JunOS: View route-filter import policy matches

juniper-junosroute-filter

Is there a way in JunOS (I'm testing on 11.4R1.14) to see the prefixes filtered out by a policy statement?

I have the following in the lab dropping unwanted prefixes from BGP neighbors;

policy-statement PS-Filter-Prefix-Size {
    from {
        route-filter 0.0.0.0/0 prefix-length-range /27-/32;
        route-filter 0.0.0.0/0 prefix-length-range /0-/5;
    }

protocols {
    bgp {                               
        group my-peers {
            type external;
            import [ PS-Filter-Prefix-Size ];
        }
    }
}

This seems to be working, as show route hidden reveals some test /32 routes which are not present in the output of show route or show route forwarding-table. Other /24 routes are coming in though for example.

Can I displays routes that have been caught by a filter?

Best Answer

test policy PS-Filter-Prefix-Size 0.0.0.0/0

This should display routes passing the policy

There isn't direct way to ask the opposite, but you could create policy which calls 'PS-Filter-Prefix-Size' and then rejects and accepts rest.
Testing this policy would yield opposite results, showing routes not passing 'PS-Filter-Prefix-Size'.

As far as I understand your 'PS-Filter-Prefix-Size' does nothing, as there is no action, so existing 'default-action' is honored.
You should have 'then accept' or 'then reject', and preferably after that explicit catch-all rule.

In your situation I'd do something like this

term bogus_size {
    from {
        family inet;
        route-filter 0.0.0.0/0 prefix-length-range /25-/32;
        route-filter 0.0.0.0/0 prefix-length-range /1-/7;
    }
    then reject;
}
term accept {
    then accept;
}

Best Answer

Related Solutions

Bgp – Junos: Policy-Statment and AS-Prepends

Bgp – Why does export/import policy addition/removal cause a BGP session reset

Related Topic