BGP Protocol

Border Gateway Protocol (BGP) is the foundation of Internet routing and a critical protocol for service provider networks. In Juniper routers, BGP configuration requires careful attention to security, scalability, and proper policy implementation.

Components of BGP Configuration

Basic Session Setup

External BGP Session

set protocols bgp group external-peers type external
set protocols bgp group external-peers peer-as 65001
set protocols bgp group external-peers neighbor 192.0.2.1 description "Peer A"
set protocols bgp group external-peers neighbor 192.0.2.1 local-address 192.0.2.2

Internal BGP Session

set protocols bgp group internal-peers type internal
set protocols bgp group internal-peers local-address 10.0.0.1
set protocols bgp group internal-peers neighbor 10.0.0.2

Address Family Configuration

set protocols bgp group external-peers family inet unicast
set protocols bgp group external-peers family inet6 unicast
set protocols bgp group external-peers family inet-vpn unicast

Advanced Features

BFD Configuration

set protocols bgp group external-peers bfd-liveness-detection minimum-interval 300
set protocols bgp group external-peers bfd-liveness-detection multiplier 3

Multipath

set protocols bgp group external-peers multipath multiple-as
set protocols bgp group external-peers path-selection external-router-id

Authentication

set protocols bgp group external-peers authentication-key "$9$password"
set protocols bgp group external-peers authentication-algorithm md5

Route Policy Configuration

Import Policies

policy-statement peer-import {
    term bogon-filter {
        from {
            route-filter 0.0.0.0/8 orlonger;
            route-filter 10.0.0.0/8 orlonger;
        }
        then reject;
    }
    term accept-routes {
        from {
            protocol bgp;
            route-filter 0.0.0.0/0 prefix-length-range /8-/24;
        }
        then {
            local-preference 200;
            community add peer-accepted;
            accept;
        }
    }
    then reject;
}

Export Policies

policy-statement peer-export {
    term customer-routes {
        from {
            protocol static;
            route-filter 192.168.0.0/16 orlonger;
        }
        then {
            community add peer-export;
            accept;
        }
    }
    then reject;
}

Best Practices

Session Security

Prefix Limits

set protocols bgp group external-peers family inet unicast prefix-limit maximum 300000
set protocols bgp group external-peers family inet unicast prefix-limit teardown 85
set protocols bgp group external-peers family inet unicast prefix-limit teardown idle-timeout 300

RPKI Validation

set routing-options validation group rpki-validator session 192.0.2.10
set routing-options validation group rpki-validator port 8282

Route Control

AS Path Filters

set policy-options as-path-group bogon-asns "^0|64496-65535"
set policy-options policy-statement peer-import term bogon-as from as-path-group bogon-asns

Community-Based Control

set policy-options community no-export members no-export
set policy-options community peer-accepted members 65000:100

Verification Commands

Session Status

show bgp summary
show bgp neighbor 192.0.2.1

Route Advertisement

show route advertising-protocol bgp 192.0.2.1
show route receive-protocol bgp 192.0.2.1

Policy Verification

show policy peer-import detail
show policy peer-export detail

Common Applications

Service Provider Networks

Transit Provider Connections
- Full routing table reception
- Customer route advertisement
- Proper prefix filtering
Internet Exchange Peering
- Route server integration
- Multi-lateral peering
- Selective route advertisement

Enterprise Networks

Multi-Site Connectivity
- MPLS L3VPN integration
- Site-to-site routing
- Redundant connections
Provider Management
- Multiple transit providers
- Load balancing
- Failover scenarios

PreviousRouting Instance NextFilters and Policies

Last updated 9 months ago