06-Junos BGP and Policy

JUNOS BGP and Policy
JUNOS BGP Basics and Policy

This Presentation will show examples of BGP Policies

covering:

BGP Show Commands

BGP Tracing
Juniper BGP Policy Basics
Import/Export Policies
Route Reflectors
Local Preference
MED
Communities
Next Hop Self
AS Path Regular Expressions
Route-filters
Prefix Lists
Test and View Policies
Juniper Networks, Inc. Copyright 2000 - Proprietary & Confidential
Juniper Default Route Preference

Values
Route Source
direct /local
Static
RSVP
LDP
OSPF internal route
IS-IS Level 1
IS-IS Level 2
Redirects
Generated or aggregate
OSPF AS external routes
BGP
Default Preference
0
5
7
9
10
15
18
30
130
150
170
Cisco Default Administrative Distances

Route Source
Connected interface
Static route
External BGP
EIGRP (internal)
IGRP
OSPF
ISIS
RIP
EGP
EIGRP (external)
Internal BGP
Unknown
Default Preference
0
1
20
90
100
110
115
120
140
170
200
255
BGP Route Selection Process (Juniper)

Can the BGP next-hop (BNH) be reached?

If Yes, proceed
If No, stop processing

Prefer the path with the higher local preference.

Prefer the path with the shorter AS path.
Prefer the path with lower Origin code.
Prefer the path with the lower MED.
Prefer paths learned via EBGP over routes via IBGP
Prefer the path with the lower IGP metric to BGP next-hop
Prefer paths where BNH is resolved in inet.3 over inet.0
Prefer paths where BNH has greater number of equal cost
paths
Prefer paths with the shortest cluster-List length
Prefer the path with lower router ID (RID)
Prefer the path with the lower peer IP address.
BGP Soft configuration

Default
on Juniper
Must be turned on for Cisco
BGP Show Commands
Show BGP Routes

user@host> show route protocol bgp ?
Possible completions:
<[Enter]>
Execute this command
<destination>
Destination prefix and mask information
advertising-protocol
Information transmitted by a particular routing
protocol
aspath-regex
Entries learned via a specific AS path
best
Show longest match
brief
Brief view
community
List of communities to match, including wildcards
damped
Entries that have been suppressed due to route
damping
detail
Detailed view
exact
Show exact match
extensive
Extensive view
inactive
Inactive entries
next-hop
Entries pointing to a particular next hop
output
Entries sending packets out a particular interface
range
Show entire prefix range
receive-protocol
Information learned from a particular routing
protocol
source-gateway
Entries learned from a particular router
table
Entries in a particular routing table
terse
Terse view
BGP Information
Several commands display a wide variety of BGP

information either from the protocol itself or from
BGP routes
user@host> show bgp ?
group
neighbor
summary
Show the BGP group database

Show the BGP neighbor database
Show an overview of the BGP
information
Show BGP Neighbor

user@host> show bgp neighbor
Peer: 11.1.1.2+179 AS 29
Local: 11.1.1.1+1048 AS 29
Type: Internal State: Established
Flags: <>
Last State: OpenConfirm
Last Event: RecvKeepAlive
Last Error: None
Options: <Preference HoldTime>
Holdtime: 90
Preference: 170
Number of flaps: 1
Error: "Cease" Sent: 1 Recv: 0
Peer ID: 11.1.1.2
Local ID: 0.0.0.0
Active Holdtime: 90
NLRI advertised by peer: unicast
NLRI for this session: unicast
Group Bit: 0 Send state: in sync
Table inet.0
Active Prefixes: 0
Received Prefixes: 0
Suppressed due to damping: 0
Table inet.2
Active Prefixes: 0
Received Prefixes: 0
Suppressed due to damping: 0
Last traffic (seconds):
Received 25
Sent 21 Checked 21
Input messages:
Total 4143
Updates 0
Octets 78717
Output messages:
Total 4156
Updates 10
Octets 79303
Output Queue[0]: 0
Output Queue[1]: 0
10
Show BGP Summary

show bgp summary

View basic information about all BGP neighbors
user@host> show bgp summary

Groups: 12
Peers: 26
Peer
131.103.0.2
192.168.1.1
192.168.1.97
192.168.1.100
OutQ Flaps Last Up/Dn

50511
0
18:22:14
0
0
18:22:27
41043
0
18:22:03
17643
0
17:01:18
State|#Act/Recv/Da
47769/50591/0
Active
0/0/0
Active
Number of packets received from the peer.

