Skip to main content

Posts

Showing posts from September, 2025

Automatic AS prepending with BGP communities on JunOS

  The purpose of this lab is to show how Juniper policy-options can be used to automatically increase AS path length based on community tags attached to routes sent over BGP. BGP AS path length is one option commonly used to determine the best path to a route on the Internet. The AS path length can also be used to influence how traffic is returned when a specific path is required. In the diagram below, we see the network  10.103.0.0/16  is announced to 2 upstream providers. From the  Internet's  perspective there are 2 equal cost return paths. To avoid returning through  LogicalSystem-2 , we can increase the length of the AS path through this hop. BGP will select the route with the shortest hop count, eliminating  LogicalSystem-2  as a viable router. In this lab there are 2 routers  LogicalSystem-1  and  LogicalSystem-2 . There is no  router-3  as seen in the diagram above: Details Juniper Config We are going to configure ...

BGP prefix filtering on a Juniper vMX within logical systems

  Expanding on yesterday’s   BGP Peering   configuration. Today we enable basic BGP prefix filtering. Exchanging routes on the Internet through BGP requires a fair bit of trust in the downstream organization to only send routes they are authoritative for. Without proper filtering, anyone could announce Googles 8.8.8.0/24 route and potentially redirect this critical  DNS traffic back to a rogue location . For a service provider, it is critical to deny all inbound prefixes and only allow those which are properly authorized to do so. Proper  LoAs  and  routing registries  are necessary to validate subnet ownerships. Once ownership is confirmed, proper filtering needs to take place. Below is a basic BGP filter configuration to deny all prefixes and only allow subnets properly authorized by the BGP neighbor. Details Imported routes before BGP prefix filtering: jemurray@juniper-1# run show route receive-protocol bgp 192.168.99.1 logical-system LogicalSy...

Basic BGP configuration with Juniper logical systems

  In this example, we provide the basic configuration for two Juniper vMX logical systems to exchange 6 eBGP routes with each other. Each major area of configuration is detailed with inline comments (#). The Configuration Create the logical systems point-to-point interfaces: # Logical System 1 # Each interface in a logical system needs a unique unit ID set logical-systems LogicalSystem-1 interfaces lt-0/0/0 unit 101 description "LogicalSystem-2 P2P Interface" set logical-systems LogicalSystem-1 interfaces lt-0/0/0 unit 101 encapsulation ethernet # The unit ID is used to connect the logical tunnel interfaces set logical-systems LogicalSystem-1 interfaces lt-0/0/0 unit 101 peer-unit 201 # A /31 is used to conserve IP space (yes, you can use .0 as a valid interface) set logical-systems LogicalSystem-1 interfaces lt-0/0/0 unit 101 family inet address 192.168.99.0/31 # Logical System 2 set logical-systems LogicalSystem-2 interfaces lt-0/0/0 unit 201 description "LogicalSyste...