Alcatel Unleashed

Hello Guys,

I would have a prefix list based vrf-export policy question to You. There is the 10.147.0.0/16 prefix in the VPRN routing table, what is received from a locally connected CE router via eBGP. I do not want to advertise only this exact prefix to remote PEs, therefore I have created a prefix-list with this prefix, and a vrf-export policy to reject only this prefix, and advertise all other prefixes via MP-BGP to remote PEs by using "default-action accept" statement.
Unfortunately after applying this policy as a vrf-export the PE does not advertise any prefix to remote PEs.

Can you check my syntax, please?

Thank you so much for your help in advance!

Regards,
Bela

prefix-list "man-vsrx-10-147"
prefix 10.147.0.0/16 exact
exit

policy-statement "vrf-exp-man"
entry 10
from
protocol bgp
prefix-list "man-vsrx-10-147"
exit
to
protocol bgp-vpn
exit
action reject
exit
default-action accept
exit
exit



*A:DGY-CORE-ALU-001>config>service>vprn# info
----------------------------------------------
description "MAN-VRF"
vrf-export "vrf-exp-man"
autonomous-system 65000
route-distinguisher 10.159.0.25:6
auto-bind-tunnel
resolution-filter
ldp
rsvp
exit
resolution filter
exit
vrf-target target:65000:6
interface "LB" create
address 6.6.6.3/32
loopback
exit
.
.
.
.

You could try adding a second entry that matches all but still has "to protocol bgp-vpn" so that what's matched gets redistributed i.e.

You should be using MP-BGP to distribute VPNv4 prefixes for IPv4 prefixes contained within the VPRNs.

configure router bgp group "MP-BGP_PEERS" family vpn-ipv4

After you have an VPN-IPv4 neighborship between the PEs, you can apply your export policy to the group or neighbor. You can also filter that /16 on the CPE itself. If you wanted to deny it on the PE, a quick policy would be:

configure router policy-options
prefix-list "BLOCKED_NETWORKS"
prefix 10.147.0.0/16 exact
policy-statement "FILTER_ROUTES"
entry 1
from prefix-list "BLOCKED_NETWORKS"
from protocol bgp
action reject
default-action accept