Number of packets sent to the peer.
OutQ
OutPkt
55263
0
2201
163
OutPkt
InPkt
1225
911
10458
10458
InPkt
AS
45
33
23
432
Unestablished peers: 2
Count of the number of BGP packets that are queued to be transmitted to a particular neighbor. It normally
is 0 because the queue usually is emptied quickly.
Last Up/Down
time since the neighbor transitioned to or from the established state.
11
Show BGP Next Hop

juniper@R1> show route table inet.0 hidden detail
inet.0: 20 destinations, 20 routes (18 active, 0 holddown, 2 hidden)
+ = Active Route, - = Last Active, * = Both
10.1.0.0/32 (1 entry, 0 announced)
BGP
Preference: 170/-101
Next hop type: Unusable
State: <Hidden Int Ext>
Local AS: 65501 Peer AS: 65501
Age: 24:23
Metric2: 0
Task: BGP_65501.192.168.254.4+179
AS path: 65520 I
BGP next hop: 172.16.1.2
Localpref: 100
Router ID: 192.168.254.4
10.2.0.0/32 (1 entry, 0 announced)
BGP
Next hop type: Unusable
State: <Hidden Int Ext>
Local AS: 65501 Peer AS: 65501
Age: 24:23
Metric2: 0
Task: BGP_65501.192.168.254.4+179
AS path: 65520 I
Localpref: 100
Router ID: 192.168.254.4
12
Show BGP Routes

show route receive-protocol bgp

Look at routes received by a peer before policy is

applied
user@host> show route receive-protocol bgp 11.1.1.1

Prefix
Nexthop
MED
Lclpref
AS path
10.0.0.0/8
11.1.1.1
100
I
172.16.0.0/12
11.1.1.1
100
I
show route advertising-protocol bgp

Look at routes being advertised to a specific peer
user@host> show route advertising-protocol bgp 11.1.1.2

Prefix
Nexthop
MED
Lclpref
AS path
10.0.0.0/8
Self
100
I
172.16.0.0/12
Self
100
I
13
Looking at Specific Routes

show route extensive

Look at specific entries in the routing table
user@host> show route 172.16.0.0 extensive

+ = Active Route, - = Last Active, * = Both
172.16.0.0/12 (1 entry, 1 announced)
TSI:
BGP_Sync_Any dest 172.16.0.0/12 MED 0
*BGP
Nexthop: 11.1.1.1 via fxp0.0, selected
State: <Active Int Ext>
Local AS:
29 Peer AS:
29
Age: 1d 9:46:54 Metric2: 0
Task: BGP_29.11.1.1.1+1048
Announcement bits (2): 0-KRT 2-BGP_Sync_Any
AS path: I
Localpref: 100
Router ID: 172.18.1.1
14
BGP Tracing
15
General Tracing
Tracing for each software feature shares similar

configuration
[edit feature-name]
user@host# show
traceoptions {
file filename [replace] [size size] [files number] [no-stamp];
flag flag [flag-modifier] [disable];
}
Each feature allows tracing to only one file
You can trace multiple options (flags) to each file
16
General Tracing
General Flags
allAll tracing operations
generalAll normal operations and routing table changes (combination
of normal and route)
normalAll normal operations
policyRouting policy operations and actions
routeRouting table changes
stateState transitions
taskInterface transactions and processing
timerTimer usage
Modifiers
detailDetailed trace information
receivePackets being received
sendPackets being transmitted
17
BGP Tracing
Configuration parameters for tracing under BGP

