Juniper BGP on SRX – Basic EBGP setup

Posted on October 6, 2019 by danmassey99

So I have an SRX300 with an external Draytek 130 attached giving DSL connectivity. the next task is to create a BGP session so we can announce the routed subnet back to our MPLS VPN. This will move onto multiple lines with some route selection included. In the first instance we need to establish the peering session, and the internet is full of the instructions on how do this. The next stage is a announcing a prefix which is not so well documented.

Our AS: 65111
Core AS: 65000
Our DSL IP: 192.168.1.244/32
Core DSL gateway: 192.168.250.6
Local LAN: 192.168.20.0/24 – this is to be advertised

Stage 1: Set up the BGP AS

 
root# set routing-options autonomous-system 65111

Stage 2: Set up a group (like a Cisco Peer-Group)

set protocols bgp group UPSTREAM type external
set protocols bgp group UPSTREAM peer-as 65000
set protocols bgp group UPSTREAM neighbor 192.168.250.6

Stage 3: We like authentication on BGP sessions!

set protocols bgp group UPSTREAM authentication-key my_secret_key

At this point we can see the session is set up. This can be verified with:

root> show bgp summary 
Groups: 1 Peers: 1 Down peers: 0
Table          Tot Paths  Act Paths Suppressed    History Damp State    Pending
inet.0               
                       1          1          0          0          0          0
Peer                     AS      InPkt     OutPkt    OutQ   Flaps Last Up/Dwn State|#Active/Received/Accepted/Damped...
192.168.250.6         65000        144        153       0       2       22:26 1/1/1/0              0/0/0/0

Notice we a have received 1 route from the other side, which in our case is a default route. This can be checked with:

root> show route protocol bgp 

inet.0: 5 destinations, 5 routes (5 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

0.0.0.0/0          *[BGP/170] 00:24:19, localpref 100
                      AS path: 65000 I, validation-state: unverified
                    > to 192.168.250.6 via pp0.0

However we are still not announcing our local route back to the upstream router.

Stage 4: Create a routing policy

The policy will be called EXP-POLICY and is set to just export the local 192.168.20.0/24 prefix

root# set policy-options policy-statement EXP-POLICY term 1 from route-filter 192.168.20.0/24 exact
root# set policy-options policy-statement EXP-POLICY term 1 then accept

Stage 5: Attach the policy

root# set protocols bgp group UPSTREAM export EXP-POLICY

Now we can check the announced routes! Note that the route needs to be in the UP state for the announcement to work.

root> show route advertising-protocol bgp 192.168.250.6    

inet.0: 5 destinations, 5 routes (5 active, 0 holddown, 0 hidden)
  Prefix                  Nexthop              MED     Lclpref    AS path
* 192.168.20.0/24         Self                                    I
This entry was posted in Juniper and tagged , , . Bookmark the permalink.