Recent Posts

Wednesday, September 10, 2025

Automatic AS prepending with BGP communities on JunOS

  September 10, 2025    

 The purpose of this lab is to show how Juniper policy-options can be used to automatically increase AS path length based on community tags attached to routes sent over BGP.

BGP AS path length is one option commonly used to determine the best path to a route on the Internet. The AS path length can also be used to influence how traffic is returned when a specific path is required.

In the diagram below, we see the network 10.103.0.0/16 is announced to 2 upstream providers. From the Internet's perspective there are 2 equal cost return paths. To avoid returning through LogicalSystem-2, we can increase the length of the AS path through this hop. BGP will select the route with the shortest hop count, eliminating LogicalSystem-2 as a viable router.

Shorter AS path is preferred

In this lab there are 2 routers LogicalSystem-1 and LogicalSystem-2. There is no router-3 as seen in the diagram above:

juniper lab overview

Details

Juniper Config

We are going to configure LogicalSystem-1 to tag 3 static routes with different community strings. The community strings have the following meaning:

  • 65001:0 = Prepend origin AS 1 times
  • 65002:0 = Prepend origin AS 2 times
  • 65003:0 = Prepend origin AS 3 times

When LogicalSystem-2 receives BGP routes tagged with these community strings, a routing policy will automatically prepend the origin AS as noted by the community string.

LogicalSystem-1

Add a community tag to each of the static routes configured on LogicalSystem-1:

set logical-systems LogicalSystem-1 routing-options static route 10.101.0.0/16 community 65001:0
set logical-systems LogicalSystem-1 routing-options static route 10.102.0.0/16 community 65002:0
set logical-systems LogicalSystem-1 routing-options static route 10.103.0.0/16 community 65003:0

LogicalSystem-2

Create a routing policy on LogicalSystem-2 which looks for the trigger community tag. Then prepend the appropriate number of origin AS numbers:

set logical-systems LogicalSystem-2 policy-options policy-statement automatic-prepend term 1 from protocol bgp
set logical-systems LogicalSystem-2 policy-options policy-statement automatic-prepend term 1 from community prepend-1
set logical-systems LogicalSystem-2 policy-options policy-statement automatic-prepend term 1 then as-path-expand last-as count 1
set logical-systems LogicalSystem-2 policy-options policy-statement automatic-prepend term 2 from protocol bgp
set logical-systems LogicalSystem-2 policy-options policy-statement automatic-prepend term 2 from community prepend-2
set logical-systems LogicalSystem-2 policy-options policy-statement automatic-prepend term 2 then as-path-expand last-as count 2
set logical-systems LogicalSystem-2 policy-options policy-statement automatic-prepend term 3 from protocol bgp
set logical-systems LogicalSystem-2 policy-options policy-statement automatic-prepend term 3 from community prepend-3
set logical-systems LogicalSystem-2 policy-options policy-statement automatic-prepend term 3 then as-path-expand last-as count 3

In order to match a community string, a policy-option must be created:

set logical-systems LogicalSystem-2 policy-options community prepend-1 members 65001:0
set logical-systems LogicalSystem-2 policy-options community prepend-2 members 65002:0
set logical-systems LogicalSystem-2 policy-options community prepend-3 members 65003:0

Finally, apply the routing policy to the BGP import policy:

set logical-systems LogicalSystem-2 protocols bgp group remote-peers-group-a import automatic-prepend

Validate Automatic Prepending

Before prepending, we see all routes learned from LogicalSystem-1 are a single hop away:

jemurray@LogicalSystem-1> show route logical-system LogicalSystem-2

inet.0: 14 destinations, 14 routes (14 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

10.100.0.0/16      *[BGP/170] 00:18:19, localpref 100
                      AS path: 64512 I, validation-state: unverified
                    >  to 192.168.99.0 via lt-0/0/0.201
10.101.0.0/16      *[BGP/170] 00:18:19, localpref 100
                      AS path: 64512 I, validation-state: unverified
                    >  to 192.168.99.0 via lt-0/0/0.201
10.102.0.0/16      *[BGP/170] 00:18:19, localpref 100
                      AS path: 64512 I, validation-state: unverified
                    >  to 192.168.99.0 via lt-0/0/0.201
10.103.0.0/16      *[BGP/170] 00:18:19, localpref 100
                      AS path: 64512 I, validation-state: unverified
                    >  to 192.168.99.0 via lt-0/0/0.201
10.104.0.0/16      *[BGP/170] 00:18:19, localpref 100
                      AS path: 64512 I, validation-state: unverified
                    >  to 192.168.99.0 via lt-0/0/0.201
10.105.0.0/16      *[BGP/170] 00:00:37, localpref 100
                      AS path: 64512 I, validation-state: unverified
                    >  to 192.168.99.0 via lt-0/0/0.201

After the automatic prepending routing policy is applied, route 101 has an AS path length of 2, 102 has an AS path length of 3, and 103 has an AS path length of 4:

jemurray@LogicalSystem-1> show route logical-system LogicalSystem-2

inet.0: 14 destinations, 14 routes (14 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