[edit protocols bgp]
user@host# show
traceoptions {
file filename [replace] [size size] [files number] [no-stamp];
flag flag [flag-modifier] [disable];
}
18
Trace Flags for BGP

[edit protocols bgp traceoptions]
user@host# set flag ?
all
Trace everything
aspath
Trace aspath regular expression operations
damping
Trace damping operations
general
Trace general events
keepalive
Trace BGP keepalive events
normal
Trace normal events
open
Trace BGP open packets
packets
Trace all BGP protocol packets
policy
Trace policy processing
route
Trace routing information
state
Trace state transitions
task
Trace routing protocol task processing
timer
Trace routing protocol timer processing
update
Trace BGP update packets
19
BGP Tracing Example

[edit protocols]
user@host# show
bgp {
damping;
traceoptions {
file BGP-Events;
flag normal;
}
group external {
type external;
peer-as 54;
neighbor 11.1.1.1 {
traceoptions {
file problem-neighbor;
flag damping detail;
}
}
}
}
20
View Logs and Traces

By default, trace files are stored in /var/log
Viewing stored log files

user@host> show log
total 5778
-rw-r--r-- 1 root
-rw-r--r-- 1 root
-rw-r--r-- 1 root
-rw-r--r-- 1 root
-rw-r--r-- 1 root
-rw-r--r-- 1 root
-rw-r--r-- 1 root
-rw-r--r-- 1 root
-rw-rw-r-- 1 root
-rw-rw-r-- 1 root
-rw-r--r-- 1 root
-rw-r--r-- 1 root
bin
bin
bin
bin
bin
bin
bin
bin
wheel
wheel
bin
bin
1429
17734
9265
486
793495
999987
999956
41217
56056
20519
4095
438
Feb
Feb
Feb
Feb
Feb
Feb
Jan
Feb
Feb
Jan
Feb
Feb
25
17
25
25
25
2
15
25
25
8
25
25
10:11
17:26
10:51
10:11
10:11
09:55
11:35
10:51
10:11
10:18
10:05
10:05
BGP-Events
bgp.log
cli-commands
critical
dcd
dcd.0
dcd.1
general-routing
lastlog
messages
ospf-log
problem-neighbor
21
View Logs and Traces

View a specific log

user@host> show log filename
Example
user@host> show log dcd
Feb 25 10:06:13 Test /kernel: fxp0: link
linktype = 1
Feb 25 10:06:20 Test /kernel: fxp1: bmcr
= 0x1e1,
prtnr = 0x21, expan = 0x0, exten = 0x400
linktype = 1
Feb 25 10:11:10 Test /kernel: fxp0: bmcr
= 0x1e1,
prtnr = 0x21, expan = 0x0, exten = 0x400
[additional information]
down
up, speed = 10000000,
= 0x1000, status = 0x782d, ad
down
up, speed = 10000000,
= 0x1000, status = 0x782d, ad
22
Monitor Traces
Use the monitor CLI command to view real-time log

information
user@host> monitor (start | stop) filenames
Shows new entries in monitored files until canceled
Like Unix tail -f
23
Monitor Example
user@host> monitor start system-log
*** system-log***
Jul
Jul
Jul
Jul
Jul
Jul
Jul
20
20
20
20
20
20
20
15:07:34
15:07:35
15:07:35
15:07:37
15:07:37
15:07:37
15:07:37
hang
hang
hang
hang
hang
hang
hang
sshd[5845]:
sshd[5845]:
sshd[5845]:
sshd[5845]:
sshd[5845]:
sshd[5847]:
sshd[5845]:
log:
log:
log:
log:
log:
log:
log:
Generating 768 bit RSA key.

