The inetflow route is being hidden under BGP. This BGP route (inet unicast flow) is received and hidden, when the route-filter policy is configured. This occurs when used with no-validate, as shown below. With only flow-test, the routes are active:
root@MX480-6-RE-0# show protocols bgp group internal-test
type internal;
local-address 1.1.1.1;
family inet {
unicast;
flow {
no-validate flow-test;
}
}
neighbor 50.50.50.50;
You need to make the hidden routes as active by using the no-validate command:
(M7i)----iBGP---(MX480)
root@MX480-6-RE-0# show protocols bgp group internal-test
type internal;
local-address 1.1.1.1;
family inet {
unicast;
flow {
no-validate flow-test;
}
}
neighbor 50.50.50.50;
root@MX480-6-RE-0# show policy-options policy-statement flow-test
term 1 {
from {
protocol bgp;
community COMMUNITY_FLOWROUTE_INOC_ALL;
route-filter 11.11.11.11/0 exact;
}
then accept;
}
term 3 {
then reject;
}
community COMMUNITY_FLOWROUTE_INOC_ALL members 100:1
[edit]
[edit]
root@MX480-6-RE-0# run show bgp summary
Groups: 7 Peers: 12 Down peers: 11
Table Tot Paths Act Paths Suppressed History Damp State Pending
inet.0 2 1 0 0 0 0
bgp.l3vpn.0 0 0 0 0 0 0
inetflow.0 1 0 0 0 0 0
Peer AS InPkt OutPkt OutQ Flaps Last Up/Dwn State|#Active/Received/Accepted/Damped...
50.50.50.50 100 200 197 0 0 1:27:47 Establ
inet.0: 1/2/2/0
inetflow.0: 0/1/0/0 < Flow route is hidden route
root@MX480-6-RE-0# run show route protocol bgp hidden extensive
.....
inetflow.0: 1 destinations, 1 routes (0 active, 0 holddown, 1 hidden)
*,11.11.11.11,proto=17,dstport=53/term:N/A (1 entry, 0 announced)
BGP /-101
Next hop type: Fictitious
Address: 0x8d47f84
Next-hop reference count: 1
State: <Hidden Int Ext>
Local AS: 100 Peer AS: 100
Age: 1:29:07
Task: BGP_100.50.50.50.50+179
AS path: I
AS path: Recorded
Communities: 100:1 traffic-rate:0:0
Validation state: Reject, Originator: 50.50.50.50
Via: 0.0.0.0/0, Active
Localpref: 100
Router ID: 50.50.50.50
[edit]
root@MX480-6-RE-0# run show route table inetflow.0 hidden extensive
inetflow.0: 1 destinations, 1 routes (0 active, 0 holddown, 1 hidden)
*,11.11.11.11,proto=17,dstport=53/term:N/A (1 entry, 0 announced)
BGP /-101
Next hop type: Fictitious
Address: 0x8d47f84
Next-hop reference count: 1
State: <Hidden Int Ext>
Local AS: 100 Peer AS: 100
Age: 1:33:45
Task: BGP_100.50.50.50.50+179
AS path: I
AS path: Recorded
Communities: 100:1 traffic-rate:0:0
Validation state: Reject, Originator: 50.50.50.50
Via: 0.0.0.0/0, Active
Localpref: 100
Router ID: 50.50.50.50
[edit]
From the M7i device:
[edit]
lab# show protocols bgp
group internal-test {
type internal;
local-address 50.50.50.50;
family inet {
unicast;
flow;
}
export static;
neighbor 1.1.1.1;
}
[edit]
lab# show routing-options
static {
route 0.0.0.0/0 next-hop 10.209.75.254;
route 11.11.11.11/32 next-hop 172.16.1.1;
}
autonomous-system 100;
flow {
route TEST {
match {
source 11.11.11.11/32;
protocol udp;
destination-port 53;
}
then {
community COMMUNITY_FLOWROUTE_INOC_ALL;
discard;
}
}
}
[edit]
lab# run show bgp summary
Groups: 1 Peers: 1 Down peers: 0
Table Tot Paths Act Paths Suppressed History Damp State Pending
inet.0 0 0 0 0 0 0
inetflow.0 0 0 0 0 0 0
Peer AS InPkt OutPkt OutQ Flaps Last Up/Dwn State|#Active/Received/Accepted/Damped...
1.1.1.1 100 208 209 0 1 1:32:09 Establ
inet.0: 0/0/0/0
inetflow.0: 0/0/0/0
[edit]
lab# show policy-options policy-statement static
term 1 {
from protocol static;
then {
next-hop self;
accept;
}
}
[edit]
lab# run show route table inetflow.0 extensive
inetflow.0: 1 destinations, 1 routes (1 active, 0 holddown, 0 hidden)
*,11.11.11.11,proto=17,dstport=53/term:1 (1 entry, 1 announced)
TSI:
KRT in dfwd;
Action(s): discard,count
Page 0 idx 0 Type 1 val 8f88a9c
Nexthop: Self
Localpref: 100
AS path: [100] I
Communities: 100:1 traffic-rate:0:0
Path *,11.11.11.11,proto=17,dstport=53 Vector len 4. Val: 0
*Flow Preference: 5
Next hop type: Fictitious
Address: 0x8d3b224
Next-hop reference count: 1
State: <Active>
Local AS: 100
Age: 1:46:19
Task: RT Flow
Announcement bits (2): 0-Flow 1-BGP RT Background
AS path: I
Communities: 100:1 traffic-rate:0:0
[edit]
You have to use source-address-filter, instead of route-filter. You have to change the policy configuration, as 11.11.11.11 is the source address in the inetflow route. After these changes are made, the route will be active.
lab@MX480-6-RE-0# show policy-options policy-statement flow-test
term 1 {
from {
protocol bgp;
community COMMUNITY_FLOWROUTE_INOC_ALL;
source-address-filter 11.11.11.11/32 exact;
}
then accept;
}
term 3 {
then reject;
}
lab@MX480-6-RE-0> show route table inetflow.0
inetflow.0: 1 destinations, 1 routes (1 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
*,11.11.11.11,proto=17,dstport=53/term:1
*[BGP/170] 06:35:38, localpref 100, from 50.50.50.50
AS path: I
Fictitious
lab@MX480-6-RE-0> show route table inetflow.0 extensive
inetflow.0: 1 destinations, 1 routes (1 active, 0 holddown, 0 hidden)
*,11.11.11.11,proto=17,dstport=53/term:1 (1 entry, 1 announced)
TSI:
KRT in dfwd;
Action(s): discard,count
*BGP Preference: 170/-101
Next hop type: Fictitious
Address: 0x8d47f84
Next-hop reference count: 1
State: <Active Int Ext>
Local AS: 100 Peer AS: 100
Age: 16:09:03
Task: BGP_100.50.50.50.50+56810
Announcement bits (1): 0-Flow
AS path: I
AS path: Recorded
Communities: 100:1 traffic-rate:0:0
Accepted
Localpref: 100
Router ID: 50.50.50.50