Routing

Hello!

Can someone tell me how to separate routes that I want to advertise only to a specific customer?

Let say i have a BGP peering with organistion A, and a customer on my network which must be able to reach that network.

No other customer traffic can be allowed to pass over that dirrect peering.

How can I separate the routing so I could advertise routes from organisation A only to that customer?

The customer doesen't have an AS number.

All of the customers are reaching the router over interface xe-0/0/0.0.

Can I put a filter on that interface for a this specific customers address range?

Can I accomplish this with routing instances?

If so, which would be the best?

Thank You!

Hi Tihana18,

Not sure if I have understood it corrrectly, but  I hope below may help you to achieve the required seperation.

Let's say xe-1/1/1 is connected to Org A.

Then define a routing-instance to have a seperate RIB for all the route coming from Org A.

Also add a static route within this routing-instance for the "specific customer" pointing towards the default "inet.0" table. In below "10.8.1.2" is the "specific customer" route (assuming all the packets coming from this customer is sourced with 10.8.1.2 else this needs to be modified accordingly).

xe-1/1/1 {
    description "Interface connected to Org A";
    unit 0 {
        family inet {
            address 20.8.1.1/30;
        }
    }
}

show routing-instances
Org_A {
    instance-type virtual-router;
    interface ge-1/0/2.0;
    routing-options {
        static {
            route 10.8.1.2/32 next-table inet.0;
        }
    }
    protocols {
        bgp {
            group OrgA_Peer {
                export Cus_A_Route;
                neighbor 20.8.1.2 {
                    peer-as 200;
                    local-as 100;
                }
            }
        }
    }
}

show policy-options
policy-statement Cus_A_Route {
    term a {
        from {
            route-filter 10.8.1.2/32 exact;
        }
        then accept;
    }

Then on the interface that is connected towards the customers, include a firewall filter which will be direct the incoming packets from "specific customer" and destined to Org_A (10.10.10.10) towards Org_A RIB.

xe-0/0/0 {
    description "Interface connected to customer";
    unit 0 {
        family inet {
            filter {
                input Cus_A_to_Org_A;
            }
            address 10.8.1.1/24;
        }
    }
}


show firewall
family inet {
    filter Cus_A_to_Org_A {
        term a {
            from {
                source-address {
                    10.8.1.2/32;
                }
                destination-address {
                    10.10.10.10/32;
                }
            }
            then {
                routing-instance Org_A;
            }
        }
        term b {
            then accept;
        }
    }
}

Regards

Surya

Thank You very much, this was very helpfull.

I just have two questions...

1) You've put interface ge-1/0/2.0 into the routing instance, shouldn't it rather be interface xe-1/1/1 that connects to Org A?

Org_A {
    instance-type virtual-router;
    interface ge-1/0/2.0;
    routing-options {
        static {
            route 10.8.1.2/32 next-table inet.0;
        }
   }

2) Could You please explain what is the difference between virtual router and vrf type routing instances?

Thank You!

Hi,

1. Yes that's correct. The interface ge-1/0/2 should be xe-1/1/1 and that was a typo.

2. I hope below URL would help you in differentiating between VRF and Virtual-Router.

https://www.juniper.net/documentation/en_US/junos14.2/topics/usage-guidelines/vpns-configuring-virtual-router-routing-instances-in-vpns.html

Regards

Surya