Supported Platforms
Example: Configuring Layer 3 VPN Protocol Family Qualifiers for Route Filters
This example shows how to control the scope of BGP import policies by configuring a family qualifier for the BGP import policy. The family qualifier specifies routes of type inet, inet6, inet-vpn, or inet6-vpn.
Requirements
This example uses Junos OS Release 10.0 or later.
Before you begin:
- Configure the router interfaces.
- Configure an interior gateway protocol. See the Junos OS Routing Protocols Configuration Guide.
- Configure a BGP session for multiple route types. For example, configure the session for both family inet routes and family inet-vpn routes. See Configuring IBGP Sessions Between PE Routers in VPNs and Configuring Layer 3 VPNs to Carry IPv6 Traffic.
Overview
Family qualifiers cause a route filter to match only one specific family. When you configure an IPv4 route filter without a family qualifier, as shown here, the route filter matches inet and inet-vpn routes.
Likewise, when you configure an IPv6 route filter without a family qualifier, as shown here, the route filter matches inet6 and inet6-vpn routes.
Consider the case in which a BGP session has been configured for both family inet routes and family inet-vpn routes, and an import policy has been configured for this BGP session. This means that both family inet and family inet-vpn routes, when received, share the same import policy. The policy term might look as follows:
This route-filter logic matches an inet route of 0.0.0.0 and an inet-vpn route whose IPv4 address portion is 0.0.0.0. The 8-byte route distinguisher portion of the inet-vpn route is not considered in the route-filter matching. This is a change in Junos OS behavior that was introduced in Junos OS Release 10.0.
If you do not want your policy to match both types of routes, add a family qualifier to your policy. To have the route-filter match only inet routes, add the family inet policy qualifier. To have the route-filter match only inet-vpn routes, add the family inet-vpn policy qualifier.
The family qualifier is evaluated before the route-filter is evaluated. Thus, the route-filter is not evaluated if the family match fails. The same logic applies to family inet6 and family inet6-vpn. The route-filter used in the inet6 example must use an IPv6 address. There is a potential efficiency gain in using a family qualifier because the family qualifier is tested before most other qualifiers, quickly eliminating routes from undesired families.
Configuration
CLI Quick Configuration
To quickly configure this example, copy the following commands, paste them into a text file, remove any line breaks, change any details necessary to match your network configuration, and then copy and paste the commands into the CLI at the [edit] hierarchy level.
inet Example
Inet-vpn Example
inet6 Example
Inet6-vpn Example
Step-by-Step Procedure
The following example requires you to navigate various levels in the configuration hierarchy. For information about navigating the CLI, see the CLI User Guide.
To configure a flow map:
Configure the family qualifier.
[edit policy-options]user@host# set policy-statement specific-family from family inetConfigure the route filter.
[edit policy-options]user@host# set policy-statement specific-family from route-filter 0.0.0.0/0 exactConfigure the policy actions.
[edit policy-options]user@host# set policy-statement specific-family then next-hop self user@host# set policy-statement specific-family then acceptApply the policy.
[edit protocols bgp]user@host# set import specific-family
Results
Confirm your configuration by entering the show policy-options and show protocols commands.
If you are done configuring the router, enter commit from configuration mode.
Repeat the procedure for every protocol family for which you need a specific route-filter policy.
Verification
To verify the configuration, run the following commands:
- show route advertising-protocol bgp neighbor detail
- show route instance instance-name detail