10.100.0.0/16      *[BGP/170] 00:20:28, localpref 100
                      AS path: 64512 I, validation-state: unverified
                    >  to 192.168.99.0 via lt-0/0/0.201
10.101.0.0/16      *[BGP/170] 00:00:11, localpref 100
                      AS path: 64512 64512 I, validation-state: unverified
                    >  to 192.168.99.0 via lt-0/0/0.201
10.102.0.0/16      *[BGP/170] 00:00:11, localpref 100
                      AS path: 64512 64512 64512 I, validation-state: unverified
                    >  to 192.168.99.0 via lt-0/0/0.201
10.103.0.0/16      *[BGP/170] 00:00:11, localpref 100
                      AS path: 64512 64512 64512 64512 I, validation-state: unverified
                    >  to 192.168.99.0 via lt-0/0/0.201
10.104.0.0/16      *[BGP/170] 00:20:28, localpref 100
                      AS path: 64512 I, validation-state: unverified
                    >  to 192.168.99.0 via lt-0/0/0.201
10.105.0.0/16      *[BGP/170] 00:02:46, localpref 100
                      AS path: 64512 I, validation-state: unverified
                    >  to 192.168.99.0 via lt-0/0/0.201

Displaying the more detailed route information shows the AS path and the community strings associated with the route:

jemurray@LogicalSystem-1> show route 10.103.0.0 detail logical-system LogicalSystem-2

inet.0: 14 destinations, 14 routes (14 active, 0 holddown, 0 hidden)
10.103.0.0/16 (1 entry, 1 announced)
        *BGP    Preference: 170/-101
                Next hop type: Router, Next hop index: 684
                Address: 0xc0f1848
                Next-hop reference count: 12
                Source: 192.168.99.0
                Next hop: 192.168.99.0 via lt-0/0/0.201, selected
                Session Id: 0x147
                State: <Active Ext>
                Local AS: 64513 Peer AS: 64512
                Age: 9:47
                Validation State: unverified
                Task: BGP_64512.192.168.99.0
                Announcement bits (1): 1-KRT
                AS path: 64512 64512 64512 64512 I
                Communities: 65003:0
                Accepted
                Localpref: 100
                Router ID: 192.168.99.0

Appendix: Full Configs

Many of these configurations are built off of previous labs. There may be extra parts not relevant to the examples above.

LogicalSystem-1 full router config:

jemurray@juniper-1> show configuration logical-systems LogicalSystem-1 | display set
set logical-systems LogicalSystem-1 interfaces lt-0/0/0 unit 101 description "LogicalSystem-2 P2P Interface"
set logical-systems LogicalSystem-1 interfaces lt-0/0/0 unit 101 encapsulation ethernet
set logical-systems LogicalSystem-1 interfaces lt-0/0/0 unit 101 peer-unit 201
set logical-systems LogicalSystem-1 interfaces lt-0/0/0 unit 101 family inet address 192.168.99.0/31
set logical-systems LogicalSystem-1 protocols bgp group remote-peers-group-b type external
set logical-systems LogicalSystem-1 protocols bgp group remote-peers-group-b export export-local-prefixes
set logical-systems LogicalSystem-1 protocols bgp group remote-peers-group-b neighbor 192.168.99.1 import import-prefixes_192.168.99.1
set logical-systems LogicalSystem-1 protocols bgp group remote-peers-group-b neighbor 192.168.99.1 peer-as 64513
set logical-systems LogicalSystem-1 policy-options prefix-list local-prefixes 10.100.0.0/16
set logical-systems LogicalSystem-1 policy-options prefix-list local-prefixes 10.101.0.0/16
set logical-systems LogicalSystem-1 policy-options prefix-list local-prefixes 10.102.0.0/16
set logical-systems LogicalSystem-1 policy-options prefix-list local-prefixes 10.103.0.0/16
set logical-systems LogicalSystem-1 policy-options prefix-list local-prefixes 10.104.0.0/16
set logical-systems LogicalSystem-1 policy-options prefix-list local-prefixes 10.105.0.0/16
set logical-systems LogicalSystem-1 policy-options prefix-list import-prefixes_192.168.99.1 10.200.0.0/16
set logical-systems LogicalSystem-1 policy-options prefix-list import-prefixes_192.168.99.1 10.201.0.0/16
set logical-systems LogicalSystem-1 policy-options policy-statement export-local-prefixes term 1 from prefix-list local-prefixes
set logical-systems LogicalSystem-1 policy-options policy-statement export-local-prefixes term 1 then accept
set logical-systems LogicalSystem-1 policy-options policy-statement import-prefixes_192.168.99.1 term 1 from protocol bgp
set logical-systems LogicalSystem-1 policy-options policy-statement import-prefixes_192.168.99.1 term 1 from prefix-list import-prefixes_192.168.99.1
set logical-systems LogicalSystem-1 policy-options policy-statement import-prefixes_192.168.99.1 term 1 then accept
set logical-systems LogicalSystem-1 policy-options policy-statement import-prefixes_192.168.99.1 term 2 then reject
set logical-systems LogicalSystem-1 routing-options static route 10.100.0.0/16 discard
set logical-systems LogicalSystem-1 routing-options static route 10.101.0.0/16 discard
set logical-systems LogicalSystem-1 routing-options static route 10.101.0.0/16 community 65001:0
set logical-systems LogicalSystem-1 routing-options static route 10.102.0.0/16 discard
set logical-systems LogicalSystem-1 routing-options static route 10.102.0.0/16 community 65002:0
set logical-systems LogicalSystem-1 routing-options static route 10.103.0.0/16 discard
set logical-systems LogicalSystem-1 routing-options static route 10.103.0.0/16 community 65003:0
set logical-systems LogicalSystem-1 routing-options static route 10.104.0.0/16 discard
set logical-systems LogicalSystem-1 routing-options static route 10.105.0.0/16 discard
set logical-systems LogicalSystem-1 routing-options autonomous-system 64512

