Expand all | Collapse all

Summarising Provider Independent Address

Jump to Best Answer
  • 1.  Summarising Provider Independent Address

    Posted 01-18-2021 08:21
    Hello, I have a query on how to generate a route and then eventually summarize it.

    An ISP has provided me with a /29 which I intend to use in a NAT pool, to NAT my local LAN traffic. The problem is that the /29 is not built on any interfaces on my SRX firewall and I need to install it in the routing table so that I can NAT my traffic to it.

    Additionally, I need to advertise this /29 back to the ISP under/24 summary route via eBGP, as it is used on the internet.

    Please could someone advise a way to do this, thanks.

  • 2.  RE: Summarising Provider Independent Address
    Best Answer

    Posted 01-18-2021 20:08
    To use addresses os nat on the SRX you can simply add them as pool addresses.  They do not need to be on any interface or route to function.

    Check with your ISP on the usage requirements for the /29.  If you were only assigned a /29 they are likely routing this directly to your cpe service address that I assume is on your SRX untrust interface.  If this is the case you are done.

    If you were you given a full /24 and expected to advertise this back to them, then you would create an aggregate or static discard route on the SRX and import that route in your bgp export policy to the ISP. 

    The aggregate is used if you do use these physical addresses internally and will have some active routes to keep it up as a contributing routes.

    The static discard is used if you are simply using the public addresses all as nat pool addresses source or destination.

    Steve Puluka BSEET - Juniper Ambassador
    IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)

  • 3.  RE: Summarising Provider Independent Address

    Posted 01-29-2021 15:34
    Ok Steve, I got the NAT working, thanks for the advice there. I had to create a static route discard for my NAT PI addresses and then advertise that via BGP towards the ISP, which seems to have done the trick.