Routing

My dear brothers,

 

Please pardon my limited knowledge as I’m new in Juniper Network. I’m building a multihomed BGP network with following diagram. Kindly note that I want to announce prefix from Router-A. Requesting my expert brothers to kindly look into my configuration and see if the configurations are okay or not.

 

God Bless You All

 

Regards,

Tanjim

 

 

AS: 100                                                                 AS100

Router-A <=======================> Router-B

      |                                                                                |

      |                                                                                |

      |                                                                                |

EBGP Peer-1 (AS200)                                      EBGP Peer-2 (AS300)

 

I have Router-A and Router-B in my network which are IBGP peers. Both routers have in turn EBGP peers. I want to announce prefix from Router-A towards its EBGP ISP-1 peer and towards Router-B. Router-B will only advertise announced prefix learned from Router-A, and announce it to its EBGP peer (ISP-2).

 

Router-A Configuration

====================

 

routing-options {                      

    aggregate {

        route 192.168.78.0/24;

    }

    autonomous-system 100;

}

 

policy-options {

    policy-statement prefix_to_announce {

        term find-aggregate {

           from protocol aggregate;

           then accept;

        }

    }

    policy-statement import_nothing {

        term t1 {

            from {

                route-filter 0.0.0.0/0 exact;

            }

            then accept;

        }

        term t2 {

            then reject;

        }

    }

}

 

protocols {

    bgp {

        group IBGP_Peer_To_Router_B {

            type internal;

            peer-as 100;

            local-address 10.11.12.1;

            neighbor 10.11.12.2;

            import import_nothing;

            export prefix_to_announce;           

        }

        group EBGP_Peer_To_ISP1 {

            type external;

            local-address 172.16.23.2;

            import import_nothing;

            export prefix_to_announce;

            peer-as 200;

            local-as 100;

            neighbor 172.16.23.1;

        }

    }

 

Router-B Configuration

====================

routing-options {                      

    autonomous-system 100;

}

 

policy-options {

    policy-statement prefix_to_announce {

        term find-aggregate {

           from protocol aggregate;

           then accept;

        }

    }

    policy-statement import_nothing {

        term t1 {

            from {

                route-filter 0.0.0.0/0 exact;

            }

            then accept;

        }

        term t2 {

            then reject;

        }

    }

}

 

protocols {

    bgp {

        group IBGP_Peer_To_RouterA {

            type internal;

            peer-as 100;

            local-address 10.11.12.2;

            neighbor 10.11.12.1;

            import import_nothing;

            export prefix_to_announce;           

        }

        group EBGP_Peer_To_ISP2 {

            type external;

            local-address 172.23.23.2;

            import import_nothing;

            export prefix_to_announce;

            peer-as 300;

            local-as 100;

            neighbor 172.23.23.1;

        }

    }

}

Hi zeead.tanjim,

 

Looking at the config for Router B, I see a issue where you are accepting only default route from Router A and everything else is rejected. This means that the aggregate route "192.168.78.0/24" advertized by Router A is not accepted by Router B.

 

protocols {

    bgp {

        group IBGP_Peer_To_RouterA {

            type internal;

            peer-as 100;

            local-address 10.11.12.2;

            neighbor 10.11.12.1;

            import import_nothing;

            export prefix_to_announce;           

        }

 

 

    policy-statement import_nothing {

 

        term t1 {

 

            from {

 

                route-filter 0.0.0.0/0 exact;

 

            }

 

            then accept;

 

        }

 

        term t2 {

 

            then reject;

 

        }

 

    }

 

You do have multiple options, but the easiest way is to allow this prefix in the policy-statement in Router B as below:

 

 

    policy-statement import_nothing {
        term t1 {
            from {
                route-filter 0.0.0.0/0 exact;
            }
            then accept;
        }
        term allow_agg_from_A {
            from {
                route-filter 192.168.78.0/24 exact;
            }
            then accept;
        }
        term t2 {
            then reject;
        }
    }

 

Regards

Surya

 

 

Hi Surya,

 

Thank you so very much for pointing out the blooper 🙂 God Bless you my brother! I needed the solution very badly. Thanks again.

 

Anyway, my main goal is that whenever I need to announce new prefix out to all EBGP peers, I'll announce it from Router-A. Router-B shall automatically learn the new prefix being induced in Router-A and announce it out to its EBGP peers. In that case, how about the following (flipping the export/import policies): kindly advice ...

