIBUTE-V6 rule 20 action 'permit' set policy prefix-list6 BGP-REDISTRIBUTE-V6 rule 20 description 'Allow WDC07' set policy prefix-list6 BGP-REDISTRIBUTE-V6 rule 20 ge '64' set policy prefix-list6 BGP-REDISTRIBUTE-V6 rule 20 prefix 'fd52:d62e:8011:2000::/52' set policy route-map BGP-REDISTRIBUTE rule 10 action 'permit' set policy route-map BGP-REDISTRIBUTE rule 10 description 'Allow WDC07 and services IPv4' set policy route-map BGP-REDISTRIBUTE rule 10 match ip address prefix-list 'BGP-REDISTRIBUTE' set policy route-map BGP-REDISTRIBUTE rule 10 set origin 'igp' set policy route-map BGP-REDISTRIBUTE rule 20 action 'permit' set policy route-map BGP-REDISTRIBUTE rule 20 description 'Allow WDC07 and services IPv6' set policy route-map BGP-REDISTRIBUTE rule 20 match ipv6 address prefix-list 'BGP-REDISTRIBUTE-V6' set policy route-map BGP-REDISTRIBUTE rule 20 set origin 'igp' set policy route-map BGP-BACKBONE-IN rule 10 action 'permit' set policy route-map BGP-BACKBONE-IN rule 10 match ip address prefix-list 'BGP-BACKBONE-IN' set policy route-map BGP-BACKBONE-IN rule 20 action 'permit' set policy route-map BGP-BACKBONE-IN rule 20 match ipv6 address prefix-list 'BGP-BACKBONE-IN-V6' set policy route-map BGP-BACKBONE-IN rule 30 action 'permit' set policy route-map BGP-BACKBONE-IN rule 30 match large-community large-community-list 'ANYCAST_ALL' set policy route-map BGP-BACKBONE-OUT rule 10 action 'permit' set policy route-map BGP-BACKBONE-OUT rule 10 match large-community large-community-list 'ANYCAST_WDC07' set policy route-map BGP-BACKBONE-OUT rule 10 set metric '+100' set policy route-map BGP-BACKBONE-OUT rule 20 action 'permit' set policy route-map BGP-BACKBONE-OUT rule 20 match as-path 'INT' set policy route-map BGP-BACKBONE-OUT rule 20 match ip address prefix-list 'BGP-BACKBONE-INT' set policy route-map BGP-BACKBONE-OUT rule 20 set metric '+100' set policy route-map BGP-BACKBONE-OUT rule 30 action 'permit' set policy route-map BGP-BACKBONE-OUT rule 30 match as-path 'INT' set policy route-map BGP-BACKBONE-OUT rule 30 match ipv6 address prefix-list 'BGP-BACKBONE-INT-V6' set policy route-map BGP-BACKBONE-OUT rule 30 set metric '+100' set policy route-map BGP-BACKBONE-OUT rule 40 action 'permit' set policy route-map BGP-BACKBONE-OUT rule 40 match as-path 'DAL13' set policy route-map BGP-BACKBONE-OUT rule 40 match ip address prefix-list 'BGP-BACKBONE-DAL13' set policy route-map BGP-BACKBONE-OUT rule 40 set metric '+100' set policy route-map BGP-BACKBONE-OUT rule 50 action 'permit' set policy route-map BGP-BACKBONE-OUT rule 50 match as-path 'DAL13' set policy route-map BGP-BACKBONE-OUT rule 50 match ipv6 address prefix-list 'BGP-BACKBONE-DAL13-V6' set policy route-map BGP-BACKBONE-OUT rule 50 set metric '+100' set policy route-map BGP-BACKBONE-OUT rule 999 action 'permit' set policy route-map BGP-BACKBONE-OUT rule 999 call 'BGP-REDISTRIBUTE' set policy route-map BGP-BACKBONE-OUT rule 999 description 'Allow redistributed routes' set policy as-path-list DAL13 rule 10 action 'permit' set policy as-path-list DAL13 rule 10 description 'Alow anything from or via DAL13' set policy as-path-list DAL13 rule 10 regex '.*4242420668.*' set policy as-path-list INT rule 10 action 'permit' set policy as-path-list INT rule 10 description 'Allow anything from or via int' set policy as-path-list INT rule 10 regex '.*4242420666.*' set policy large-community-list ANYCAST_ALL rule 10 action 'permit' set policy large-community-list ANYCAST_ALL rule 10 description 'Allow all anycast from anywhere' set policy large-community-list ANYCAST_ALL rule 10 regex '4242420696:100:.*' set policy large-community-list ANYCAST_WDC07 rule 10 action 'permit' set policy large-community-list ANYCAST_WDC07 rule 10 description 'Allow all anycast from wdc07' set policy large-community-list ANYCAST_WDC07 rule 10 regex '4242420696:100:3'