RSA key generation complete.
Connection from 204.69.248.180 port 912
RSA authentication for root accepted.
ROOT LOGIN as 'root' from snowcone.jimbo.com
executing remote command as root: scp -t /tmp
Closing connection to 14.32.69.5
24
Delete Traces
To stop a tracing operation, delete the trace flag

or disable it
[edit protocols bgp traceoptions]
user@host# delete flag open
25
Establish EBGP and IBGP peers
26
Establish BGP Peers

EBGP Peering
172.1.1.1
172.1.1.2
AS 100
SmallNet
AS 200
BigNet
27
Establish EBGP peers

EBGP Example:
routing-options {
router-id 1.1.1.1;
autonomous-system 100;
}
protocols {
bgp {
group AS200 {
type external;
description "EBGP Peer to BIGNET - AS200";
peer-as 200;
neighbor 172.1.1.2;
}
}
}
28
Establish EBGP peers

EBGP Example:
routing-options {
router-id 2.2.2.2;
}
protocols {
bgp {
group AS100 {
type external;
description "EBGP Peer to SmallNet AS100";
peer-as 100;
neighbor 172.1.1.1;
}
}
}
29
Establish iBGP Peers
AS 100
IBGP Peering
30
Local-address

Address to establish and accept TCP sessions from a peer

Without local-address, the TCP connection is sourced from
the physical interface
Just like Ciscos update-source loopback0
protocols {
bgp {
group InternalPeers {
type internal;
local-address 1.1.1.1;
neighbor 2.2.2.2;
neighbor 3.3.3.3;
neighbor 4.4.4.4;
neighbor 5.5.5.5;
}
}
}
31
Establish IBGP peers

IBGP Example:
routing-options {
router-id 1.1.1.1;
}
protocols {
bgp {
group InternalPeers {
type internal;
neighbor 2.2.2.2;
neighbor 3.3.3.3;
neighbor 4.4.4.4;
neighbor 5.5.5.5;
}
}
}
32
JUNOS BGP Policy Basics
33
When to Apply Policy

You do not want to import all learned routes into

the routing table
You do not want to advertise all learned routes to

neighboring routers
You want one protocol to receive routes from

another protocol (redistribution)
You want to modify information (attributes)

associated with a route
34
JUNOS BGP Route Advertisement

JUNOS
software default BGP

advertisement rules
Active
routes only
All
BGP learned routes (except IBGP rule)

Advertise-inactive knob available
Export
policies needed to
Advertise
static routes
Advertise aggregate routes
Advertise default route
Redistribute other routes to BGP
35
BGP Default Policy

BGP
Import
All
routes learned from BGP neighbors
Export
Transmit
all routes learned from BGP neighbors to all BGP

neighbors
Only active routes can be exported
36
Import vs Export
Import Policy
Apply an import routing policy to control the routes that

the routing protocol process uses to determine active
routes.
Affect routes that BGP receives from a neighbor.
Export Policy
Apply an export routing policy to control the routes that

a BGP advertises to its neighbors.
37
Import vs Export
Neighbors
Neighbors
Import
Routes
Routing
table
Export
Routes
Protocol
Protocol
PFE
Forwarding
table
38
Applying Policy
BGP global filter syntax

protocols {
bgp {
export [ policy-list ];
import [ policy-list ];
}
}
39
Import Policy Use

Example:
protocols {
bgp {
group SomeRegional.ISP {
type external;
multihop;
import customer-routes;
peer-as 500;
neighbor 6.6.6.6;
}
40
Export Policy Use

Example:
protocols {
bgp {
group Internal-Peers {
type internal;
export nexthopself;
neighbor 2.2.2.2;
neighbor 1.1.1.1;
neighbor 9.9.9.9;
41
You can have both Import/Export

protocols {
bgp {
group Some-Customer {
import customer-routes;
export advertise-policy;
type external;
neighbor 2.2.2.2;
neighbor 1.1.1.1;
neighbor 9.9.9.9;
}
42
Configuring Policy

