Junos OS

 View Only
last person joined: yesterday 

Ask questions and share experiences about Junos OS.
  • 1.  Bogon/Martian List Configuration

     
    Posted 07-13-2018 03:00

    Hi,

     

    This is not a question, more information on "This is how you can get a dynamic assigned bogon/martian listing from cymru".

     

    The first thing you need to do is e-mail cymru and they will e-mail back with a series of quesitons so they can configure their BGP end.

     

    Here is my configuration that has been tested successfully , based on my answers to their questions:

     

    set protocols bgp group cymru-bogons type external
    set protocols bgp group cymru-bogons description "cymru fullbogon bgp feed (ipv4 + 6)"
    set protocols bgp group cymru-bogons multihop ttl 255
    set protocols bgp group cymru-bogons import cymru-bogons-in
    set protocols bgp group cymru-bogons authentication-key "$9$k.m5At0IEyJG01EcvM8X7dVsYgoUjq"
    set protocols bgp group cymru-bogons export deny-all
    set protocols bgp group cymru-bogons peer-as (they will supply)
    set protocols bgp group cymru-bogons neighbor (they will supply) local-address x.x.x.x
    set protocols bgp group cymru-bogons neighbor (they will supply) family inet unicast

     

    set policy-options policy-statement cymru-bogons-in term 1 from family inet
    set policy-options policy-statement cymru-bogons-in term 1 from community comm-cymru-bogon
    set policy-options policy-statement cymru-bogons-in term 1 then community add comm-no-export
    set policy-options policy-statement cymru-bogons-in term 1 then next-hop discard
    set policy-options policy-statement cymru-bogons-in term 1 then accept
    set policy-options policy-statement cymru-bogons-in term 2 from family inet6
    set policy-options policy-statement cymru-bogons-in term 2 from community comm-cymru-bogon
    set policy-options policy-statement cymru-bogons-in term 2 then community add comm-no-export
    set policy-options policy-statement cymru-bogons-in term 2 then next-hop discard
    set policy-options policy-statement cymru-bogons-in term 2 then accept
    set policy-options policy-statement cymru-bogons-in then reject
    set policy-options policy-statement deny-all then reject

     

    You will need their community string too:

     

    set policy-options community comm-cymru-bogon members no-export
    set policy-options community comm-cymru-bogon members 65332:888
    set policy-options community comm-no-export members no-export

     

    This allows you to receive the listings dynamically as they change regularly. This saves you manually entering the adress ranges each time they change.

     

    Just information for you.

     

     



  • 2.  RE: Bogon/Martian List Configuration
    Best Answer

    Posted 07-13-2018 05:14

    ... I would add some statements to deny of your own prefixes, you would not want to get your own prefixes dumped because of a faulty bogon list

    ...never automatically trust, better control it.

     

    regards

     

    alexander



  • 3.  RE: Bogon/Martian List Configuration

     
    Posted 07-13-2018 05:19

    That's a good shout Alexander .... Something I did not think of.

     

    I will add those in.


    Cheers