Differences

This shows you the differences between two versions of the page.

--- juniper:bgp [2006/08/21 12:21]
a Juniper
+++ juniper:bgp [2009/05/25 00:35] (current)
@@ Line 10: / Line 10: @@
    * [[http://www.qorbit.net/documents/junos-template.htm|JunOS Secure Template]]
    * [[http://www.juniper.net/techcenter/app_note/350001.html|Minimizing the Effects of DoS Attacks]]
+===== Powerful BGP commands =====
+What do we advertice to our neighbor
+   show route advertising-protocol bgp <IP>
+What do we get from our neighbor
+  show route receive-protocol bgp <IP>
+===== Exporting =====
+  policy-statement foobar-export {
+     term foobar {
+       from {
+          route-filter x.x.x.0/24 exact accept;
+       }
+     }
+    term rest {
+       then reject;
+    }
+  }
+**Remember, that you need to have something in the routing table**!
+  routing-options:
+   static {
+     route x.x.x.0/24 discard metric 100;
+     ...
+   }
+   protocol {
+     bgp {
+      group uplink {
+        type external;
+        description foobar_uplink;
+        export foobar-export;
+        neighbor x.x.x.x {
+            peer-as <ASNUM>;
+       }
+     }
+   }
+**Remember to also filter the import or your can be flooded**
+===== Redistribute routes =====
+Lets say you have set some dynamic routing (RIP,OSPF,BGP,IS-IS..) and you want to redistribute routes into them.
+==== redistribute connected ====
+<code>
+set policy-options policy-statement Connected
+    term connected {
+        from protocol direct;
+        then accept;
+}
+</code>
+==== redistribute static ====
+<code>
+set policy-options policy-statement Static
+    term static {
+        from protocol static;
+        then accept;
+}
+</code>
+==== redistribute local ====
+<code>
+set policy-options policy-statement Local
+    term local {
+        from protocol local;
+        then accept;
+}
+</code>
+reject anything else
+<code>
+term else {
+    then reject
+}
+</code>
+And all the policy will look like:
+<code>
+policy-statement distribute-routes
+    term connected {
+        from protocol direct;
+        then accept;
+    }
+    term static {
+        from protocol static;
+        then accept;
+    }
+    term local {
+        from protocol local;
+        then accept;
+    }
+    term else {
+        then reject
+    }
+</code>
+It looks easy I guess..but what if you want to redistribute ospf routes?
+==== redistribute ospf routes ====
+If you are using OSPF for IGP and BGP as a EGP and you want to export ospf routes to BGP peers then you have to create a policy for that. Something like :
+<code>
+policy-statement ospf-routes {
+    term 1 {
+        from {
+            protocol ospf;
+            area 0.0.0.0;
+        }
+        then accept;
+    }
+    term 2 {
+        then reject;
+    }
+}
+</code>
+==== send default route to bgp peer ====
+**Lets assume you want to send to send to a BGP peer 0.0.0.0/0 (default route).**
+First you need to have a route for 0.0.0.0/0 before you can export it to a peer. I guess this is the difference between the Juniper and Cisco configs, Cisco provides you a shortcut with the 'default-originate' keyword which does it all in one step. If you don't have a route for 0.0.0.0/0 defined somewhere that is at least part of the problem.
+\\
+**First we generate the default route (if you dont have one yet) :**
+<code>
+routing-options {
+    generate {
+        route 0.0.0.0/0 discard;
+    }
+}
+</code>
+then we create a policy for 0/0 :
+<code>
+policy-options {
+    policy-statement default-originate {
+        from {
+            route-filter 0.0.0.0/0 exact;
+        }
+        then accept;
+    }
+}
+</code>
+A simple BGP neighbour will have smthing like:
+<code>
+neighbor aaa.bbb.ccc.ddd {
+    export default-originate;
+}
+</code>