LogicalSystem-2 full router config

jemurray@juniper-1> show configuration logical-systems LogicalSystem-2 | display set
set logical-systems LogicalSystem-2 interfaces lt-0/0/0 unit 201 description "LogicalSystem-1 P2P Interface"
set logical-systems LogicalSystem-2 interfaces lt-0/0/0 unit 201 encapsulation ethernet
set logical-systems LogicalSystem-2 interfaces lt-0/0/0 unit 201 peer-unit 101
set logical-systems LogicalSystem-2 interfaces lt-0/0/0 unit 201 family inet address 192.168.99.1/31
set logical-systems LogicalSystem-2 protocols bgp group remote-peers-group-a type external
set logical-systems LogicalSystem-2 protocols bgp group remote-peers-group-a import automatic-prepend
set logical-systems LogicalSystem-2 protocols bgp group remote-peers-group-a export export-local-prefixes
set logical-systems LogicalSystem-2 protocols bgp group remote-peers-group-a neighbor 192.168.99.0 peer-as 64512
set logical-systems LogicalSystem-2 policy-options prefix-list local-prefixes 10.200.0.0/16
set logical-systems LogicalSystem-2 policy-options prefix-list local-prefixes 10.201.0.0/16
set logical-systems LogicalSystem-2 policy-options prefix-list local-prefixes 10.202.0.0/16
set logical-systems LogicalSystem-2 policy-options prefix-list local-prefixes 10.203.0.0/16
set logical-systems LogicalSystem-2 policy-options prefix-list local-prefixes 10.204.0.0/16
set logical-systems LogicalSystem-2 policy-options prefix-list local-prefixes 10.205.0.0/16
set logical-systems LogicalSystem-2 policy-options policy-statement automatic-prepend term 1 from protocol bgp
set logical-systems LogicalSystem-2 policy-options policy-statement automatic-prepend term 1 from community prepend-1
set logical-systems LogicalSystem-2 policy-options policy-statement automatic-prepend term 1 then as-path-expand last-as count 1
set logical-systems LogicalSystem-2 policy-options policy-statement automatic-prepend term 2 from protocol bgp
set logical-systems LogicalSystem-2 policy-options policy-statement automatic-prepend term 2 from community prepend-2
set logical-systems LogicalSystem-2 policy-options policy-statement automatic-prepend term 2 then as-path-expand last-as count 2
set logical-systems LogicalSystem-2 policy-options policy-statement automatic-prepend term 3 from protocol bgp
set logical-systems LogicalSystem-2 policy-options policy-statement automatic-prepend term 3 from community prepend-3
set logical-systems LogicalSystem-2 policy-options policy-statement automatic-prepend term 3 then as-path-expand last-as count 3
set logical-systems LogicalSystem-2 policy-options policy-statement export-local-prefixes term 1 from prefix-list local-prefixes
set logical-systems LogicalSystem-2 policy-options policy-statement export-local-prefixes term 1 then accept
set logical-systems LogicalSystem-2 policy-options community prepend-1 members 65001:0
set logical-systems LogicalSystem-2 policy-options community prepend-2 members 65002:0
set logical-systems LogicalSystem-2 policy-options community prepend-3 members 65003:0
set logical-systems LogicalSystem-2 routing-options static route 10.200.0.0/16 discard
set logical-systems LogicalSystem-2 routing-options static route 10.201.0.0/16 discard
set logical-systems LogicalSystem-2 routing-options static route 10.202.0.0/16 discard
set logical-systems LogicalSystem-2 routing-options static route 10.203.0.0/16 discard
set logical-systems LogicalSystem-2 routing-options static route 10.204.0.0/16 discard
set logical-systems LogicalSystem-2 routing-options static route 10.205.0.0/16 discard
set logical-systems LogicalSystem-2 routing-options autonomous-system 64513

  

  No Comments

BGP prefix filtering on a Juniper vMX within logical systems

  September 10, 2025    

 Expanding on yesterday’s BGP Peering configuration. Today we enable basic BGP prefix filtering.

juniper bgp route filtering

Exchanging routes on the Internet through BGP requires a fair bit of trust in the downstream organization to only send routes they are authoritative for. Without proper filtering, anyone could announce Googles 8.8.8.0/24 route and potentially redirect this critical DNS traffic back to a rogue location.

For a service provider, it is critical to deny all inbound prefixes and only allow those which are properly authorized to do so. Proper LoAs and routing registries are necessary to validate subnet ownerships.

Once ownership is confirmed, proper filtering needs to take place. Below is a basic BGP filter configuration to deny all prefixes and only allow subnets properly authorized by the BGP neighbor.