Policies are made up of terms

Terms are made up of match conditions and
actions
Match conditions can be split into from and to
parts
Policy
Term
Term
Match
condition
Action
Match
condition
Action
43
Basic Policy syntax

policy-options {
policy-statement policy-name {
term term-name {
from {
match-conditions;
}
then {
action;
}
}
final-action;
}
}
44
Match Conditions
General
Route metrics
Metric
Preference
Color

Interface name
Neighbor address
Next-hop address
Protocol
bgp,
direct, dvmrp, isis, local, mpls, ospf,

pim-dense, pim-sparse, rip, static, aggregate
45
Match Conditions
Some match conditions are protocol specific
OSPF

IS-IS
Area ID, external type

Tag and tag2 fields
Level number
BGP

Autonomous system path (AS path)

Community name
Local preference
Origin
46
Match Actions
Modify
Metric
(protocol
Preference
(global

specific)
routing preference)
Color
Next-hop address
47
Match Actions
Modify
OSPF
Type
1 or type 2 external link advertisement

Tag and tag2 fields
BGP
Prepend
AS path
Add, delete, or set community
Change route damping parameters
Change local preference value
Change protocol origin
48
Policy Match Actions

Terminate

Flow Control

Accept route
Reject (or suppress) route
Skip to next policy
Skip to next term
Trace
Log the match to a trace file, continue processing

term
49
Policy Match Example

policy-statement advertise-policy {
term advertise {
from community transit;
then next policy;
}
term catch-all {
then reject;
}
50
Policy Terms

Policies contain collections of terms

Terms contain a condition and an action to
apply to each route
Accept
Route
Term
Term
Reject
Accept
...
Reject
Accept
Last
term
Next
policy
Reject
51
Policy Terms
Example:
policy-statement advertise-policy {
term advertise {
from community transit;
then accept;
}
term do-not-advertise {
from community Tier-1;
then reject;
}
term catch-all {
then reject;
}
52
Chained Policies
Policies can be chained together to increase their

effectiveness
Accept
Route
Policy
Policy
Reject
Accept
...
Reject
Accept
Last
policy
Accept
Default
policy
Reject
Reject
53
Chained Policies
Example:
protocols {
bgp {
group Regional.ISP.AS47 {
type external;
multihop;
import [martian-filter long-prefix-filter as-47-filter ];
peer-as 500;
neighbor 6.6.6.6;
Policies are done sequentially.
54
BGP Filtering points

BGP
has three filtering points
Global
Groups
of neighbors
Individual neighbors
Neighbor
policy overrides group and global policies

Group policy overrides global policy
55

protocols {
bgp {
export nexthopself1;
type internal;
neighbor 2.2.2.2;
neighbor 1.1.1.1;
neighbor 9.9.9.9;
}
56

protocols {
bgp {
type internal;
neighbor 2.2.2.2;
neighbor 1.1.1.1;
neighbor 9.9.9.9;
}
57

protocols {
bgp {
type internal;
neighbor 2.2.2.2;
neighbor 1.1.1.1;
neighbor 9.9.9.9;
}
58

protocols {
bgp {
export nexthopself;
type internal;
neighbor 2.2.2.2;
neighbor 1.1.1.1;
export localpref;
neighbor 9.9.9.9;
<< localpref over rides nexthopself
59
Advertising Networks
60
Advertising Networks
A
network that resides within an AS is said

to originate from that network. To inform
other ASs about its networks, the AS
advertises them. BGP provides three ways
for an AS to advertise the networks that it
originates:
Redistributing
Dynamic Routes
Redistributing Static Routes
Redistributing Aggregates
61
Redistributing Dynamic Routes

protocols {
bgp {
group peer-to-someNET {
export redistribute-ospf;
peer-as 9999;
neighbor 23.43.12.16;
}
}
}
policy-options {
policy-statement redistribute-ospf {
from {
protocol ospf;
}
then accept;
}
}
BAD BAD BAD BAD

