Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[ScreenOS] How to configure Juniper firewall to advertise BGP route with a specific community value

0

0

Article ID: KB9903 KB Last Updated: 16 Sep 2020Version: 5.0
Summary:

An ISP may request a customer to advertise eBGP prefixes (routes) with a specific community value.  This community value is then used by the ISP to further apply specific policies to these prefixes.

Solution:

(192.168.100.1) FW1 (20.1.1.2)--------(20.1.1.1) FW2
                      AS 1111          AS 2222

Conditions:

  • FW1 and FW2 are eBGP peers
  • FW1 is advertising its directly connected network, 192.168.100.0/24
  • FW1 must advertise its directly connected network with Community value of "99"

The following configuration on FW1 will allow this:

  1. Configure eBGP

    set vrouter trust-vr
    set protocol bgp 1111
    set enable
    set neighbor 20.1.1.1 remote-as 2222
    set neighbor 20.1.1.1 enable
    exit

  2. Configure BGP on interface
    set interface untrust protocol bgp

  3. Create access list
    set vrouter trust-vr
    set access-list 1
    set access-list 1 permit ip 0.0.0.0/0 1
    exit

  4.  Create community-list
    set vrouter trust-vr
    set protocol bgp 1111
    set neighbor 20.1.1.1 send-community         
    set community-list 1 permit 1111 99
    exit
    exit

  5. Create route-map
    set vrouter trust-vr
    set route-map name "routemap1" permit 1
    set match ip 1
    set community 1
    exit

  6. Apply route-map
    set vrouter trust-vr
    set protocol bgp 1111
    set neighbor 20.1.1.1 route-map "routemap1" out
    exit
    exit

  7. Redistribute connected routes to BGP

    set vrouter trust-vr
    set protocol bgp
    set redistribute route-map "routemap1" protocol connected
    exit     
    exit

Here is the output from the eBGP peer (FW2).  Notice the community of 1111:99:

FW_2> get vrouter trust-vr protocol bgp rib 192.168.100.0/24
Prefix: 192.168.100.0/24
Nexthop: 20.1.1.2, Weight: 100, Local Pref: 100, MED: 0, Flags: 0x486 0x88, Orig: INCOMPLETE
AS segment type: AS_SEQ, AS path:1111
Community: 1111:99

Modification History:
2020-09-16: Article reviewed for accuracy. Minor changes made. Updated security products
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search