====== BGP on Juniper (JunOS) ====== http://www.juniper.net/techpubs/software/nog/nog-mpls/html/config-mpls12.html http://www.space.net/~gert/RIPE/ipv6-filters.html See also: * {{juniper:junos-bgp-template.pdf|JunOS Secure BGP Template v1.92}} * [[http://www.cymru.com/Documents/secure-bgp-template.html|Cisco Secure BGP Template]] * [[http://www.qorbit.net/documents/junos-template.htm|JunOS Secure Template]] * [[http://www.juniper.net/techcenter/app_note/350001.html|Minimizing the Effects of DoS Attacks]] ===== Powerful BGP commands ===== What do we advertice to our neighbor show route advertising-protocol bgp What do we get from our neighbor show route receive-protocol bgp ===== Exporting ===== policy-statement foobar-export { term foobar { from { route-filter x.x.x.0/24 exact accept; } } term rest { then reject; } } **Remember, that you need to have something in the routing table**! routing-options: static { route x.x.x.0/24 discard metric 100; ... } protocol { bgp { group uplink { type external; description foobar_uplink; export foobar-export; neighbor x.x.x.x { peer-as ; } } } **Remember to also filter the import or your can be flooded** ===== Redistribute routes ===== Lets say you have set some dynamic routing (RIP,OSPF,BGP,IS-IS..) and you want to redistribute routes into them. ==== redistribute connected ==== set policy-options policy-statement Connected term connected { from protocol direct; then accept; } ==== redistribute static ==== set policy-options policy-statement Static term static { from protocol static; then accept; } ==== redistribute local ==== set policy-options policy-statement Local term local { from protocol local; then accept; } reject anything else term else { then reject } And all the policy will look like: policy-statement distribute-routes term connected { from protocol direct; then accept; } term static { from protocol static; then accept; } term local { from protocol local; then accept; } term else { then reject } It looks easy I guess..but what if you want to redistribute ospf routes? ==== redistribute ospf routes ==== If you are using OSPF for IGP and BGP as a EGP and you want to export ospf routes to BGP peers then you have to create a policy for that. Something like : policy-statement ospf-routes { term 1 { from { protocol ospf; area 0.0.0.0; } then accept; } term 2 { then reject; } } ==== send default route to bgp peer ==== **Lets assume you want to send to send to a BGP peer 0.0.0.0/0 (default route).** First you need to have a route for 0.0.0.0/0 before you can export it to a peer. I guess this is the difference between the Juniper and Cisco configs, Cisco provides you a shortcut with the 'default-originate' keyword which does it all in one step. If you don't have a route for 0.0.0.0/0 defined somewhere that is at least part of the problem. \\ **First we generate the default route (if you dont have one yet) :** routing-options { generate { route 0.0.0.0/0 discard; } } then we create a policy for 0/0 : policy-options { policy-statement default-originate { from { route-filter 0.0.0.0/0 exact; } then accept; } } A simple BGP neighbour will have smthing like: neighbor aaa.bbb.ccc.ddd { export default-originate; }