 

protocols {

    bgp {

        group IBGP_Peer_To_RouterA {

            type internal;

            peer-as 100;

            local-address 10.11.12.2;

            neighbor 10.11.12.1;

            import prefix_to_announce;

            export import_nothing;           

        }

        group EBGP_Peer_To_ISP2 {

            type external;

            local-address 172.23.23.2;

            import import_nothing;

            export prefix_to_announce;

            peer-as 300;

            local-as 100;

            neighbor 172.23.23.1;

        }

    }

}

 

policy-options {

    policy-statement prefix_to_announce {

        term find-aggregate {

           from protocol aggregate;

           then accept;

        }

    }

    policy-statement import_nothing {

        term t1 {

            from {

                route-filter 0.0.0.0/0 exact;

            }

            then accept;

        }

        term t2 {

            then reject;

        }

    }

}

Hi,

 

Before I could provide the further inputs, I would like to know

 

> How does Router B learns the new prefix? Would it learn through iBGP session with router A or any other way?

 

Regards

Surya

Hi Suriya,

 

Yes... Router-B would learn new prefix through IBGP session with Router-A. When Router-B needs to advertise new prefix out to its connected EBGP peer, I'll announce that prefix from Router-A to Router B. Router B should learn it via IBGP session without any manual entry within Router-B.

 

Thanks again.

 

Regards,

Zeead

Hi,

 

Thanks. Since Router-B learns the new prefix through iBGP session with Router-A, by default it will advertise this route to eBGP. And same is true vice-versa. Hence you don't need explicit "export" policy on Router-B. I have modified the configs to make use of community to tag the new prefixes. This way you have more control and incremental add new prefiex by changing the policy only on Router A.

 

Router-A Configuration
======================
routing-options {                      
    aggregate {
        route 192.168.78.0/24;
    }
    autonomous-system 100;
}

policy-options {
    policy-statement PREFIX_ANNOUNCE {
        term aggregate {
            from protocol aggregate;
            then {
                community add RTRA;
                accept;
            }
        }
    }
    policy-statement DEFAULT_ROUTE_FROM_eBGP {
        term accept_default {
            from {
                route-filter 0.0.0.0/0 exact;
            }
            then accept;
        }
        term reject_everything {
            then reject;
        }
    }
    policy-statement DEFAULT_ROUTE_FROM_RTRB {
        term accept_default {
            from {
                route-filter 0.0.0.0/0 exact;
            }
            then accept;
        }
        term reject_everything {
            then reject;
        }
    }
    community RTRA members 100:1;
}

 

protocols {
    bgp {
        group IBGP_Peer_To_Router_B {
            type internal;
            peer-as 100;
            local-address 10.11.12.1;
            neighbor 10.11.12.2;
            import DEFAULT_ROUTE_FROM_RTRB;
            export PREFIX_ANNOUNCE;           
        }
        group EBGP_Peer_To_ISP1 {
            type external;
            local-address 172.16.23.2;
            import DEFAULT_ROUTE_FROM_eBGP;
            export PREFIX_ANNOUNCE;
            peer-as 200;
            local-as 100;
            neighbor 172.16.23.1;
        }
    }


Router-B Configuration
====================
routing-options {                      
    autonomous-system 100;
}

policy-options {
    policy-statement DEFAULT_ROUTE_FROM_eBGP {
        term accept_default {
            from {
                route-filter 0.0.0.0/0 exact;
            }
            then accept;
        }
        term reject_everything {
            then reject;
        }
    }
    policy-statement DEFAULT_ROUTE_FROM_RTRA {
        term accept_default {
            from {
                route-filter 0.0.0.0/0 exact;
            }
            then accept;
        }
        term accept_with_rtra_comm {
            from {
                community RTRA;
            }
            then accept;
        }
        term reject_everything {
            then reject;
        }
    }
    community RTRA members 100:1;
}


protocols {
    bgp {
        group IBGP_Peer_To_RouterA {
            type internal;
            peer-as 100;
            local-address 10.11.12.2;
            neighbor 10.11.12.1;
            import DEFAULT_ROUTE_FROM_RTRA;
        }
        group EBGP_Peer_To_ISP2 {
            type external;
            local-address 172.23.23.2;
            import DEFAULT_ROUTE_FROM_eBGP;
            peer-as 300;
            local-as 100;
            neighbor 172.23.23.1;
        }
    }
}

 

 

Regards

Surya

Dear Surya,

 

Thank you so very much. Thank you for taking time to provide solution to my problem.

GOD BLESS YOU MY FRIEND!!

 

Regards,

Tanjim