BGP Path Control on Junos

This article shows 2 ways to control the path of packets leaving an autonomous system:

  • Changing the exit route to a given prefix
  • Changing the exit route to a given autonomous system

The commands below are related to the following diagram:

Changing the exit route to a given prefix

Goal: force packets to the destination network 10.100.2.0/23 to leave the AS through ISP_1.

1.  Log into the MX5_1 and check if the prefix 10.100.2.0/23 is already included in the advertised prefixes comming from the neighbor 172.30.78.129.

admin@MX5_1> show route receive-protocol bgp 172.30.78.129 10.100.2.0/23

If the prefix is not included in the route advertisement coming from the external neighbor, insert a static route into the IPv4 routing table (inet.0):

admin@MX5_1> set routing-options static route 10.100.2.0/23 next-hop 172.30.78.129

2. Create a prefix-list named force-exit-static with the desired prefix:

admin@MX5_1> set policy-options prefix-list force-exit-static 10.100.2.0/23

3. Include the above prefix-list in a routing policy that will advertise that route with a local preference of 150 (default local preference value is 100). Hence, this route will be announced to internal peers with a higher local preference and will have the preference.

set policy-options policy-statement force-exit-lp term static-routes-to-neighbor1 from protocol static
set policy-options policy-statement force-exit-lp term static-routes-to-neighbor1 from prefix-list force-exit-static
set policy-options policy-statement force-exit-lp term static-routes-to-neighbor1 then local-preference 150
set policy-options policy-statement force-exit-lp term static-routes-to-neighbor1 then accept

4. Apply this policy statement as an export routing policy towards the internal BGP peer MX5_2.

admin@MX5_1> set protocols bgp group IBGP neighbor 192.168.0.3 export force-exit-lp

5. Verify if the changes took effect in the internal BGP neighbor. Go to the MX5_2, execute the command below and check if the next hop is MX5_1 and if the local preference is 150.

admin@MX5_2> show route 10.100.2.0/23

inet.0: 631433 destinations, 646384 routes (631417 active, 16 holddown, 1 hidden)
+ = Active Route, - = Last Active, * = Both

10.100.2.0/23     *[BGP/170] 21:34:42, localpref 150
                      AS path: I, validation-state: unverified
                   > to 192.168.0.2 via ge-1/0/0.0
                    [BGP/170] 4d 04:23:47, localpref 100
                      AS path: 28271 14868 I, validation-state: unverified
                   > to 172.16.98.41 via ge-1/0/1.0

Changing the exit route to a given autonomous system

Goal: force all packets destined to the remote AS 64511 to leave the autonomous system through ISP_1.

1. A requirement is that all prefixes that are inside the AS 64511 (which as-path ends with 64511) must be included in the advertisement received from the external peer ISP_1. Hence the prefixes will be already included in the BGP table.

Use the command below to find all prefixes which AS PATH ends with 64511.

admin@MX5_1> show route aspath-regex ".* 64511"

inet.0: 631570 destinations, 643431 routes (631554 active, 16 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

172.16.0.0/16      *[BGP/170] 1d 23:01:09, MED 0, localpref 100
                      AS path: 65535 64511 I, validation-state: unverified
                    > to 172.30.78.129 via ge-1/0/1.0
                    [BGP/170] 00:13:58, localpref 100
                      AS path: 64496 64511 I, validation-state: unverified
                    > to 192.168.0.3 via ge-1/0/0.0

 

Only the prefix 172.16.0.0/16 was found in AS 64511. Best path is through 172.30.78.129 because it is an external neighbor

In the other internal router happens the same, it also receives this prefix from external neighbor (ISP_2) and chooses this exit route because it’s external.

admin@MX5_2> show route aspath-regex ".* 64511"

inet.0: 631383 destinations, 646280 routes (631383 active, 0 holddown, 1 hidden)
+ = Active Route, - = Last Active, * = Both

172.16.0.0/16      *[BGP/170] 4d 08:13:51, localpref 100
                      AS path: 64496 64511 I, validation-state: unverified
                    > to 172.16.98.41 via ge-1/0/1.0
                    [BGP/170] 00:17:20, MED 0, localpref 100
                      AS path: 65535 64511 I, validation-state: unverified
                    > to 192.168.02 via ge-1/0/0.0

2. Since the prefix inside AS 64511 is already in the BGP table, we can advertise it with a higher local-preference value.

3. Define a “named AS path regular expression” (help topic policy-options as-path)

admin@MX5_1> set policy-options as-path REMOTE_AS ".* 64511"

4. Change the policy that is applied in the prefixes coming from the external neighbor on MX5_1.

 
admin@MX5_1> set policy-options policy-statement EBGP_IN term 2 from protocol bgp
admin@MX5_1> set policy-options policy-statement EBGP_IN term 2 from as-path REMOTE_AS
admin@MX5_1> set policy-options policy-statement EBGP_IN term 2 then local-preference 300

5. This policy is applied to the external neighbor ISP_1 in the import direction.

 
admin@MX5_1> set protocols bgp group EBGP import EBGP_IN

6. To verify if the changes took effect, go to the other internal router MX5_2. Check if the desired prefixes in the routing table are with a local-preference value of 300, and with the next-hop pointing to MX5_1.

 
admin@MX5_2> show route aspath-regex ".* 64511"

inet.0: 631549 destinations, 646451 routes (631536 active, 13 holddown, 1 hidden)
+ = Active Route, - = Last Active, * = Both

172.16.0.0/16      *[BGP/170] 00:00:09, MED 0, localpref 300
                      AS path: 65535 64511 I, validation-state: unverified
                    > to 192.168.0.2 via ge-1/0/0.0
                    [BGP/170] 4d 08:22:08, localpref 100
                      AS path: 64496 64511 I, validation-state: unverified
                    > to 172.16.98.41 via ge-1/0/1.0

 

Leave a Reply

Your email address will not be published. Required fields are marked *