Apologies for disturbing you all again with what is, likely to be, a very simple question:
SRX --> Core --> Transit --> Loopbacks configured as external networks
I now have all the policies in place that restrict advertisement of our networks with the "export <policy>" command and also the martian/bogon list with the "import <policy>" command.
So, as I have not completed this before and know that this must be right or we will end up with the whole internet routing table on the internal network, how do we get the route to the BGP interface from another connected device? Or, in other words, the Core directly connected knows the BGP routes but no other system does (because the IGP does not know about the route on the other systems).... it should know how to get to the outside world but can't with no route.
How is this configured please? By the way, I know how to inject our routes into isis but isis does not know about the BGP routes....
You can acheive the same using any one of the method.
1. Create export policy with term "from protocol bgp" and "from route-filter" and apply the same on ISIS.
2. Create a static route and advertise the same to ISIS.
This may seem like a very basic question and I apologise in advance if it is....
If I create a policy from protocol bgp and apply to isis with export command won't that advertise the complete internet routing table? Not something I wish to do......
If I use the route-filter with this command, how do I filter out every single internet address except the required default bgp route?
Apologies..... I guess I should know this 🙂
Is there any challenge in advertise default route?
That would be a yes with regards to BGP.... I'm guessing the config should look something like....
Configure a next-hop-self policy statement along the lines of:
policy-statement next-hop-self from protocol bgp
policy-statement next-hop-self from neighbor <transit bgp peer> <Customer bgp peer>
policy-statement next-hop-self then next-hop self
And then some form of 0.0.0.0/0 reject and 0.0.0.0/0 accept....
But in all honesty, I'm not sure how.... 😞
Thank you for the response. I will give this a go on Monday. I am not a BGP expert, hence the issue. Thanks again.
I have configured the following and applied to the Core MX240 which is directly connected to the upstream Cisco where I have configured several loopback interfaces to simulate internet addressing:
set protocols isis export isis-default
set routing-options static route 18.104.22.168/32 next-hop 22.214.171.124set routing-options static route 0.0.0.0/0 discardset routing-options static route 0.0.0.0/0 no-install
set policy-options policy-statement isis-default from protocol staticset policy-options policy-statement isis-default from route-filter 0.0.0.0/0 exactset policy-options policy-statement isis-default then accept
Here is the test route:
LNS (MX240) --> Core (MX240) --> Cisco (Transit) --> Loopback
So, if I ping from the LNS to the loopback without the configuration I get a "no route to host" error. If I commit the configuration and test ping to the loopback it works, and without the routing being in the table, which is great.
So, it worked. Thank you.
As a quick add on question before I close this as resolved, could you let me know if this will work in an ISP environment via the LNS?
Yes it should work.