Routing

Hello,

Currently I'm running a multihome BGP setup with a stacked EX4200 chassi.

The BGP sessions and such are working fine and I'm able to send null-route advertisements to one of the peers already. This peer used a basic EBGP session and is working fine. However the other peer is requesting an AS-SET for automatic filtering which then can be use to null by tagging with the community value xxx:yyy.

However I'm at a loss seen to finding documentation and configuration examples in the available juniper resource.

From reading on the cisco counterparts I'm under the impression to aggregate the advertised networks should be sufficient?

The below networks are being advertised:

policy-options {

prefix-list export-prefixes {

        a.a.a.a/24;

        b.b.b.b/24;

    }

routing-options {

    static {

        route a.a.a.a/24 discard;

        route b.b.b.b/24 discard;

    }

aggregate {

        route a.a.a.a/24;

        route b.b.b.b/24;

    }

The current BGP group:

protocols {
bgp {
local-as MyAS;

group Provider-Black {

type external;

            local-address x.x.x.x;

            import import_policy;

            authentication-key ## SECRET-DATA

            export export_policy;

            peer-as remoteAS;

            local-as MyAS;

            neighbor y.y.y.y;

}}}

Policy statements:

policy-statement export_policy {

        term BGP-ANNOUNCE {

            from {

                prefix-list export-prefixes;

            }

            then accept;

        }

        term default_block {

            then reject;

        }

    }

    policy-statement import_policy {

        term ACCEPT {

            then accept;

        }

    }

Changes:

So I'm guessing that I need to create a policy-statement as per below:

set policy-options policy-statement aggregate-route from protocol direct

set policy-options policy-statement aggregate-route from route-filter a.a.a.a/23 exact

set policy-options policy-statement aggregate-route then accept

Then I'll have to change the aggregated route from the split /24 to /23

Then I'll have to update my export rules for this session:

set policy-options policy-statement export-route from protocol aggregate

set policy-options policy-statement export-route from route-filter a.a.a.a/23 exact

set policy-options policy-statement export-route then accept

Finally update the BGP session details:

set group Provider-Black export export-route

Can anyone please confirm the above and state what information I need to relay to the provider? 

They are asking for the "AS-SET" which I believe should be simply the aggregated route a.a.a.a/23?

I would appreciate any help you could provide as I'm somewhat lost at this point seen to the above.

you can do something like below:

routing-options {

      static {

            route 10.10.0.21/32 {
                 next-hop 10.10.0.21;
                 retain;
                 community 65534:666;

             }

       }

}

policy-options {

      policy-statement BLACKHOLE-OUT {
        term blackhole {
            from community LAB-BLACKHOLE;
            then {
                community set LAB-BLACKHOLE;
                next-hop self;
                accept;
            }
        }
        term default {
            then reject;
        }

      community LAB-BLACKHOLE members 65534:666;

}

protocols {
bgp {
local-as MyAS;

group Provider-Black {

type external;

            local-address x.x.x.x;

            import import_policy;

            authentication-key ## SECRET-DATA

            export [ export_policy BLACKHOLE-OUT ] ;

            peer-as remoteAS;

            local-as MyAS;

            neighbor y.y.y.y;

}}}

Hope this helps you a bit

Did this help you ?

Hello MarcTB,

Unforunately not, the switch refuses to advertise the announcement, the provider has configured their end to match on communty yyy:xxx which I've defined in the same way your configuration example showed.

Show route gives this output:

s.s.s.s/32 *[Static/5] 00:11:16

> to s.s.s.s via vlan.300

I've also tried to adjust the policy statement as per below but it's still not getting announced.

policy-statement export_Null {
term com-null {
from {
route-filter s.s.s.s/32 exact;
}
then {
community set Null;
next-hop self;
accept;
}}
term default {
then reject;
}}

However my advertisement works for the other provider, that doesn't involve communities though, so I believe that might be the issue.

I do appreciate your help and effort very much.

It has nothing to do with communities I think something in the config, can you attach the complete config ?

Hello Marc,

I've attached the config, "Uplink2" is working fine seen to both advertisements, "Uplink1" however doesn't export the community advertisement correctly.

Thank you for looking into this !

Attachment(s)

config.txt   5 KB 1 version

Hi,

You need to use  you own as to tag it as community,

you now have this

route z.z.z.z/32 {
			next-hop z.z.z.z;
			retain;
			community RemoteAS1:999;



This should be

route z.z.z.z/32 {
			next-hop z.z.z.z;
			retain;
			community MYAS:999;

You community should look like this
community Uplink1Null members MyAS:999;

I would change my policy to something like this

policy-statement export_policy {
        term BGP-ANNOUNCE {
            from {
                prefix-list export-prefixes;
            }
            then accept;
        }

 term NULL-ANNOUNCE {
            from {
                community Uplink1Null;
            }
            then {
			community set Uplink1Null;
			next-hop self;
			accept;
			}

 term default_block { then reject; } }

Hello MarcTB,

Thank you for the directions, I ended up with a simply prefix filter that then tagged the advertisement with the providiers community string. I'm not sure why that didn't work initially might have been related to separate export policies as I concatenated them in my 2nd attempt. 

Nonetheless, thank you for taking your time with all this feedback!