Config BGP policy for limit ISP path in Juniper MX 480 Router

Clash Royale CLAN TAG#URR8PPP

up vote
2
down vote

favorite

Now we have a source IP14.135.4.0/24, we are involved in 5 different ISP, such as A, B, C, D, E. Now we want to access 14.135.4.0/24 not through the path of ISP B and ISP D, but through the other three ISPs by BGP policy to select the routing path.

Our router device is Juniper MX480. the bellow is my current A to E ISP：

master[edit protocols bgp] 
admin@MX480-RE0# show 
group EBGP_A 
 type external; 
 import IN_A; 
 authentication-key "$9$TQ/CIEcSlKhcJUiqPfKvWXdbYgoiqmZGuO"; ## SECRET-DATA 
 export Export_A; 
 neighbor 218.30.49.57 
 peer-as 4809; 
 
 
group EBGP_B 
 type external; 
 import IN_B; 
 authentication-key "$9$0F5oOhSrevL7-lejkm5zFLX7dYgaZUm5QiHIE"; ## SECRET-DAT
A 
 export Export_B; 
 neighbor 218.30.54.97 
 import IN_B; 
 peer-as 4134; 
 
 
group EBGP_C 
 type external; 
 import Im_C; 
 export Export_C; 
 neighbor 62.115.15.6 
 peer-as 1299; 
 
 
group EBGP_D 
 type external; 
 import Im_D; 
 export Export_D; 
 neighbor 12.105.15.6 
 peer-as 1299; 
 

group EBGP_E 
 type external; 
 import Im_E; 
 export Export_E; 
 neighbor 42.135.15.6 
 peer-as 1299; 
 
 

bgp juniper juniper-junos juniper-mx

share|improve this question

asked 1 hour ago

Jie Zhang

111

New contributor

Jie Zhang is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

add a comment | 

up vote
2
down vote

favorite

Now we have a source IP14.135.4.0/24, we are involved in 5 different ISP, such as A, B, C, D, E. Now we want to access 14.135.4.0/24 not through the path of ISP B and ISP D, but through the other three ISPs by BGP policy to select the routing path.

Our router device is Juniper MX480. the bellow is my current A to E ISP：

master[edit protocols bgp] 
admin@MX480-RE0# show 
group EBGP_A 
 type external; 
 import IN_A; 
 authentication-key "$9$TQ/CIEcSlKhcJUiqPfKvWXdbYgoiqmZGuO"; ## SECRET-DATA 
 export Export_A; 
 neighbor 218.30.49.57 
 peer-as 4809; 
 
 
group EBGP_B 
 type external; 
 import IN_B; 
 authentication-key "$9$0F5oOhSrevL7-lejkm5zFLX7dYgaZUm5QiHIE"; ## SECRET-DAT
A 
 export Export_B; 
 neighbor 218.30.54.97 
 import IN_B; 
 peer-as 4134; 
 
 
group EBGP_C 
 type external; 
 import Im_C; 
 export Export_C; 
 neighbor 62.115.15.6 
 peer-as 1299; 
 
 
group EBGP_D 
 type external; 
 import Im_D; 
 export Export_D; 
 neighbor 12.105.15.6 
 peer-as 1299; 
 

group EBGP_E 
 type external; 
 import Im_E; 
 export Export_E; 
 neighbor 42.135.15.6 
 peer-as 1299; 
 
 

bgp juniper juniper-junos juniper-mx

share|improve this question

asked 1 hour ago

Jie Zhang

111

New contributor

Jie Zhang is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

add a comment | 

up vote
2
down vote

favorite

up vote
2
down vote

favorite

Now we have a source IP14.135.4.0/24, we are involved in 5 different ISP, such as A, B, C, D, E. Now we want to access 14.135.4.0/24 not through the path of ISP B and ISP D, but through the other three ISPs by BGP policy to select the routing path.

