Routing
Routing

BGP - Filtering connected +1 AS hop

‎10-22-2017 05:15 PM

Hey all, 

I have a SRX340 in packet mode that I am soon to deploy in a multi-homed BGP setup. With the SRX I don't have enough memory to take two full tables, however I don't want to limit myself to just connected routes or defaults. 

 

We are in ARIN and I have been exploring the idea of filtering for ARIN subnets, but as something simpler to start with I would like to be able to filter for any networks that my provider broadcasts, plus any customers that announce through them. I want to be able to do so even if the provider or their customers are prepending AS numbers. 

 

From what I can tell, there is no mechanism in the regex to say "this as (in any multiple) plus any multiple of the next AS hop"

 

Because of how my two providers are set up, I don't want to stop prepending from forcing me through provider A when the destination is one hop through provider B, even if they prepend. Obviously there are circumstances in which said destination might prepend in advance of maintenance to engineer traffic in over another link, but that is more of a remote situation. 

 

Without maintaining a specific list of next-hop peers for each upstream provider (which would be unreasonable) I can't find a decent way to do it. I know Cisco IOS has something to this effect, am I missing the JunOS version somehow?

 

Thanks

1 REPLY 1
Routing
Solution
Accepted by topic author frontdist
‎10-28-2017 04:40 PM

Re: BGP - Filtering connected +1 AS hop

[ Edited ]
‎10-23-2017 12:29 AM

Hello,

You may find this feature useful

 

policy-statement policy-name {
term term-name {
from {
as-path-unique-count count (equal | orhigher | orlower);

 

 

as-path-unique-count option introduced in Junos OS Release 17.2R1.

https://www.juniper.net/documentation/en_US/junos/topics/reference/configuration-statement/policy-st...

 

 

So, if Your case You could write a policy saying "from as-path-unique-count 2 orlower" and that would accept only 1-hop prefixes (directly-connected ISP and their customers)

Disclaimer - I haven't tested it myself.

HTH

Thx
Alex

_____________________________________________________________________

Please ask Your Juniper account team about Juniper Professional Services offerings.
Juniper PS can design, test & build the network/part of the network as per Your requirements

+++++++++++++++++++++++++++++++++++++++++++++

Accept as Solution = cool !
Accept as Solution+Kudo = You are a Star !