Login 
SRX: peering BGP with 3 different Zone/Group – redistribution prefix and default-route configuration policy-option policy-statement
21.02 2024 | by massimilianoArchitettura di riferimento Configuration SRX Firewall Domain set interface reth1 unit 10 family inet address <ipv4_address_Blue/29> set interface reth2 unit […]
Architettura di riferimento
Configuration SRX Firewall Domain
set interface reth1 unit 10 family inet address <ipv4_address_Blue/29>
set interface reth2 unit 20 family inet address <ipv4_address_Yellow/29>
set interface reth2 unit 30 family inet address <ipv4_address_Green/29>
!
set routing-instances BLUE protocols bgp group VRF-BLUE type external
set routing-instances BLUE protocols bgp group VRF-BLUE hold-time 10
set routing- instances BLUE protocols bgp group VRF-BLUE log-updown
set routing-instances BLUE protocols bgp group VRF-BLUE authentication-key <password>
set routing-instances BLUE protocols bgp group VRF-BLUE import INET-IN
set routing-instances BLUE protocols bgp group VRF-BLUE export INET-OUT
set routing-instances BLUE protocols bgp group VRF-BLUE peer-as 64512
set routing-instances BLUE protocols bgp group VRF-BLUE multipath
set routing-instances BLUE protocols bgp group VRF-BLUE as-override
set routing- instances BLUE protocols bgp group VRF-BLUE neighbor < ipv4_peer_R1_Blue/29_>
set routing- instances BLUE protocols bgp group VRF-BLUE neighbor < ipv4_peer_R2_Blue/29 >
set routing-instances YELLOW protocols bgp group VRF-YELLOW type external
set routing-instances YELLOW protocols bgp group VRF-YELLOW hold-time 10
set routing-instances YELLOW protocols bgp group VRF-YELLOW log-updown
set routing-instances YELLOW protocols bgp group VRF-YELLOW authentication-key <password>
set routing-instances YELLOW protocols bgp group VRF-YELLOW export YELLOW-OUT
set routing-instances YELLOW protocols bgp group VRF-YELLOW peer-as 65512
set routing-instances YELLOW protocols bgp group VRF-YELLOW multipath
set routing-instances YELLOW protocols bgp group VRF-YELLOW as-override
set routing-instances YELLOW protocols bgp group VRF-YELLOW neighbor <ipv4_peer_R1_Yellow/29>
set routing-instances YELLOW protocols bgp group VRF-YELLOW neighbor <ipv4_peer_R2_Yellow/29>
set routing-instances GREEN protocols bgp group VRF-GREEN type external
set routing-instances GREEN protocols bgp group VRF-GREEN hold-time 10
set routing-instances GREEN protocols bgp group VRF-GREEN log-updown
set routing-instances GREEN protocols bgp group VRF-GREEN authentication-key <password>
set routing-instances GREEN protocols bgp group VRF-GREEN export GREEN-OUT
set routing-instances GREEN protocols bgp group VRF-GREEN peer-as 65512
set routing-instances GREEN protocols bgp group VRF-GREEN multipath
set routing-instances GREEN protocols bgp group VRF-GREEN as-override
set routing-instances GREEN protocols bgp group VRF-GREEN neighbor <ipv4_peer_R1_Green/29>
set routing-instances GREEN protocols bgp group VRF-GREEN neighbor <ipv4_peer_R2_Green/29>
!
gestione policies per redistribuzione prfx e default-route
set policy-option policy-statement INET-IN term 1 from protocol bgp route-filter 0.0.0.0/0 exact
set policy-option policy-statement INET-IN term 1 then accept
set policy-option policy-statement INET-IN term 2 then reject
set policy-option policy-statement INET-OUT term 1 from protocol bgp route-filter 0.0.0.0/0 exact
set policy-option policy-statement INET-OUT term 1 then reject
set policy-option policy-statement INET-OUT term 2 then accept
!
set policy-option policy-statement YELLOW-OUT term 1 from route-filter 0.0.0.0/0 exact
set policy-option policy-statement YELLOW-OUT term 1 then accept
set policy-option policy-statement YELLOW-OUT_ipv6 term 2 then reject
!
set policy-option policy-statement GREEN-OUT term 1 from route-filter 0.0.0.0/0 exact
set policy-option policy-statement GREEN-OUT term 1 then accept
set policy-option policy-statement GREEN-OUT term 2 then reject