In Junos I would do something like this to apply multiple import filters to advertised routes:
import [ nosmallprefixes reject-martians ];
The filters should be pretty self-explanitory. What is the best way to achieve this in Vyos?
In vyos I can only apply one import route-map per neighbor/peer-group. Can I create one route-map for nosmallprefixes, one route-map for reject-martians and then create one route-map that’s applied on import that jumps to those two?
A route-map is a container for matching objects, so in this case you can view the route-map as the square brackets, and the objects within there as your matching objects. In this instance you could use prefix-lists as the matching objects:
set policy prefix-list nosmallprefixes rule 10 action 'permit'
set policy prefix-list nosmallprefixes rule 10 ge '25'
set policy prefix-list nosmallprefixes rule 10 prefix '0.0.0.0/0'
set policy prefix-list reject-martians rule 10 action 'permit'
set policy prefix-list reject-martians rule 10 prefix '0.0.0.0/8'
set policy prefix-list reject-martians rule 20 action 'permit'
set policy prefix-list reject-martians rule 20 prefix '127.0.0.0/8'
set policy prefix-list reject-martians rule n <add additional martians to the list>
set policy route-map from-peer rule 10 action 'deny'
set policy route-map from-peer rule 10 match ip address prefix-list 'reject-martians'
set policy route-map from-peer rule 20 action 'deny'
set policy route-map from-peer rule 20 match ip address prefix-list 'nosmallprefixes'
set policy route-map from-peer rule 1000 action 'permit'
This will evaluate learned routes from a peer, and deny any martians, then it will deny any route that is longer than a /24, and if a route makes it past those rules, then it is accepted.
1 Like