62
Redistributing Static Routes

This
is the Juniper equivalent of Ciscos

null0 route and network statement
63
Create the static route

routing-options {
static {
route 9.0.0.0/8 discard;
}
}
Reject
Drop packets to destination; send ICMP unreachables
Discard
Drop packets to destination; send no ICMP unreachables
64
Create a policy
policy-options {
policy-statement redistribute-static {
from {
protocol static;
route-filter 9.0.0.0/8 exact;
}
then accept;
}
}
65
Export the policy

protocols {
bgp {
group peer-to-BIGNET {
export redistribute-static;
peer-as 9999;
neighbor 23.43.12.16;
}
}
}
66
The whole config

routing-options {
static {
route 9.0.0.0/8 discard;
}
}
protocols {
bgp {
export redistribute-static;
peer-as 9999;
neighbor 23.43.12.16;
}
}
}
policy-options {
policy-statement redistribute-static {
from {
protocol static;
}
then accept;
}
}
67
Redistributing Aggregate Routes

Route
aggregation allows you to combine

groups of routes with common addresses
into a single entry in the routing table.
This
decreases the size of the routing table

as well as the number of route
advertisements sent by the router.
68

An
aggregate route becomes active when it

has one or more contributing routes.
A
contributing route is an active route that

is a more specific match for the aggregate
destination.
69

routing-options {
aggregate {
route 9.0.0.0/8;
}
}
protocols {
bgp {
export redistribute-aggregates;
peer-as 9999;
neighbor 23.43.12.16;
}
}
}
policy-options {
policy-statement redistribute-aggregates {
from {
protocol aggregate;
}
then accept;
}
}
70
Route Filter
71
Route Filter
To specify route prefixes in policies, include one

or more route-filter options in the from statement
of the policy-statement statement
Multiple route filters in a single term
72
Route Filters
[]
term term-name {
from {
route-filter prefix/prefix-length match-type <actions>;
[]
}
<then actions>;
}
[]
Match type can be

Exact, orlonger, longer, upto, through
Multiple route filters in a single term

Evaluation of route filters has special rules
73
Route Filter Example 1

Create the Policy on the gateway router

policy-options {
policy-statement AS600customer-routes {
term routes-to-accept {
from {
protocol BGP;
}
then accept;
}
term reject-routes {
then reject;
}
Logical
OR
function
74

Apply the policy on the gateway router

protocols {
bgp {
group As600Regional.ISP {
type external;
multihop;
import AS600customer-routes
peer-as 500;
neighbor 6.6.6.6;
75
Route Filter Match Action

term term-name {
from {
route-filter dest-prefix match-type <actions>;
[]
}
then <then actions>;
}
If the route matches the filter and an action is

specified, it takes effect immediately and the
then portion of the term is ignored
If one or more patterns match and no action is
specified, the then portion is executed
76
Route Filter Match Action

term term-name {
from {
[]
Logical
OR
function
}
<then actions>;
}

Multiple filters with similar prefixes match the longest

prefix
Action associated with longest filter is performed
77

Create the Policy on the gateway router

policy-options {
policy-statement AS600customer-routes {
from {
protocol BGP;
route-filter 1.0.0.0/8 exact reject;
}
then accept;
}
then reject;
}
78
Match Typesexact
Exactly match a single prefix and prefix length
term sample {
from route-filter 192.168/16 exact;
then accept;
}
Includes
Excludes
192.168.0.0/16
Everything else
79
Match Typesorlonger

Greater than or equal to

Match a range of routes having the
most-significant bits in common as described by the prefix
length
term sample {
from route-filter 192.168/16 orlonger;
then accept;
}
Includes
192.168.0.0/16
192.168.0.0/17
192.168.4.0/24
Excludes
192.168.12.4/30
192.168.12.128/32
192.0.0.0/8
192.170.0.0/16
192.169.1.0/24
80
Match Typeslonger