Details

Imported routes before BGP prefix filtering:

jemurray@juniper-1# run show route receive-protocol bgp 192.168.99.1 logical-system LogicalSystem-1

inet.0: 14 destinations, 14 routes (14 active, 0 holddown, 0 hidden)
  Prefix		  Nexthop	       MED     Lclpref    AS path
* 10.200.0.0/16           192.168.99.1                            64513 I
* 10.201.0.0/16           192.168.99.1                            64513 I
* 10.202.0.0/16           192.168.99.1                            64513 I
* 10.203.0.0/16           192.168.99.1                            64513 I
* 10.204.0.0/16           192.168.99.1                            64513 I
* 10.205.0.0/16           192.168.99.1                            64513 I

inet6.0: 1 destinations, 1 routes (1 active, 0 holddown, 0 hidden)

The filter configuration which is built off of yesterday’s basic BGP lab:

# Apply the import filter to a specific BGP neighbor
set logical-systems LogicalSystem-1 protocols bgp group remote-peers-group-b neighbor 192.168.99.1 import import-prefixes_192.168.99.1

# Create a prefix list of allowed routes to be imported
set logical-systems LogicalSystem-1 policy-options prefix-list import-prefixes_192.168.99.1 10.200.0.0/16
set logical-systems LogicalSystem-1 policy-options prefix-list import-prefixes_192.168.99.1 10.201.0.0/16

# Deny all routes by default, then allow prefixes from the prefix list
set logical-systems LogicalSystem-1 policy-options policy-statement import-prefixes_192.168.99.1 term 1 from protocol bgp
set logical-systems LogicalSystem-1 policy-options policy-statement import-prefixes_192.168.99.1 term 1 from prefix-list import-prefixes_192.168.99.1
set logical-systems LogicalSystem-1 policy-options policy-statement import-prefixes_192.168.99.1 term 1 then accept
# The default reject (this is very important)
set logical-systems LogicalSystem-1 policy-options policy-statement import-prefixes_192.168.99.1 term 2 then reject

Configuration diff from yesterday’s lab:

jemurray@juniper-1# show | compare
[edit logical-systems LogicalSystem-1 protocols bgp group remote-peers-group-b neighbor 192.168.99.1]
+      import import-prefixes_192.168.99.1;
[edit logical-systems LogicalSystem-1 policy-options]
     prefix-list local-prefixes { ... }
+    prefix-list import-prefixes_192.168.99.1 {
+        10.200.0.0/16;
+        10.201.0.0/16;
+    }
[edit logical-systems LogicalSystem-1 policy-options]
+    policy-statement import-prefixes_192.168.99.1 {
+        term 1 {
+            from {
+                protocol bgp;
+                prefix-list import-prefixes_192.168.99.1;
+            }
+            then accept;
+        }
+        term 2 {
+            then reject;
+        }
+    }

Imported routes after the filter. In this example LogicalSystem-2 is sending many more routes then received:

jemurray@juniper-1# run show route receive-protocol bgp 192.168.99.1 logical-system LogicalSystem-1

inet.0: 14 destinations, 14 routes (10 active, 0 holddown, 4 hidden)
  Prefix		  Nexthop	       MED     Lclpref    AS path
* 10.200.0.0/16           192.168.99.1                            64513 I
* 10.201.0.0/16           192.168.99.1                            64513 I

inet6.0: 1 destinations, 1 routes (1 active, 0 holddown, 0 hidden)

We can verify there are more routes being sent then allowed through the filters. If your downstream customers are sending rogue routes, it may be worth having a conversation with them. It could be a misconfiguration or possibly nefarious intent.

jemurray@juniper-1> show route receive-protocol bgp 192.168.99.1 hidden logical-system LogicalSystem-1

inet.0: 14 destinations, 14 routes (10 active, 0 holddown, 4 hidden)
  Prefix		  Nexthop	       MED     Lclpref    AS path
  10.202.0.0/16           192.168.99.1                            64513 I
  10.203.0.0/16           192.168.99.1                            64513 I
  10.204.0.0/16           192.168.99.1                            64513 I
  10.205.0.0/16           192.168.99.1                            64513 I

Appendix

Full router configuration:

