SRX

NAT Pools:

1.1.1.0/24

2.2.2.0/24

3.3.3.0/24

 

SRX has interface in only one of these networks (1.1.1.1) with a BGP peer at 1.1.1.254.

 

Since 1.1.1.0/24 is active in our routing table, no problem getting that into our BGP advertisement.

 

What is the most appropriate way to inject the 2.2.2.0/24 and 3.3.3.0/24 NAT pools into BGP?

 

Static route with discard action? Static route with receive action? Other?

#static
#JUNOS
#advertise
#NAT
#SRX
#BGP
#pool

My standard method is to create a discard static route and use that for the BGP export.

 

There are other methods. Choose one you like best. I like discard, it's worked well for me.

 

Like this:

 

routing-options {
    static {
        route 2.0.0.0/24 discard;

  }

}

 

policy-options {
    policy-statement public-to-bgp {
        from {
            protocol static;
            route-filter 2.0.0.0/24 exact;
        }
        then accept;
    }
}

 

protocols {
    bgp {
        export public-to-bgp;

  }

}

Hey

Is there a more specific route installed?

If I look at the flow-chart for sessions:

https://kb.juniper.net/InfoCenter/index?page=content&id=KB16110&smlogin=true

 

- then source-NAT comes after route-lookup

Just saw your response (I know it's been a few years), but I've been working through the same solution for a customer that has two upstream routers:

 

I think the reason that this works is that traffic TO the source-nat prefix would always be part of an existing session (eg: outbound traffic has already been source-NATted, return traffic is coming back to the advertised prefixes), so in the SRX Order of Operations, it would skip straight to the Existing Sessions section and avoid route look-up.

That works. I guess the NAT process grabs it before it actually discards it. It seemed to work that way but it felt counter-intuitive to tell it to discard traffic destined for a network for which I wanted to receive traffic. Thanks for the reply.