Border Gateway Protocol or BGP, is a gateway protocol that enables the Internet to exchange routing information between AS or Autonomous Systems. It is used by Large Enterprise and Service Providers. Here are the recommended Best Security Practices that need to be implemented on your Juniper Routers. Authentication need to be set for all peering using MD5 set protocols bgp group <group_name> authentication-key <MD5 key> There are few supported authentication that you can use aes-128-cmac-96 Cipher-based Message Authentication Code (AES128)…
Tag: <span>BGP</span>
Here’s the basic BGP (eBGP) configuration of connecting 3 different router vendors namely Huawei, Juniper and Cisco Routers. Assuming we connect via their physical interfaces and incoming and outgoing policies are basically allow all. Sample Configuration Huawei <Huawei>system-view Enter system view, return user view with return command. [~Huawei] interface GigabitEthernet1/0/0 description Connection to Cisco ip address 192.168.0.1 255.255.255.252 interface GigabitEthernet1/0/1 description Connection to Juniper ip address 192.168.1.1 255.255.255.252 xpl route-filter Cisco-Import approve end-filter xpl route-filter Cisco-Export approve end-filter xpl route-filter…
Here is sample tutorial on how to configure External Border Gateway Protocol (EBGP) between Huawei Router and another router. I will focus on the configuration of the Huawei router (RouterA). Fig.1.1 Procedure: 1. Configure the Loopback IP address a. Enter system view command: system-view <RouterA>system-view Enter system view, return user view with return command. <RouterA>interface LoopBack0 <RouterA>description RouterA Loopback0 <RouterA>ip address 172.16.1.1 255.255.255.255 <RouterA>quit Verify: <RouterA>display current-configuration interface LoopBack 0 2. Configure the P2P(point to point) IP, we will assume…
We are going to configure VRRP between the 2 pairs of routers and the expected behavior, setup as per below: Setup: 1. Routers PE1,PE2,FW1 and FW2 are connected to the same Layer 2 Switch and belongs to the same VLAN. 2. L2-Switch will just function as Layer 2 switch (subnet 192.168.2.240/29) 3. VRRP is configured between PE1 & PE2 3. VRRP is configured between FW1 & FW2 Fig.1 IP & VRRP Configuration: L2-SWITCH L2-SWITCH#conf t a. Setup access VLAN…
Static Route Configuration Examples in Juniper for BGP aggregated prefix advertisements In order to advertise the aggregated routes (and default routes) via BGP, it should exists in the routing table, that’s the #1 rule. If these summarized routes (/16) are not existing and only smaller subnets are learned via the IGP(e.g. OSPF,IS-IS), then configure static route and next hop e.g. Null0. Configuration: routing-options { graceful-restart; rib inet6.0 { static { route fd41:c8be:2153:f400::/64 discard; route ::0/0 { discard; no-install; static {…
Originating BGP advertisement can be configured to any iBGP peer router. Here’s the sample configuration of originating BGP routes and community tagging in Juniper. Assuming these are the summarized prefixes that you want to advertise via BGP. 111.111.0.0/16 222.222.0.0/16 Configuration: routing-options { graceful-restart; router-id 1.1.1.1; autonomous-system 11111; protocols { bgp { group RR-IBGP { type internal; description RR-IPv4; local-address 192.168.100.6; family inet { unicast; } authentication-key “$1$N3tBioBwfdFsFVwgoGDh.3C0oL”; ## SECRET-DATA export bgp-statement; neighbor 192.168.100.5 { description iBGP to Route Reflector; }…
Static Route Configuration Examples in Cisco (IOS-XR) for BGP aggregated prefix advertisements In order to advertise the aggregated routes (and default routes) via BGP, it should exists in the routing table, that’s the #1 rule. If these summarized routes (/16) are not existing and only smaller subnets are learned via the IGP(e.g. OSPF,IS-IS), then configure static route and next hop e.g. Null0. Configuration: router static address-family ipv4 unicast 0.0.0.0/0 Null0 172.16.0.0/16 Null0 address-family ipv6 unicast ::/0 Null0 fd41:c8be:2153:f400::/64 Null0 In…
Originating BGP advertisement can be configured to any iBGP peer router. Here’s the sample configuration of originating BGP routes and community tagging in Cisco Assuming these are the summarized prefixes that you want to advertise via BGP. 111.111.0.0/16 222.222.0.0/16 Configuration: Configure the prefix-set prefix-set SITE1 111.111.0.0/16, 222.222.0.0/16 end-set 2. Configure the community route-policy bgp-statement if destination in SITE1 then set community (12345:111) endif end-policy 3. Configure BGP router bgp 11111 nsr bgp router-id 1.1.1.1 bgp graceful-restart address-family ipv4 unicast network…
Leave a Comment