Our router device is Juniper MX480. the bellow is my current A to E ISP：

master[edit protocols bgp] 
admin@MX480-RE0# show 
group EBGP_A 
 type external; 
 import IN_A; 
 authentication-key "$9$TQ/CIEcSlKhcJUiqPfKvWXdbYgoiqmZGuO"; ## SECRET-DATA 
 export Export_A; 
 neighbor 218.30.49.57 
 peer-as 4809; 
 
 
group EBGP_B 
 type external; 
 import IN_B; 
 authentication-key "$9$0F5oOhSrevL7-lejkm5zFLX7dYgaZUm5QiHIE"; ## SECRET-DAT
A 
 export Export_B; 
 neighbor 218.30.54.97 
 import IN_B; 
 peer-as 4134; 
 
 
group EBGP_C 
 type external; 
 import Im_C; 
 export Export_C; 
 neighbor 62.115.15.6 
 peer-as 1299; 
 
 
group EBGP_D 
 type external; 
 import Im_D; 
 export Export_D; 
 neighbor 12.105.15.6 
 peer-as 1299; 
 

group EBGP_E 
 type external; 
 import Im_E; 
 export Export_E; 
 neighbor 42.135.15.6 
 peer-as 1299; 
 
 

bgp juniper juniper-junos juniper-mx

share|improve this question

asked 1 hour ago

Jie Zhang

111

New contributor

Jie Zhang is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

Now we have a source IP14.135.4.0/24, we are involved in 5 different ISP, such as A, B, C, D, E. Now we want to access 14.135.4.0/24 not through the path of ISP B and ISP D, but through the other three ISPs by BGP policy to select the routing path.

Our router device is Juniper MX480. the bellow is my current A to E ISP：

master[edit protocols bgp] 
admin@MX480-RE0# show 
group EBGP_A 
 type external; 
 import IN_A; 
 authentication-key "$9$TQ/CIEcSlKhcJUiqPfKvWXdbYgoiqmZGuO"; ## SECRET-DATA 
 export Export_A; 
 neighbor 218.30.49.57 
 peer-as 4809; 
 
 
group EBGP_B 
 type external; 
 import IN_B; 
 authentication-key "$9$0F5oOhSrevL7-lejkm5zFLX7dYgaZUm5QiHIE"; ## SECRET-DAT
A 
 export Export_B; 
 neighbor 218.30.54.97 
 import IN_B; 
 peer-as 4134; 
 
 
group EBGP_C 
 type external; 
 import Im_C; 
 export Export_C; 
 neighbor 62.115.15.6 
 peer-as 1299; 
 
 
group EBGP_D 
 type external; 
 import Im_D; 
 export Export_D; 
 neighbor 12.105.15.6 
 peer-as 1299; 
 

group EBGP_E 
 type external; 
 import Im_E; 
 export Export_E; 
 neighbor 42.135.15.6 
 peer-as 1299; 
 
 

bgp juniper juniper-junos juniper-mx

bgp juniper juniper-junos juniper-mx

share|improve this question

asked 1 hour ago

Jie Zhang

111

New contributor

Jie Zhang is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

share|improve this question

asked 1 hour ago

Jie Zhang

111

New contributor

Jie Zhang is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

share|improve this question

share|improve this question

asked 1 hour ago

Jie Zhang

111

New contributor

Jie Zhang is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

asked 1 hour ago

Jie Zhang

111

asked 1 hour ago

Jie Zhang

111

111

New contributor

Jie Zhang is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

New contributor

Jie Zhang is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

Jie Zhang is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.

add a comment | 

add a comment | 

1 Answer
1

active

oldest

votes

up vote
2
down vote

If you want to refuse that route, you could add another import statement to those two peergroups, in which you reject the prefix:

policy-statement reject_unwanted 
 from 
 route-filter 14.135.4.0/24 exact;
 
 then reject;

For peergroupd B the import statement would change to something like this:

import [ reject_unwanted im_B ];

And for D:

import [ reject_unwanted im_D ];

Of course, you could add this statement to im_B and im_D as an additional term as well. Make sure to put that term before any accept statements in that case.

Keep in mind that this will only work for exactly the given prefix. If there's an overlapping less specific route (14.135.0.0/20 for example) and there is no more specific route, this path will still be used.

