Log in to ask questions, share your expertise, or stay connected to content you value. Don’t have a login? Learn how to become a member.
>Hi.I'm struggling with creating proper import/export filters for BGP peers on my Juniper MX router.
I have a BGP session with peer A (flow collector, detecting ddos attacks) - and when it detects a large DDoS, it announces to my router the attacked prefix ipv4 /32 with the needed community (say: 65530:999). The /32 accepted from peer A may be part of any of my /24 prefixes, stated on a prefix list called.. MY-PREFIX-LIST ;)And so far: I've got it covered, the route to the /32 announced by peer A is installed in the MXa table.In turn, to peer B - in such a situation I have to announce the whole prefix /24 to which the above /32 belongs.Will be grateful for any smart hints :)
HiI don't understand the problem to the end don't know how to announce /32 to the other peers ?
set policy-options community BH members 65530:999
set policy-options community BH-PEERb members 65530:112
set policy-options policy-statement Announce-PEERb term 2 from protocol bgpset policy-options policy-statement Announce-PEERb term 2 from community BHset policy-options policy-statement Announce-PEERb term 2 then community add BH-PEERbset policy-options policy-statement Announce-PEERb term 2 then community delete BH
I hope this is what you are looking for
Hello,It might be possible with BGP-static routes and conditional advert but the config is going to be huge.https://www.juniper.net/documentation/us/en/software/junos/bgp/topics/ref/statement/bgp-static-edit-routing-options.htmlhttps://www.juniper.net/documentation/us/en/software/junos/routing-policy/bgp/topics/example/conditional-prefix-installing-configuring.htmlI reckon you'd be better off with some automation using JET API or script running on external server.https://www.juniper.net/documentation/us/en/software/junos/jet-api/index.htmlHTHThxAlex