Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Implicit filter for Default EBGP Route Propagation Behavior without Policies

 
Summary

This section talks about using an implicit filter to regulate the EBGP route propagation behavior when there is no explicit policy configured.

Benefits

This feature provides the following benefits:

  • Regulates BGP implementation—Prevents EBGP speakers from becoming a silent pass-through where it accepted and advertised all routes by default. This feature effectively brings down the increase in transit traffic on leaf autonomous systems, especially when they are multi-homed to any upstream Internet Service Providers. Thus, it also prevents silent dropping of traffic, Denial of Service, and global internet outages.

  • Implicit filter—The configuration facilitates the use of an implicit filter, where the default behavior is still set to receive and advertise all routes by default. The configuration statement only adds an option to specify enable or disable for accept, reject, reject-always clauses, when required. The implicit filter ensures that the users with existing deployments that rely on the default BGP policy do not experience operational disruptions.

Overview

BGP is the current inter-domain Autonomous protocol used for global Internet routing. It also supports various services such as VPNs, and link state, which are not intended for global usage.

BGP implementation, including the default EBGP behavior is guided by RFC4271, A Border Gateway Protocol 4 (BGP-4). However, it does not provide any explicit guidance on specifying what routes should be distributed. This leads to the original BGP implementation being a silent pass-through for routes without any filtering and therefore, causing an increase in traffic, resulting in global Internet outages.

Starting in Junos OS Release 20.3R1, we have introduced an implicit filter defaults ebgp no-policy at the existing [edit protocols bgp] hierarchy level. The configuration separates the default policy for receive and advertise, into separate clauses (accept, reject, or reject-always) to permit the behavior to vary independently.

If there is no explicit policy configured, the implicit filter allows you to enable the default eBGP receive and advertise behavior in one of three states as follows:

Values

Default Policy

What it does

accept

receive

Accepts to receive all routes (also the default behavior).

advertise

Accepts to advertise all routes (also the default behavior).

reject

receive

Rejects to receive routes of type inet unicast and inet6 unicast in instance types primary, vrf, virtual-router, and non-forwarding.

advertise

Rejects to advertise routes of type inet unicast and inet6 unicast in instance types primary, vrf, virtual-router, and non-forwarding.

reject-always

receive

Rejects to receive all routes.

advertise

Rejects to advertise all routes.

Related Documentation