jemurray@juniper-1> show configuration | except encrypted-password
## Last commit: 2020-10-06 10:38:02 UTC by jemurray
version 20190829.221548_builder.r1052644;
system {
    host-name juniper-1;
    root-authentication {
    }
    login {
        user jemurray {
            uid 2000;
            class super-user;
            authentication {
            }
        }
    }
    services {
        ssh;
    }
    syslog {
        user * {
            any emergency;
        }
        file messages {
            any notice;
            authorization info;
        }
        file interactive-commands {
            interactive-commands any;
        }
    }
    processes {
        dhcp-service {
            traceoptions {
                file dhcp_logfile size 10m;
                level all;
                flag packet;
            }
        }
    }
}
logical-systems {
    LogicalSystem-1 {
        interfaces {
            lt-0/0/0 {
                unit 101 {
                    description "LogicalSystem-2 P2P Interface";
                    encapsulation ethernet;
                    peer-unit 201;
                    family inet {
                        address 192.168.99.0/31;
                    }
                }
            }
        }
        protocols {
            bgp {
                group remote-peers-group-b {
                    type external;
                    export export-local-prefixes;
                    neighbor 192.168.99.1 {
                        import import-prefixes_192.168.99.1;
                        peer-as 64513;
                    }
                }
            }
        }
        policy-options {
            prefix-list local-prefixes {
                10.100.0.0/16;
                10.101.0.0/16;
                10.102.0.0/16;
                10.103.0.0/16;
                10.104.0.0/16;
                10.105.0.0/16;
            }
            prefix-list import-prefixes_192.168.99.1 {
                10.200.0.0/16;
                10.201.0.0/16;
            }
            policy-statement export-local-prefixes {
                term 1 {
                    from {
                        prefix-list local-prefixes;
                    }
                    then accept;
                }
            }
            policy-statement import-prefixes_192.168.99.1 {
                term 1 {
                    from {
                        protocol bgp;
                        prefix-list import-prefixes_192.168.99.1;
                    }
                    then accept;
                }
                term 2 {
                    then reject;
                }
            }
        }
        routing-options {
            static {
                route 10.100.0.0/16 discard;
                route 10.101.0.0/16 discard;
                route 10.102.0.0/16 discard;
                route 10.103.0.0/16 discard;
                route 10.104.0.0/16 discard;
                route 10.105.0.0/16 discard;
            }
            autonomous-system 64512;
        }
    }
    LogicalSystem-2 {
        interfaces {
            lt-0/0/0 {
                unit 201 {
                    description "LogicalSystem-1 P2P Interface";
                    encapsulation ethernet;
                    peer-unit 101;
                    family inet {
                        address 192.168.99.1/31;
                    }
                }
            }
        }
        protocols {
            bgp {
                group remote-peers-group-a {
                    type external;
                    export export-local-prefixes;
                    neighbor 192.168.99.0 {
                        peer-as 64512;
                    }
                }
            }
        }
        policy-options {
            prefix-list local-prefixes {
                10.200.0.0/16;
                10.201.0.0/16;
                10.202.0.0/16;
                10.203.0.0/16;
                10.204.0.0/16;
                10.205.0.0/16;
            }
            policy-statement export-local-prefixes {
                term 1 {
                    from {
                        prefix-list local-prefixes;
                    }
                    then accept;
                }
            }
        }
        routing-options {
            static {
                route 10.200.0.0/16 discard;
                route 10.201.0.0/16 discard;
                route 10.202.0.0/16 discard;
                route 10.203.0.0/16 discard;
                route 10.204.0.0/16 discard;
                route 10.205.0.0/16 discard;
            }
            autonomous-system 64513;
        }
    }
}
chassis {
    fpc 0 {
        pic 0 {
            tunnel-services {
                bandwidth 10g;
            }
        }
    }
}
interfaces {
    ge-0/0/1 {
        unit 0 {
            family inet {
                dhcp;
            }
        }
    }
    fxp0 {
        unit 0 {
            family inet {
                dhcp {
                    vendor-id Juniper-vmx-VM5F52E462F8;
                }
            }
        }
    }
}

  

  No Comments

Basic BGP configuration with Juniper logical systems

  September 10, 2025    

 In this example, we provide the basic configuration for two Juniper vMX logical systems to exchange 6 eBGP routes with each other.

BGP Network Topology

Each major area of configuration is detailed with inline comments (#).

The Configuration

Create the logical systems point-to-point interfaces:

# Logical System 1
# Each interface in a logical system needs a unique unit ID
set logical-systems LogicalSystem-1 interfaces lt-0/0/0 unit 101 description "LogicalSystem-2 P2P Interface"
set logical-systems LogicalSystem-1 interfaces lt-0/0/0 unit 101 encapsulation ethernet
# The unit ID is used to connect the logical tunnel interfaces
set logical-systems LogicalSystem-1 interfaces lt-0/0/0 unit 101 peer-unit 201
# A /31 is used to conserve IP space (yes, you can use .0 as a valid interface)
set logical-systems LogicalSystem-1 interfaces lt-0/0/0 unit 101 family inet address 192.168.99.0/31

# Logical System 2
set logical-systems LogicalSystem-2 interfaces lt-0/0/0 unit 201 description "LogicalSystem-1 P2P Interface"
set logical-systems LogicalSystem-2 interfaces lt-0/0/0 unit 201 encapsulation ethernet
set logical-systems LogicalSystem-2 interfaces lt-0/0/0 unit 201 peer-unit 101
set logical-systems LogicalSystem-2 interfaces lt-0/0/0 unit 201 family inet address 192.168.99.1/31

Create basic BGP peering:

# Logical System 1
# Create BGP groups when reusing common BGP configuration
# Create an external BGP relationship
set logical-systems LogicalSystem-1 protocols bgp group remote-peers-group-b type external
# Export ONLY the prefixes specified in the prefix-list.  This statement is REQUIRED, otherwise BGP won't export any routes.
set logical-systems LogicalSystem-1 protocols bgp group remote-peers-group-b export export-local-prefixes
# Establish a connection to the neighbor 
set logical-systems LogicalSystem-1 protocols bgp group remote-peers-group-b neighbor 192.168.99.1 peer-as 64513
# Our local ASN
set logical-systems LogicalSystem-1 routing-options autonomous-system 64512

# Logical System 2
set logical-systems LogicalSystem-2 protocols bgp group remote-peers-group-a type external
set logical-systems LogicalSystem-2 protocols bgp group remote-peers-group-a export export-local-prefixes
set logical-systems LogicalSystem-2 protocols bgp group remote-peers-group-a neighbor 192.168.99.0 peer-as 64512
set logical-systems LogicalSystem-2 routing-options autonomous-system 64513

Create static anchor routes. BGP requires a valid route in the FIB (routing table) to export routes to a neighbor.

