Differences

This shows you the differences between two versions of the page.

--- juniper:bgp [2009/02/04 18:39]
a
+++ juniper:bgp [2009/05/25 00:35]
@@ Line 1: / Line 1: @@
-====== BGP on Juniper (JunOS) ======
-http://www.juniper.net/techpubs/software/nog/nog-mpls/html/config-mpls12.html
-http://www.space.net/~gert/RIPE/ipv6-filters.html
-See also:
-   * {{juniper:junos-bgp-template.pdf|JunOS Secure BGP Template v1.92}}
-   * [[http://www.cymru.com/Documents/secure-bgp-template.html|Cisco Secure BGP Template]]
-   * [[http://www.qorbit.net/documents/junos-template.htm|JunOS Secure Template]]
-   * [[http://www.juniper.net/techcenter/app_note/350001.html|Minimizing the Effects of DoS Attacks]]
-===== Powerful BGP commands =====
-What do we advertice to our neighbor
-   show route advertising-protocol bgp <IP>
-What do we get from our neighbor
-  show route receive-protocol bgp <IP>
-===== Exporting =====
-  policy-statement foobar-export {
-     term foobar {
-       from {
-          route-filter x.x.x.0/24 exact accept;
-       }
-     }
-    term rest {
-       then reject;
-    }
-  }
-**Remember, that you need to have something in the routing table**!
-  routing-options:
-   static {
-     route x.x.x.0/24 discard metric 100;
-     ...
-   }
-   protocol {
-     bgp {
-      group uplink {
-        type external;
-        description foobar_uplink;
-        export foobar-export;
-        neighbor x.x.x.x {
-            peer-as <ASNUM>;
-       }
-     }
-   }
-**Remember to also filter the import or your can be flooded**
-===== Redistribute routes =====
-Lets say you have set some dynamic routing (RIP,OSPF,BGP,IS-IS..) and you want to redistribute routes into them.
-==== redistribute connected ====
-<code>
-set policy-options policy-statement Connected
-    term connected {
-        from protocol direct;
-        then accept;
-}
-</code>
-==== redistribute static ====
-<code>
-set policy-options policy-statement Static
-    term static {
-        from protocol static;
-        then accept;
-}
-</code>
-==== redistribute local ====
-<code>
-set policy-options policy-statement Local
-    term local {
-        from protocol local;
-        then accept;
-}
-</code>
-reject anything else
-<code>
-term else {
-    then reject
-}
-</code>
-And all the policy will look like:
-<code>
-policy-statement distribute-routes
-    term connected {
-        from protocol direct;
-        then accept;
-    }
-    term static {
-        from protocol static;
-        then accept;
-    }
-    term local {
-        from protocol local;
-        then accept;
-    }
-    term else {
-        then reject
-    }
-</code>
-It looks easy I guess..but what if you want to redistribute ospf routes?
-==== redistribute ospf routes ====
-If you are using OSPF for IGP and BGP as a EGP and you want to export ospf routes to BGP peers then you have to create a policy for that. Something like :
-<code>
-policy-statement ospf-routes {
-    term 1 {
-        from {
-            protocol ospf;
-            area 0.0.0.0;
-        }
-        then accept;
-    }
-    term 2 {
-        then reject;
-    }
-}
-</code>
-==== send default route to bgp peer ====
-**Lets assume you want to send to send to a BGP peer 0.0.0.0/0 (default route).**
-First you need to have a route for 0.0.0.0/0 before you can export it to a peer. I guess this is the difference between the Juniper and Cisco configs, Cisco provides you a shortcut with the 'default-originate' keyword which does it all in one step. If you don't have a route for 0.0.0.0/0 defined somewhere that is at least part of the problem.
-\\
-**First we generate the default route (if you dont have one yet) :**
-<code>
-routing-options {
-    generate {
-        route 0.0.0.0/0 discard;
-    }
-}
-</code>
-then we create a policy for 0/0 :
-<code>
-policy-options {
-    policy-statement default-originate {
-        from {
-            route-filter 0.0.0.0/0 exact;
-        }
-        then accept;
-    }
-}
-</code>
-A simple BGP neighbour will have smthing like:
-<code>
-neighbor aaa.bbb.ccc.ddd {
-    export default-originate;
-}
-</code>