most-significant bits in common as described by
the prefix length, except the exact match
Greater than
term sample {
from route-filter 192.168/16 longer;
then accept;
}
Includes
192.168.0.0/17
192.168.4.0/24
Excludes
192.168.12.4/30
192.168.12.128/32
192.0.0.0/8
192.170.0.0/16
192.169.1.0/24
192.168.0.0/16
81
Match Typesupto

most-significant bits in common as described by the first
prefix length, but not exceeding the second prefix length
term sample {
from route-filter 192.168/16 upto /24;
then accept;
}
Includes
Excludes
192.168.0.0/16
192.168.0.0/17
192.168.4.0/24
192.0.0.0/8
192.169.1.0/24
192.170.0.0/16
192.168.5.4/30
192.168.12.128/32
82
Match Typesthrough
Match a contiguous set of routes from the first

prefix-prefix length pair to the second
prefix-prefix length pair
Not used very oftencovers a corner case

term sample {
from route-filter 192.168/16 through 192.168.16/20;
then accept;
}
Includes
192.168.0.0/16
192.168.0.0/17
192.168.0.0/18
Excludes
192.168.0.0/19
192.168.16.0/20
192.168.128.0/17 192.168.0.0/20
192.168.192.0/18
192.168.224.0/19
83

This policy will reject routes with a destination prefix of 0.0.0.0

and a mask length from 0 through 8, and accept all other routes:
[edit]
policy-options {
policy-statement from-hall2 {
term 1 {
from {
route-filter 0.0.0.0/0 upto 0.0.0.0/8 reject;
}
}
then accept;
84

Reject all unwanted routes (Martians):

policy-options {
policy-statement reject-unwanted-routes
term drop-bogus-routes {
from {
route-filter 0/0 exact;
route-filter 127/8 orlonger;
route-filter 172.16/12 orlonger;
}
then reject;
# Default
# Loopbacks
# Reserved A block
# Reserved B block
# Reserved C block
# Multicast
# IANA reserved-2
85
Prefix List
86
Prefix List
You can define and name a set of IP address

prefixes and use them in the configuration for
routing policy statements and firewall filters.
Note: Per-prefix policy actions cannot be applied

to individual prefixes in the list or to the collection
of prefixes in the list. It is all or nothing.
87
Prefix List Example

Create the named prefix list

[edit policy-options]
prefix-list ISP1-acceptable-routes {
1.0.0.0/8;
2.0.0.0/8;
3.0.0.0/8;
}
88
Prefix List Example

Use the named prefix list in a policy

policy-statement customer-routes {
from {
prefix-list ISP1-acceptable-routes;
}
then accept;
}
then reject;
}
then next policy;
89
Route Reflectors
90
BGP Route Reflection (example)

Route Reflection
Non-client
peers
Route
Reflector
Clients
Route
Reflector
Clients
Route
Reflectors
Cluster
1.1.1.1
IBGP Peering
Cluster
2.2.2.2
91
BGP Route Reflection (example)

protocols {
bgp {
export static-to-bgp;
group ibgp {
type internal;
peer-as 100;
neighbor 5.5.5.5;
}
group rrcluster {
type internal;
cluster 192.128.1.1;
peer-as 100;
neighbor 1.1.1.1;
neighbor 3.3.3.3;
<<< indicates that local router is a reflector

for this cluster
<<< define list of client neighbors
<<< in this cluster
}
}
92
no-client-reflect
Non-client
peers
Route
Reflector
Non-client
peers
Clients are fully

Meshed IBGP
Route
Reflector
Clients
Route
Reflector
Clients
Cluster
1.1.1.1
Route
Reflector
Clients
IBGP Peering
93
no-client-reflect
protocols {
bgp {
export static-to-bgp;
group ibgp {
type internal;
peer-as 100;
neighbor 5.5.5.5;
}
group rrcluster {
type internal;
no-client-reflect;
cluster 192.128.1.1;
peer-as 100;
neighbor 1.1.1.1;
neighbor 3.3.3.3;
}
}
94
95

Test how policies respond to individual prefixes
Not all match conditions are supported