Another option instead of rejecting the prefix alltogether is to set a lower local-preference so traffic is not preferred via these peers instead of rejecting the routes.

share|improve this answer

answered 1 hour ago

Teun Vink♦

10.2k52551

• 
  
  
  

  
  

  
  
  
  
  
  

  
  14.135.4.0/24 This IP address is the address of our local router. We want to choose the routing path in the direction our route is going out. 14.135.4.0/24 does not go through ISP B and ISP D.
  – Jie Zhang
  14 mins ago
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  Please provide a more detailed description (including a diagram if possible) of your network in that case, and add it to the original question.
  – Teun Vink♦
  4 mins ago
  

  
  
  
  

add a comment | 

Your Answer

StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "496"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
convertImagesToLinks: false,
noModals: false,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
noCode: true, onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);

Jie Zhang is a new contributor. Be nice, and check out our Code of Conduct.

 

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name Email

StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fnetworkengineering.stackexchange.com%2fquestions%2f53747%2fconfig-bgp-policy-for-limit-isp-path-in-juniper-mx-480-router%23new-answer', 'question_page');

);

Post as a guest

Name Email

1 Answer
1

active

oldest

votes

1 Answer
1

active

oldest

votes

active

oldest

votes

active

oldest

votes

up vote
2
down vote

If you want to refuse that route, you could add another import statement to those two peergroups, in which you reject the prefix:

policy-statement reject_unwanted 
 from 
 route-filter 14.135.4.0/24 exact;
 
 then reject;

For peergroupd B the import statement would change to something like this:

import [ reject_unwanted im_B ];

And for D:

import [ reject_unwanted im_D ];

Of course, you could add this statement to im_B and im_D as an additional term as well. Make sure to put that term before any accept statements in that case.

Keep in mind that this will only work for exactly the given prefix. If there's an overlapping less specific route (14.135.0.0/20 for example) and there is no more specific route, this path will still be used.

Another option instead of rejecting the prefix alltogether is to set a lower local-preference so traffic is not preferred via these peers instead of rejecting the routes.

share|improve this answer

answered 1 hour ago

Teun Vink♦

10.2k52551

• 
  
  
  

  
  

  
  
  
  
  
  

  
  14.135.4.0/24 This IP address is the address of our local router. We want to choose the routing path in the direction our route is going out. 14.135.4.0/24 does not go through ISP B and ISP D.
  – Jie Zhang
  14 mins ago
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  Please provide a more detailed description (including a diagram if possible) of your network in that case, and add it to the original question.
  – Teun Vink♦
  4 mins ago
  

  
  
  
  

add a comment | 

up vote
2
down vote

If you want to refuse that route, you could add another import statement to those two peergroups, in which you reject the prefix:

policy-statement reject_unwanted 
 from 
 route-filter 14.135.4.0/24 exact;
 
 then reject;

For peergroupd B the import statement would change to something like this:

import [ reject_unwanted im_B ];

And for D:

import [ reject_unwanted im_D ];

Of course, you could add this statement to im_B and im_D as an additional term as well. Make sure to put that term before any accept statements in that case.

Keep in mind that this will only work for exactly the given prefix. If there's an overlapping less specific route (14.135.0.0/20 for example) and there is no more specific route, this path will still be used.

Another option instead of rejecting the prefix alltogether is to set a lower local-preference so traffic is not preferred via these peers instead of rejecting the routes.

share|improve this answer

answered 1 hour ago

Teun Vink♦

10.2k52551

• 
  
  
  

  
  

  
  
  
  
  
  

  
  14.135.4.0/24 This IP address is the address of our local router. We want to choose the routing path in the direction our route is going out. 14.135.4.0/24 does not go through ISP B and ISP D.
  – Jie Zhang
  14 mins ago
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  Please provide a more detailed description (including a diagram if possible) of your network in that case, and add it to the original question.
  – Teun Vink♦
  4 mins ago
  

  
  
  
  

add a comment | 

up vote
2
down vote

up vote
2
down vote

If you want to refuse that route, you could add another import statement to those two peergroups, in which you reject the prefix:

policy-statement reject_unwanted 
 from 
 route-filter 14.135.4.0/24 exact;
 
 then reject;

For peergroupd B the import statement would change to something like this:

import [ reject_unwanted im_B ];

And for D:

import [ reject_unwanted im_D ];

Of course, you could add this statement to im_B and im_D as an additional term as well. Make sure to put that term before any accept statements in that case.

