SRX

 View Only
last person joined: yesterday 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.
  • 1.  as path prepend

    Posted 06-17-2021 06:13
    Hello ,

    I am trying the understand the BGP policy . I have a Site called Remote office having an SRX Firewall . The AS number of site is 65111

    I have two datacenters to which i have VPN from Remote site- Data center name as DC1 and DC2


    set policy-options policy-statement EXPORT-VPN-DC1 term MATCH-direct from protocol direct
    set policy-options policy-statement EXPORT-VPN-DC1 term MATCH-direct then as-path-prepend "65111 65111 65111 65111 65111"
    set policy-options policy-statementEXPORT-VPN-DC1 term MATCH-direct then accept
    set policy-options policy-statement EXPORT-VPN-DC1 term AS-path-prepend from protocol bgp
    set policy-options policy-statement EXPORT-VPN-DC1 term AS-path-prepend then as-path-prepend "65111 65111 65111 65111 65111"
    set policy-options policy-statement EXPORT-VPN-DC1 term AS-path-prepend then accept

    set policy-options policy-statement EXPORT-VPN-DC2 term MATCH-direct from protocol direct
    set policy-options policy-statement EXPORT-VPN-DC2 term MATCH-direct then as-path-prepend "65111 65111 65111 65111 65111 65111"
    set policy-options policy-statement EXPORT-VPN-DC2 term MATCH-direct then accept
    set policy-options policy-statement EXPORT-VPN-DC2 term AS-path-prepend from protocol bgp
    set policy-options policy-statement EXPORT-VPN-DC2  term AS-path-prepend then as-path-prepend "65111 65111 65111 65111 65111 65111"
    set policy-options policy-statement EXPORT-VPN-DC2  term AS-path-prepend then accept


    My query is while prepending AS path - can we write any number other than 65111  .?

    Also for DC1 , it is written as 5 times 
    for DC2 , it is written 6 times

    making DC2 path longer . But is there any logic of using it 5 and 6 times .; can i use 7 and 8  times   ?  the goal is to have more number of entries for DC2 to make path longer ?

    ------------------------------
    skywalker
    ------------------------------


  • 2.  RE: as path prepend

    Posted 06-17-2021 07:54
    Hi Skywalker,

    You may use any AS number while prepending but it is not recommended in production and should not use other than your AS no.
    If you wanted to prefer DC1 path, just add one AS path in DC2 export policy. No need to add as-path-prepend on DC1 export policy. Here the logic is preferred path should have less AS path length compared to secondary path.



  • 3.  RE: as path prepend

    Posted 06-17-2021 08:25
    Hi Nellikka ,

    Understood . 

    So even we have to use the AS number ( of our site) , we can still have it any number of times ( here 5 times for DC1  and 6 times for DC2) ? What is the logic of using 5 and 6 and why not 0 and 1  or 2 and 3 ?

    ------------------------------
    skywalker
    ------------------------------



  • 4.  RE: as path prepend

    Posted 06-19-2021 06:56
    My query is while prepending AS path - can we write any number other than 65111  .?
    Yes, the AS path count is for all AS in the path and it does not care what the AS are in the count.

    Also for DC1 , it is written as 5 times 
    for DC2 , it is written 6 times

    making DC2 path longer . But is there any logic of using it 5 and 6 times .; can i use 7 and 8  times   ?  the goal is to have more number of entries for DC2 to make path longer ?
    Yes, shorter is better so the number does not matter for this criteria.

    However I would point out that typically this method would not be used for routing control on fully controlled peerings like this where you own the whole network.    AS path generally only comes into play when you have long paths through AS that you do NOT control and are interacting with.  So generally the internet.

    For inside networks like your won VPN connection your are better off using policies via local preference on the relevant peerings for this type of route steering.  You can also use communities to label your routes at the source and process routes that are ultimately from those sources in the desired handling way.

    AS path method is really the last hope and frequently ignored metric.  And excessive padding (more than 3 or 4) is frequently ignored by outside AS.


    ------------------------------
    Steve Puluka BSEET - Juniper Ambassador
    IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)
    http://puluka.com/home
    ------------------------------