четвъртък, септември 10, 2015

Juniper SSG as a BGP speaker

First at all - it;s a real time OS - changes are applied immediately (sometimes :))
set neighbor 172.16.1.2 remote-as 2222 local-ip 172.16.1.1/30 outgoing-interface ethernet0/3
set neighbor 172.16.1.2 enable
set ipv4 neighbor 172.16.1.2 activate
set ipv4 neighbor 172.16.1.2 advertise-def-route            #To advertise the default route.
set ipv4 neighbor 172.16.1.2 route-map "advertise-out" out  # Route map applied to the neighbor.
set ipv4 neighbor 172.16.1.2 route-map "receive-in" in
set ipv4 network 172.16.10.0/24
set ipv4 network 10.10.10.0/24 no-check                # Routes advertised to other peers.
set ipv4 network 10.10.20.0/24                         # Routes advertised to other peers.
### By default, the route will only be advertised to the other BGP peers when the network is reachable (either via a static route or via IGP). 
### You can turn off this by adding the no-check attribute to the network that needs to be advertised
exit
set access-list 10                                           # ACL to block the routes for single peer.
set access-list 10 deny ip 10.10.0.0/16 10                   # Deny = subnets  not to be advertised. Permit = subnets allowed to be advertised.
set access-list 10 permit ip 0.0.0.0/0 20                    # N.B. There is a significant difference between and 0.0.0.0/0 which means
set access-list 110                                           # In this case we'll advertise to 172.16.1.2 only 10.10.10.0/24 and 172.16.10.0/24
set access-list 110 permit ip 10.10.10.0/16 10                # but not 10.10.20.0/24
set access-list 110 permit ip 172.16.10.0/24 20                   
set route-map name "advertise-out" permit 10
set match ip 10
set route-map name "receive-in" permit 10
set match ip 110
exit

save config

Some usable commands: 

Show routing table:
get routes
get vr trust-vr route

BGP peers and their states
get vrouter trust-vr proto bgp neighbor

Detailed info about BGP peer:
get vrouter trust-vr proto bgp neighbor

Learned routes from BGP peers
get vr trust-vr protocol bgp rib-in

BGP config for particular virtual router
get vr trust-vr proto bgp config

Next commands can't be accessed via auto-completion (TAB or SPACE) they should be written or copy/pasted as is
debug bgp all (debug bgp ?)
debug tcp all
debug flow basic
Read debug output:
get dbuf stream
Clear debug log/info file:
clear dbuf

Sometime's life-saving

unset vrouter trust-vr proto bgp synchronization
set vrouter trust-vr proto bgp enable

exec vrouter trust-vr proto bgp neighbor 172.16.1.2 disconnect
exec vrouter trust-vr proto bgp neighbor 172.16.1.2 connect

BGP soft-clear
clear vrouter trust-vr protocol bgp neighbor 172.16.1.2 soft-in
clear vrouter trust-vr protocol bgp neighbor 172.16.1.2 soft-out

Публикувано от в

Няма коментари:

Публикуване на коментар

Абонамент за: Коментари за публикацията (Atom)