SRX

 View Only

IMPORTANT MODERATION NOTICE

This community is currently under full moderation, meaning  all posts will be reviewed before appearing in the community. Please expect a brief delay—there is no need to post multiple times. If your post is rejected, you'll receive an email outlining the reason(s). We've implemented full moderation to control spam. Thank you for your patience and participation.



  • 1.  Advertise NAT pools to BGP

    Posted 09-01-2010 06:08

    NAT Pools:

    1.1.1.0/24

    2.2.2.0/24

    3.3.3.0/24

     

    SRX has interface in only one of these networks (1.1.1.1) with a BGP peer at 1.1.1.254.

     

    Since 1.1.1.0/24 is active in our routing table, no problem getting that into our BGP advertisement.

     

    What is the most appropriate way to inject the 2.2.2.0/24 and 3.3.3.0/24 NAT pools into BGP?

     

    Static route with discard action? Static route with receive action? Other?


    #static
    #JUNOS
    #advertise
    #NAT
    #SRX
    #BGP
    #pool


  • 2.  RE: Advertise NAT pools to BGP
    Best Answer

    Posted 09-01-2010 08:07

    My standard method is to create a discard static route and use that for the BGP export.

     

    There are other methods. Choose one you like best. I like discard, it's worked well for me.

     

    Like this:

     

    routing-options {
        static {
            route 2.0.0.0/24 discard;

      }

    }

     

    policy-options {
        policy-statement public-to-bgp {
            from {
                protocol static;
                route-filter 2.0.0.0/24 exact;
            }
            then accept;
        }
    }

     

    protocols {
        bgp {
            export public-to-bgp;

      }

    }



  • 3.  RE: Advertise NAT pools to BGP

    Posted 06-29-2015 23:50

    Hey

    Is there a more specific route installed?

    If I look at the flow-chart for sessions:

    https://kb.juniper.net/InfoCenter/index?page=content&id=KB16110&smlogin=true

     

    - then source-NAT comes after route-lookup



  • 4.  RE: Advertise NAT pools to BGP

    Posted 05-04-2017 05:33

    Just saw your response (I know it's been a few years), but I've been working through the same solution for a customer that has two upstream routers:

     

    I think the reason that this works is that traffic TO the source-nat prefix would always be part of an existing session (eg: outbound traffic has already been source-NATted, return traffic is coming back to the advertised prefixes), so in the SRX Order of Operations, it would skip straight to the Existing Sessions section and avoid route look-up.



  • 5.  RE: Advertise NAT pools to BGP

    Posted 09-01-2010 11:46
    That works. I guess the NAT process grabs it before it actually discards it. It seemed to work that way but it felt counter-intuitive to tell it to discard traffic destined for a network for which I wanted to receive traffic. Thanks for the reply.