# Logical System 1
# It is best practice to install BGP routes that won't flap if 
# interfaces or routers go up and down.  This is accomplished 
# by creating static routes to the discard device.  These types 
# of routes are known as anchor routes.  Create static route 
# for every network to be exported by BGP.
set logical-systems LogicalSystem-1 routing-options static route 10.100.0.0/16 discard
set logical-systems LogicalSystem-1 routing-options static route 10.101.0.0/16 discard
set logical-systems LogicalSystem-1 routing-options static route 10.102.0.0/16 discard
set logical-systems LogicalSystem-1 routing-options static route 10.103.0.0/16 discard
set logical-systems LogicalSystem-1 routing-options static route 10.104.0.0/16 discard
set logical-systems LogicalSystem-1 routing-options static route 10.105.0.0/16 discard

# Logical System 2
set logical-systems LogicalSystem-2 routing-options static route 10.200.0.0/16 discard
set logical-systems LogicalSystem-2 routing-options static route 10.201.0.0/16 discard
set logical-systems LogicalSystem-2 routing-options static route 10.202.0.0/16 discard
set logical-systems LogicalSystem-2 routing-options static route 10.203.0.0/16 discard
set logical-systems LogicalSystem-2 routing-options static route 10.204.0.0/16 discard
set logical-systems LogicalSystem-2 routing-options static route 10.205.0.0/16 discard

Routes are not sent to neighbors automatically, they must be explicitly specified and match an entry in the FIB. This is why static anchor routes are configured.

Create the export policy used to tell BGP what routes need to be sent.

# Logical System 1
# This is the prefix list attached to the export policy statement.
# It is best practice to create a prefix list that can be reused in 
# multiple places if necessary.
set logical-systems LogicalSystem-1 policy-options prefix-list local-prefixes 10.100.0.0/16
set logical-systems LogicalSystem-1 policy-options prefix-list local-prefixes 10.101.0.0/16
set logical-systems LogicalSystem-1 policy-options prefix-list local-prefixes 10.102.0.0/16
set logical-systems LogicalSystem-1 policy-options prefix-list local-prefixes 10.103.0.0/16
set logical-systems LogicalSystem-1 policy-options prefix-list local-prefixes 10.104.0.0/16
set logical-systems LogicalSystem-1 policy-options prefix-list local-prefixes 10.105.0.0/16

# The export policy that is used to control what routes are exported through BGP.
set logical-systems LogicalSystem-1 policy-options policy-statement export-local-prefixes term 1 from prefix-list local-prefixes
set logical-systems LogicalSystem-1 policy-options policy-statement export-local-prefixes term 1 then accept

# Logical System 2
set logical-systems LogicalSystem-2 policy-options prefix-list local-prefixes 10.200.0.0/16
set logical-systems LogicalSystem-2 policy-options prefix-list local-prefixes 10.201.0.0/16
set logical-systems LogicalSystem-2 policy-options prefix-list local-prefixes 10.202.0.0/16
set logical-systems LogicalSystem-2 policy-options prefix-list local-prefixes 10.203.0.0/16
set logical-systems LogicalSystem-2 policy-options prefix-list local-prefixes 10.204.0.0/16
set logical-systems LogicalSystem-2 policy-options prefix-list local-prefixes 10.205.0.0/16
set logical-systems LogicalSystem-2 policy-options policy-statement export-local-prefixes term 1 from prefix-list local-prefixes
set logical-systems LogicalSystem-2 policy-options policy-statement export-local-prefixes term 1 then accept

The entire configuration:

