Juniper Openstack

5.0: Granular Routing policy. Reject action does not work for service-interface routes

Bug #1756524 reported by Shashikiran H on 2018-03-17

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Juniper Openstack	Status tracked in Trunk
	Trunk	Invalid	Critical	Nikhil Bansal	Juniper Openstack r5.0.0

Bug Description

Version: 5.0
Picked up the latest build.

Topo:
10.204.217.7 cfgm control ui openstack
10.204.216.68 cfgm control
10.204.216.72 cfgm control
10.204.217.16 vrouter
10.204.217.17 vrouter

left-vn --- si1(ecmp, in-network) --- right-vn

I have a routing policy to match on service-interface and take action as reject and attaching it to left-vn. I see service-chain routes also being matched along with service-interface routes. So, the routes from right(5.1.1./) which are populated on left are also being removed from the left vrf along with the 0/8 route(service-interface). Adding community etc works however.
from protocol service-interface then action reject

<iq>
<routing-policy-entries>
  <term>
   <term-match-condition>
    <protocol>service-interface</protocol>
    <community></community>
    <community-match-all>false</community-match-all>
   </term-match-condition>
   <term-action-list>
    <update>
     <as-path>
      <expand />
     </as-path>
     <community>
      <add />
      <remove />
      <set />
     </community>
     <local-pref>0</local-pref>
     <med>0</med>
    </update>
    <action>reject</action>
   </term-action-list>
  </term>
</routing-policy-entries>
</iq>

See original description

Tags:

Shashikiran H (skiranh) on 2018-03-17

description:

updated

Vineet Gupta (vineetrf) on 2018-03-19

tags:

removed: blocker

Shashikiran H (skiranh) on 2018-03-22

description:

updated

Shashikiran H (skiranh) on 2018-03-29

summary:	- 5.0: Granular Routing policy. Reject action does not work on the newly - added protocol terms + 5.0: Granular Routing policy. Reject action does not work for service- + interface routes
description:	updated

Revision history for this message

Pramodh D'Souza (psdsouza) wrote on 2018-03-29:

Either the xml configuration provided does not match what you state to be the issue or
somehow the reject action is not pushed as part of the policy, please check and revert back.

Revision history for this message

Shashikiran H (skiranh) wrote on 2018-03-30:

Pasted the wrong policy output. I have corrected it now in the description. I see the RoutinfReject flag in the route seen in control introspect for the vrf, so I doubt policy not being pushed is the issue here.

description:

updated

Revision history for this message

Nikhil Bansal (nikhilb-u) wrote on 2018-04-02:

This is along expected lines. If service-interface route is rejected on left-vn then we don’t reoriginate routes from right also.

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.