Keep in mind that this will only work for exactly the given prefix. If there's an overlapping less specific route (14.135.0.0/20 for example) and there is no more specific route, this path will still be used.

Another option instead of rejecting the prefix alltogether is to set a lower local-preference so traffic is not preferred via these peers instead of rejecting the routes.

share|improve this answer

answered 1 hour ago

Teun Vink♦

10.2k52551

If you want to refuse that route, you could add another import statement to those two peergroups, in which you reject the prefix:

policy-statement reject_unwanted 
 from 
 route-filter 14.135.4.0/24 exact;
 
 then reject;

For peergroupd B the import statement would change to something like this:

import [ reject_unwanted im_B ];

And for D:

import [ reject_unwanted im_D ];

Of course, you could add this statement to im_B and im_D as an additional term as well. Make sure to put that term before any accept statements in that case.

Keep in mind that this will only work for exactly the given prefix. If there's an overlapping less specific route (14.135.0.0/20 for example) and there is no more specific route, this path will still be used.

Another option instead of rejecting the prefix alltogether is to set a lower local-preference so traffic is not preferred via these peers instead of rejecting the routes.

share|improve this answer

answered 1 hour ago

Teun Vink♦

10.2k52551

share|improve this answer

share|improve this answer

answered 1 hour ago

Teun Vink♦

10.2k52551

answered 1 hour ago

Teun Vink♦

10.2k52551

answered 1 hour ago

Teun Vink♦

10.2k52551

10.2k52551

• 
  
  
  

  
  

  
  
  
  
  
  

  
  14.135.4.0/24 This IP address is the address of our local router. We want to choose the routing path in the direction our route is going out. 14.135.4.0/24 does not go through ISP B and ISP D.
  – Jie Zhang
  14 mins ago
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  Please provide a more detailed description (including a diagram if possible) of your network in that case, and add it to the original question.
  – Teun Vink♦
  4 mins ago
  

  
  
  
  

add a comment | 

• 
  
  
  

  
  

  
  
  
  
  
  

  
  14.135.4.0/24 This IP address is the address of our local router. We want to choose the routing path in the direction our route is going out. 14.135.4.0/24 does not go through ISP B and ISP D.
  – Jie Zhang
  14 mins ago
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  Please provide a more detailed description (including a diagram if possible) of your network in that case, and add it to the original question.
  – Teun Vink♦
  4 mins ago
  

  
  
  
  

14.135.4.0/24 This IP address is the address of our local router. We want to choose the routing path in the direction our route is going out. 14.135.4.0/24 does not go through ISP B and ISP D.
– Jie Zhang
14 mins ago

14.135.4.0/24 This IP address is the address of our local router. We want to choose the routing path in the direction our route is going out. 14.135.4.0/24 does not go through ISP B and ISP D.
– Jie Zhang
14 mins ago

Please provide a more detailed description (including a diagram if possible) of your network in that case, and add it to the original question.
– Teun Vink♦
4 mins ago

Please provide a more detailed description (including a diagram if possible) of your network in that case, and add it to the original question.
– Teun Vink♦
4 mins ago

add a comment | 

Jie Zhang is a new contributor. Be nice, and check out our Code of Conduct.

 

draft saved

draft discarded

Jie Zhang is a new contributor. Be nice, and check out our Code of Conduct.

Jie Zhang is a new contributor. Be nice, and check out our Code of Conduct.

Jie Zhang is a new contributor. Be nice, and check out our Code of Conduct.

 

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name Email

StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fnetworkengineering.stackexchange.com%2fquestions%2f53747%2fconfig-bgp-policy-for-limit-isp-path-in-juniper-mx-480-router%23new-answer', 'question_page');

);

Post as a guest

Name Email

Sign up or log in

StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name Email

Sign up or log in

StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name Email

Sign up or log in

StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name Email

Name Email

Name

Email

Name Email

Name

Email