jemurray@juniper-1> show configuration | display set
set version 20190829.221548_builder.r1052644
set system host-name juniper-1
set system root-authentication encrypted-password "NotForThePublic"
set system login user jemurray uid 2000
set system login user jemurray class super-user
set system login user jemurray authentication encrypted-password "NotForThePublic"
set system services ssh
set system syslog user * any emergency
set system syslog file messages any notice
set system syslog file messages authorization info
set system syslog file interactive-commands interactive-commands any
set system processes dhcp-service traceoptions file dhcp_logfile
set system processes dhcp-service traceoptions file size 10m
set system processes dhcp-service traceoptions level all
set system processes dhcp-service traceoptions flag packet
set logical-systems LogicalSystem-1 interfaces lt-0/0/0 unit 101 description "LogicalSystem-2 P2P Interface"
set logical-systems LogicalSystem-1 interfaces lt-0/0/0 unit 101 encapsulation ethernet
set logical-systems LogicalSystem-1 interfaces lt-0/0/0 unit 101 peer-unit 201
set logical-systems LogicalSystem-1 interfaces lt-0/0/0 unit 101 family inet address 192.168.99.0/31
set logical-systems LogicalSystem-1 protocols bgp group remote-peers-group-b type external
set logical-systems LogicalSystem-1 protocols bgp group remote-peers-group-b export export-local-prefixes
set logical-systems LogicalSystem-1 protocols bgp group remote-peers-group-b neighbor 192.168.99.1 peer-as 64513
set logical-systems LogicalSystem-1 policy-options prefix-list local-prefixes 10.100.0.0/16
set logical-systems LogicalSystem-1 policy-options prefix-list local-prefixes 10.101.0.0/16
set logical-systems LogicalSystem-1 policy-options prefix-list local-prefixes 10.102.0.0/16
set logical-systems LogicalSystem-1 policy-options prefix-list local-prefixes 10.103.0.0/16
set logical-systems LogicalSystem-1 policy-options prefix-list local-prefixes 10.104.0.0/16
set logical-systems LogicalSystem-1 policy-options prefix-list local-prefixes 10.105.0.0/16
set logical-systems LogicalSystem-1 policy-options policy-statement export-local-prefixes term 1 from prefix-list local-prefixes
set logical-systems LogicalSystem-1 policy-options policy-statement export-local-prefixes term 1 then accept
set logical-systems LogicalSystem-1 routing-options static route 10.100.0.0/16 discard
set logical-systems LogicalSystem-1 routing-options static route 10.101.0.0/16 discard
set logical-systems LogicalSystem-1 routing-options static route 10.102.0.0/16 discard
set logical-systems LogicalSystem-1 routing-options static route 10.103.0.0/16 discard
set logical-systems LogicalSystem-1 routing-options static route 10.104.0.0/16 discard
set logical-systems LogicalSystem-1 routing-options static route 10.105.0.0/16 discard
set logical-systems LogicalSystem-1 routing-options autonomous-system 64512
set logical-systems LogicalSystem-2 interfaces lt-0/0/0 unit 201 description "LogicalSystem-1 P2P Interface"
set logical-systems LogicalSystem-2 interfaces lt-0/0/0 unit 201 encapsulation ethernet
set logical-systems LogicalSystem-2 interfaces lt-0/0/0 unit 201 peer-unit 101
set logical-systems LogicalSystem-2 interfaces lt-0/0/0 unit 201 family inet address 192.168.99.1/31
set logical-systems LogicalSystem-2 protocols bgp group remote-peers-group-a type external
set logical-systems LogicalSystem-2 protocols bgp group remote-peers-group-a export export-local-prefixes
set logical-systems LogicalSystem-2 protocols bgp group remote-peers-group-a neighbor 192.168.99.0 peer-as 64512
set logical-systems LogicalSystem-2 policy-options prefix-list local-prefixes 10.200.0.0/16
set logical-systems LogicalSystem-2 policy-options prefix-list local-prefixes 10.201.0.0/16
set logical-systems LogicalSystem-2 policy-options prefix-list local-prefixes 10.202.0.0/16
set logical-systems LogicalSystem-2 policy-options prefix-list local-prefixes 10.203.0.0/16
set logical-systems LogicalSystem-2 policy-options prefix-list local-prefixes 10.204.0.0/16
set logical-systems LogicalSystem-2 policy-options prefix-list local-prefixes 10.205.0.0/16
set logical-systems LogicalSystem-2 policy-options policy-statement export-local-prefixes term 1 from prefix-list local-prefixes
set logical-systems LogicalSystem-2 policy-options policy-statement export-local-prefixes term 1 then accept
set logical-systems LogicalSystem-2 routing-options static route 10.200.0.0/16 discard
set logical-systems LogicalSystem-2 routing-options static route 10.201.0.0/16 discard
set logical-systems LogicalSystem-2 routing-options static route 10.202.0.0/16 discard
set logical-systems LogicalSystem-2 routing-options static route 10.203.0.0/16 discard
set logical-systems LogicalSystem-2 routing-options static route 10.204.0.0/16 discard
set logical-systems LogicalSystem-2 routing-options static route 10.205.0.0/16 discard
set logical-systems LogicalSystem-2 routing-options autonomous-system 64513
set chassis fpc 0 pic 0 tunnel-services bandwidth 10g
set interfaces ge-0/0/1 unit 0 family inet dhcp
set interfaces fxp0 unit 0 family inet dhcp vendor-id Juniper-vmx-VM5F52E462F8

