SRX

Expand all | Collapse all

SRX650 with ex4200 bgp peering

Jump to Best Answer
  • 1.  SRX650 with ex4200 bgp peering

    Posted 09-11-2018 00:26

    Hi, I'm setting up an network with an SRX650 and a EX4200.

    I only have 1 ISP and not able to find any information how to setup this properly.

    The problem is that I don't know how to configure the srx650 to have bgp and pass the network to the EX4200.

    I'm able to configure the srx650 to work with the BGP peering and our asn but don't have any idea how to pass this to the EX4200 so I can use my asn and my IPs, if its possible anyone to assist I will be greatfull, and if its possible to send the commands so I can make the changes will be perfect.
    right now the SRX650 is factory reset and the EX4200 is handling the BGP peering and my ASN with 1 /22, passing this to the vlans working properly.



  • 2.  RE: SRX650 with ex4200 bgp peering

     
    Posted 09-11-2018 02:56

    The details on this configuration will depend on how the ex is configured but these will be the basic steps.

     

    This would move the bgp from the ex to the srx

    Copy the isp interface configuration from the ex to the desired interface on the srx

    assign this interface to the untrust zone

    Allow host inbound traffic protocols on this zone for bgp

    Copy the bgp configuration from the ex to the srx

    remove the iterface and bgp upstream configuration from the ex

     

    For the downstream to the ex from the srx, this will all depend on how the ex is configured now for distribution and how you want to control traffic with srx rules.

     

    You could put an srx interface in the same vlan as the upstream is now and connect this layer 2 to the ex so all the downstream peerings still work as they do in the ex now.

     

    Or there are redesign options that will all vary depending on if you are running iBGP or eBGP internally and whether or not there are route reflectors.

     



  • 3.  RE: SRX650 with ex4200 bgp peering

    Posted 09-11-2018 05:41

    I have this configured:
    on my ex

    And I wanted to still have the srx as l3 to use the ipsec and ddos mitigation yet.

     

    Can you explain how can I do this 
    "You could put an srx interface in the same vlan as the upstream is now and connect this layer 2 to the ex so all the downstream peerings still work as they do in the ex now."
    Create an vlan with the same network as the ISP ? just this part I didn't understood, about the rest is exactly what we were doing.
     



  • 4.  RE: SRX650 with ex4200 bgp peering
    Best Answer

    Posted 09-11-2018 16:21

    I was able to resolve my issue after reading this and changing somethings, but this helped me:

    https://www.juniper.net/documentation/en_US/junos/topics/example/routing-protocol-bgp-security-internal-peering-session-configuring-cli.html



  • 5.  RE: SRX650 with ex4200 bgp peering

     
    Posted 09-12-2018 02:27

    Glad you have it all worked out.