Junos export policy not working?

During a project recently, I was promptly reminded about the construction of Junos route export (i.e. route redistribution) policies. Specifically when filtering prefixes during the export/redistribution. The logic goes something like this:

a) Create prefix-list of prefixes to export
b) Create policy which references the protocol and prefix list to export
c) Attach policy to protocol

An example is here:

policy-options {
    prefix-list CUST_A {
        192.0.2.1/32;
    }

	policy-statement REDISTRIBUTE_STATICS_CUST_A {
    	/* FROM PREFIX-LIST TEST TO METRIC TYPE 1 FOR CUST A */
    	term 1 {
        	from {
            	prefix-list CUST_A;
        	}
        	to protocol ospf2;
        	then {
            	external {
                	type 1;
            	}
            	accept;
        	}
    	}
	}
}

protocols {
	ospf {
		export REDISTRIBUTE_STATICS_CUST_A
		area 0.0.0.0 {
		interface x-x/x/x.x
		}
	}
}

With Junos export policies for routing, if you want to export more prefixes of the same type, adding an additional policy which also references the same protocol for the export will just not work. If you do the below, then you’re out of luck.

policy-options {
    prefix-list CUST_A {
        192.0.2.1/32;
    }

    prefix-list CUST_B {
        192.0.2.2/32;
    }

	policy-statement REDISTRIBUTE_STATICS_CUST_A {
    	/* FROM PREFIX-LIST TEST TO METRIC TYPE 1  Continue reading

HTIRW: Reality at the Mic (3)

Let’s take one look back over the IETF before we move on to the next piece of the infrastructure of the ‘net. Why does it take so long for a single document to get through the process, and result in a standard? There is, of course, the formal process, which requires the document to proposed, […]

Author information

Russ White

Principal Engineer at Ericsson

Russ White has scribbled a basket of books, penned a plethora of patents, written a raft of RFCs, taught a trencher of classes, nibbled and noodled at a lot of networks, and done a lot of other stuff you either already know about — or don't really care about. You can find Russ at 'net Work, the Internet Protocol Journal, LinkedIn, and his author page on Amazon.
TwitterGoogle+LinkedIn

The post HTIRW: Reality at the Mic (3) appeared first on Packet Pushers Podcast and was written by Russ White.

What is the real reason behind IP and MPLS Traffic Engineering ?

MPLS traffic engineering has many use cases and it helps to solve the problems in an MPLS enabled networks. These use cases are in general; QoS guarantee, End to End SLA , Fast reroute, Admission control and so on. All of them at the end is done for the COST SAVING. The real reason behind MPLS Traffic… Read More »

The post What is the real reason behind IP and MPLS Traffic Engineering ? appeared first on Network Design and Architecture.

Sony introduces new flagship Xperia Z4 smartphone

Sony has announced its new flagship smartphone, the Xperia Z4, that will ship in summer in the Japanese market.The device is clearly meant for global markets as well, since it supports a number of languages besides Japanese, including English, Chinese and some European languages.The move by Sony comes amid reports that the company was planning to scale down or even pull out of its smartphone business.The phone, which is powered by the Qualcomm Snapdragon 810 processor, has a display of 5.2 inches at 1920 X 1080 pixel resolution like its predecessor, the Xperia Z3, and will run Android 5.0 operating system. The Snapdragon 810 processor features 64-bit computing on eight CPU cores.To read this article in full or to leave a comment, please click here

Russian hackers uses Flash, Windows zero-day flaws

A fresh attack by a long-known hacking group suspected to be linked with Russia did little to mask its activity in an attack a week ago.The computer security firm FireEye wrote on Saturday that the group—called APT 28—attacked an “international government entity” on April 13, using two recently disclosed software flaws, one of which has not been patched.The attack sought to trick victims into clicking on a link that led to a website which attacked their computer. It first used a vulnerability in Adobe Systems’ Flash player, CVE-2015-3043, then used a still unpatched Microsoft vulnerability, CVE-2015-1701, to gain higher privileges on a computer.To read this article in full or to leave a comment, please click here

iPhone 7 rumor rollup: Killer camera on the way?

Apple’s confirmed-but-not-confirmed acquisition this past week of Israeli camera maker LinX has iPhone 7 watchers wishing, begging and hoping that the next great smartphone will incorporate advanced photo-taking technologies. Neither Apple nor LinX is confirming the buyout, estimated at $20 million by the Wall Street Journal, although Apple did give its standard response that it does sometimes acquire small companies and is not compelled to let the public know. Assuming this deal is real, Apple watchers have begun slobbering all over themselves in anticipation of improved camera features for the next iPhone. After all, the iPhone is one of the world’s most popular cameras already, and is Number 1 on photo-sharing site Flickr.To read this article in full or to leave a comment, please click here

Running an etcd-Backed Docker Swarm Cluster

In this post, I’ll build on a couple of previous posts and show you how to build your own Docker Swarm cluster that leverages etcd for cluster node discovery. This post builds on the information presented on how to run an etcd 2.0 cluster on Ubuntu as well as the information found in this post on running a Consul-backed Docker Swarm cluster.