Validate BGP Operation

Validate BGP session is established:

jemurray@juniper-1> show bgp neighbor 192.168.99.1 logical-system LogicalSystem-1
Peer: 192.168.99.1+65463 AS 64513 Local: 192.168.99.0+179 AS 64512
  Group: remote-peers-group-b  Routing-Instance: master
  Forwarding routing-instance: master
  Type: External    State: Established    Flags: <Sync>
  Last State: OpenConfirm   Last Event: RecvKeepAlive
  Last Error: None
  Export: [ export-local-prefixes ]
  Options: <Preference PeerAS Refresh>
  Options: <GracefulShutdownRcv>
  Holdtime: 90 Preference: 170
  Graceful Shutdown Receiver local-preference: 0
  Number of flaps: 0
  Peer ID: 192.168.99.1    Local ID: 192.168.99.0      Active Holdtime: 90
  Keepalive Interval: 30         Group index: 0    Peer index: 0    SNMP index: 0
  I/O Session Thread: bgpio-0 State: Enabled
  BFD: disabled, down
  Local Interface: lt-0/0/0.101
  NLRI for restart configured on peer: inet-unicast
  NLRI advertised by peer: inet-unicast
  NLRI for this session: inet-unicast
  Peer supports Refresh capability (2)
  Stale routes from peer are kept for: 300
  Peer does not support Restarter functionality
  Restart flag received from the peer: Notification
  NLRI that restart is negotiated for: inet-unicast
  NLRI of received end-of-rib markers: inet-unicast
  NLRI of all end-of-rib markers sent: inet-unicast
  Peer does not support LLGR Restarter functionality
  Peer supports 4 byte AS extension (peer-as 64513)
  Peer does not support Addpath
  NLRI(s) enabled for color nexthop resolution: inet-unicast
  Table inet.0 Bit: 20000
    RIB State: BGP restart is complete
    Send state: in sync
    Active prefixes:              6
    Received prefixes:            6
    Accepted prefixes:            6
    Suppressed due to damping:    0
    Advertised prefixes:          6
  Last traffic (seconds): Received 3    Sent 3    Checked 3755
  Input messages:  Total 143	Updates 2	Refreshes 0	Octets 2807
  Output messages: Total 142	Updates 1	Refreshes 0	Octets 2744
  Output Queue[1]: 0            (inet.0, inet-unicast)

Confirm the routes being sent over BGP:

jemurray@juniper-1> show route advertising-protocol bgp 192.168.99.1 logical-system LogicalSystem-1

inet.0: 14 destinations, 14 routes (14 active, 0 holddown, 0 hidden)
  Prefix		  Nexthop	       MED     Lclpref    AS path
* 10.100.0.0/16           Self                                    I
* 10.101.0.0/16           Self                                    I
* 10.102.0.0/16           Self                                    I
* 10.103.0.0/16           Self                                    I
* 10.104.0.0/16           Self                                    I
* 10.105.0.0/16           Self                                    I

Confirm the routes received over BGP:

jemurray@juniper-1> show route receive-protocol bgp 192.168.99.1 logical-system LogicalSystem-1

inet.0: 14 destinations, 14 routes (14 active, 0 holddown, 0 hidden)
  Prefix		  Nexthop	       MED     Lclpref    AS path
* 10.200.0.0/16           192.168.99.1                            64513 I
* 10.201.0.0/16           192.168.99.1                            64513 I
* 10.202.0.0/16           192.168.99.1                            64513 I
* 10.203.0.0/16           192.168.99.1                            64513 I
* 10.204.0.0/16           192.168.99.1                            64513 I
* 10.205.0.0/16           192.168.99.1                            64513 I

inet6.0: 1 destinations, 1 routes (1 active, 0 holddown, 0 hidden)

Confirm routes are installed into the routing table:

jemurray@juniper-1> show route logical-system LogicalSystem-1

inet.0: 14 destinations, 14 routes (14 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

10.100.0.0/16      *[Static/5] 01:02:17
                       Discard
10.101.0.0/16      *[Static/5] 01:02:17
                       Discard
10.102.0.0/16      *[Static/5] 01:02:17
                       Discard
10.103.0.0/16      *[Static/5] 01:02:17
                       Discard
10.104.0.0/16      *[Static/5] 01:02:17
                       Discard
10.105.0.0/16      *[Static/5] 01:02:17
                       Discard
10.200.0.0/16      *[BGP/170] 00:30:36, localpref 100
                      AS path: 64513 I, validation-state: unverified
                    >  to 192.168.99.1 via lt-0/0/0.101
10.201.0.0/16      *[BGP/170] 00:30:36, localpref 100
                      AS path: 64513 I, validation-state: unverified
                    >  to 192.168.99.1 via lt-0/0/0.101
10.202.0.0/16      *[BGP/170] 00:30:36, localpref 100
                      AS path: 64513 I, validation-state: unverified
                    >  to 192.168.99.1 via lt-0/0/0.101
10.203.0.0/16      *[BGP/170] 00:30:36, localpref 100
                      AS path: 64513 I, validation-state: unverified
                    >  to 192.168.99.1 via lt-0/0/0.101
10.204.0.0/16      *[BGP/170] 00:30:36, localpref 100
                      AS path: 64513 I, validation-state: unverified
                    >  to 192.168.99.1 via lt-0/0/0.101
10.205.0.0/16      *[BGP/170] 00:30:36, localpref 100
                      AS path: 64513 I, validation-state: unverified
                    >  to 192.168.99.1 via lt-0/0/0.101
192.168.99.0/31    *[Direct/0] 01:20:12
                    >  via lt-0/0/0.101
192.168.99.0/32    *[Local/0] 01:20:12
                       Local via lt-0/0/0.101

inet6.0: 1 destinations, 1 routes (1 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

ff02::2/128        *[INET6/0] 1d 16:16:37
                       MultiRecv

  

  No Comments

Subscribe to: Posts (Atom)