Junos OS

 View Only
last person joined: yesterday 

Ask questions and share experiences about Junos OS.
Expand all | Collapse all

Advertise /24 to peer B when /32 with given community accepted from peer A (looking for hints in building import/export filters)

  • 1.  Advertise /24 to peer B when /32 with given community accepted from peer A (looking for hints in building import/export filters)

    This message was posted by a user wishing to remain anonymous
    Posted 03-06-2023 08:55
    This message was posted by a user wishing to remain anonymous

    >Hi.
    I'm struggling with creating proper import/export filters for BGP peers on my Juniper MX router.

    I have a BGP session with peer A (flow collector, detecting ddos attacks) - and when it detects a large DDoS, it announces to my router the attacked prefix ipv4 /32 with the needed  community (say: 65530:999). The /32 accepted from peer A may be part of any of my /24 prefixes, stated on a prefix list called.. MY-PREFIX-LIST ;)
    And so far: I've got it covered, the route to the /32 announced by peer A is installed in the MXa table.
    In turn, to peer B - in such a situation I have to announce the whole prefix /24 to which the above /32 belongs.
    Will be grateful for any smart hints :)



  • 2.  RE: Advertise /24 to peer B when /32 with given community accepted from peer A (looking for hints in building import/export filters)

    Posted 03-31-2023 06:21

    Hi
    I don't understand the problem to the end don't know how to announce /32 to the other peers  ?

    Some example 

    set policy-options community BH members 65530:999

    set policy-options community BH-PEERb members 65530:112


    set policy-options policy-statement Announce-PEERb term 2 from protocol bgp
    set policy-options policy-statement Announce-PEERb term 2 from community BH
    set policy-options policy-statement Announce-PEERb term 2 then community add BH-PEERb
    set policy-options policy-statement Announce-PEERb term 2 then community delete BH

    I hope this is what you are looking for



    ------------------------------
    Grzegorz Dacka
    ------------------------------



  • 3.  RE: Advertise /24 to peer B when /32 with given community accepted from peer A (looking for hints in building import/export filters)

    Posted 05-07-2023 03:51

    Hello,
    It might be possible with BGP-static routes and conditional advert but the config is going to be huge.
    https://www.juniper.net/documentation/us/en/software/junos/bgp/topics/ref/statement/bgp-static-edit-routing-options.html
    https://www.juniper.net/documentation/us/en/software/junos/routing-policy/bgp/topics/example/conditional-prefix-installing-configuring.html
    I reckon you'd be better off with some automation using JET API or script running on external server.
    https://www.juniper.net/documentation/us/en/software/junos/jet-api/index.html
    HTH
    Thx
    Alex



    ------------------------------
    +++++++++++++++++++++++++++++++++++++++++++++++++
    Please ask Your Juniper account team about Juniper Professional Services offerings.
    Juniper PS can design, test and build a network/part of network according to Your requirements
    ++++++++++++++++++++++++++++++++++++++++++++++++++
    ------------------------------