To help you follow along, I’ve created a Vagrant environment that you can use to turn up the configuration described in this blog post. These files are found in the “docker-swarm-etcd” directory of my GitHub learning-tools repository. Feel free to use the files in this directory/repository to help with the learning process.

There are 3 major components to this configuration:

  1. A cluster of three Ubuntu 14.04 systems running etcd 2.0 (specifically, etcd 2.0.9, the last release as of this writing). This etcd cluster serves as a discovery back-end for Docker Swarm.
  2. A set of hosts running the Docker daemon (version 1.4.0 or higher, as required by Swarm). In this particular instance, I’m using CoreOS Linux (version 557.2.0 from the stable branch).
  3. A few containers running on the CoreOS hosts; Continue reading

Indoor Atlas: Smartphones can navigate inside buildings using magnetic fields

Navigating outdoors is easy with GPS and when augmented augmented by WiFi the the accuracy and availability of geolocation increase significantly … until you step inside a building.Once you’re inside and there’s no GPS signal WiFi geolocation might give you a rough fix though usually you’re effectively “off the grid.” But knowing where you are inside a structure can be crucial in large factories or office buildings. It may also be crucial for others to be able to locate you.If you want to build an app that’s capable for geolocation within a building you should take a look at Indoor Atlas, an SDK for iOS and Android, which uses magnetometer data from your smartphone and cloud-based mapping data to locate you to within 2 meters or less in real time.To read this article in full or to leave a comment, please click here

Wordfence plugin secures WordPress sites; solves job from hell

Effectively managing your own passwords under any circumstances is hard work but managing your users’ passwords on a WordPress installation can become the job from hell. Say you’re the admin of a WordPress site and you have a variety of users with accounts on your system. You immediately have a problem because WordPress is insanely popular (it’s used on almost one quarter of all Websites) and has roughly three times more bugs identified than the next largest content management system. Not surprisingly, WordPress is the most attacked CMS. So, unless you like having your WordPress installation hacked you’d better get serious about security.While you can enforce user compliance to password standards through the use of plugins such as No Weak Passwords or Force Strong Passwords, users can still choose passwords that are weaker than you'd like. So, how do you check whether their passwords are “good”? You use the Wordfence plugin published by Feedjit Inc.To read this article in full or to leave a comment, please click here

Upcoming Event: Packet Pushers at ONUG Talking Software Defined WAN

The Packet Pushers are recording a live show on SDN WAN on May 13 in New York in partnership with Viptela. Please join us.

Author information

Greg Ferro

Greg Ferro is a Network Engineer/Architect, mostly focussed on Data Centre, Security Infrastructure, and recently Virtualization. He has over 20 years in IT, in wide range of employers working as a freelance consultant including Finance, Service Providers and Online Companies. He is CCIE#6920 and has a few ideas about the world, but not enough to really count.

He is a host on the Packet Pushers Podcast, blogger at EtherealMind.com and on Twitter @etherealmind and Google Plus.

TwitterFacebookGoogle+LinkedIn

The post Upcoming Event: Packet Pushers at ONUG Talking Software Defined WAN appeared first on Packet Pushers Podcast and was written by Greg Ferro.

What’s Possible

I just read story on Medium. It’s a great use of Social Media to achieve something truly useful.

I wish more people would think differently in my line of work. Some days the resounding echoes of “we’ve always done it this way” really give me a headache.


Google’s Project Loon close to launching thosands of balloons

Google says it’s Project Loon is close to being able to produce and launch thousands of balloons to provide Internet access from the sky.Such a number would be required to provide reliable Internet access to users in remote areas that are currently unserved by terrestrial networks, said Mike Cassidy, the Google engineer in charge of the project, in a video posted Friday.The ambitious project has been underway for a couple of years and involves beaming down LTE cellular signals to handsets on the ground from balloons thousands of feet in the air, well above the altitude that passenger jets fly.“At first it would take us 3 or 4 days to tape together a balloon,” Cassidy says in the video. “Today, through our own manufacturing facility, the automated systems can get a balloon produced in just a few hours. We’re getting close to the point where we can roll out thousands of balloons.”To read this article in full or to leave a comment, please click here

Google’s Project Loon close to launching thousands of balloons

Google says its Project Loon is close to being able to produce and launch thousands of balloons to provide Internet access from the sky. Such a number would be required to provide reliable Internet access to users in remote areas that are currently unserved by terrestrial networks, said Mike Cassidy, the Google engineer in charge of the project, in a video posted Friday. The ambitious project has been underway for a couple of years and involves beaming down LTE cellular signals to handsets on the ground from balloons thousands of feet in the air, well above the altitude that passenger jets fly. “At first it would take us 3 or 4 days to tape together a balloon,” Cassidy says in the video. “Today, through our own manufacturing facility, the automated systems can get a balloon produced in just a few hours. We’re getting close to the point where we can roll out thousands of balloons.”To read this article in full or to leave a comment, please click here

1 3,548 3,549 3,550 3,551 3,552 3,857