Generally useful for matching route

filter-style policies
to protocol xxx cannot be evaluated and always
passes
Default protocol policies are not evaluated
96

Given the policy

policy-options {
policy-statement lab-routes {
from {
route-filter default exact reject;
route-filter 10.0.0.0/8 orlonger accept;
route-filter 192.0.2.0/24 orlonger accept;
}
then reject;
}
}
Test it against all routes in table

user@host# run test policy lab-routes 0.0.0.0/0
Test it against a specific route

user@host# run test policy lab-routes 10.49.0.0/16
97

Use the show policy command to view each

policy
user@host> show policy
Configured policies:
lab-routes
user@host> show policy lab-routes
Policy lab-routes:
from
0.0.0.0/0 reject
10.0.0.0/8 orlonger accept
192.0.2.0/24 orlonger accept
then reject
user@host>
98
Thank you!

06-Junos BGP and Policy

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

06-Junos BGP and Policy

Uploaded by

Copyright:

Available Formats

JUNOS BGP and Policy

JUNOS BGP Basics and Policy

This Presentation will show examples of BGP Policies

BGP Show Commands

Juniper Networks, Inc. Copyright 2000 - Proprietary & Confidential

Juniper Default Route Preference

Juniper Networks, Inc. Copyright 2000 - Proprietary & Confidential

Cisco Default Administrative Distances

Juniper Networks, Inc. Copyright 2000 - Proprietary & Confidential

BGP Route Selection Process (Juniper)

Can the BGP next-hop (BNH) be reached?

Prefer the path with the higher local preference.

BGP Soft configuration

Juniper Networks, Inc. Copyright 2000 - Proprietary & Confidential

BGP Show Commands

Juniper Networks, Inc. Copyright 2000 - Proprietary & Confidential

Show BGP Routes

Juniper Networks, Inc. Copyright 2000 - Proprietary & Confidential

Several commands display a wide variety of BGP

Show the BGP group database

Juniper Networks, Inc. Copyright 2000 - Proprietary & Confidential

Show BGP Neighbor

Juniper Networks, Inc. Copyright 2000 - Proprietary & Confidential

Show BGP Summary

show bgp summary

View basic information about all BGP neighbors

user@host> show bgp summary

OutQ Flaps Last Up/Dn

Number of packets received from the peer.

time since the neighbor transitioned to or from the established state.

Juniper Networks, Inc. Copyright 2000 - Proprietary & Confidential

Show BGP Next Hop

Juniper Networks, Inc. Copyright 2000 - Proprietary & Confidential

Show BGP Routes

show route receive-protocol bgp

Look at routes received by a peer before policy is

user@host> show route receive-protocol bgp 11.1.1.1

show route advertising-protocol bgp

Look at routes being advertised to a specific peer

user@host> show route advertising-protocol bgp 11.1.1.2

Juniper Networks, Inc. Copyright 2000 - Proprietary & Confidential

Looking at Specific Routes

show route extensive

Look at specific entries in the routing table

user@host> show route 172.16.0.0 extensive

Juniper Networks, Inc. Copyright 2000 - Proprietary & Confidential

Juniper Networks, Inc. Copyright 2000 - Proprietary & Confidential

Tracing for each software feature shares similar

Each feature allows tracing to only one file

You can trace multiple options (flags) to each file

Juniper Networks, Inc. Copyright 2000 - Proprietary & Confidential

Juniper Networks, Inc. Copyright 2000 - Proprietary & Confidential

Configuration parameters for tracing under BGP

Juniper Networks, Inc. Copyright 2000 - Proprietary & Confidential

Trace Flags for BGP

Juniper Networks, Inc. Copyright 2000 - Proprietary & Confidential

BGP Tracing Example

Juniper Networks, Inc. Copyright 2000 - Proprietary & Confidential

View Logs and Traces

By default, trace files are stored in /var/log

Viewing stored log files

Juniper Networks, Inc. Copyright 2000 - Proprietary & Confidential

View Logs and Traces