Page MenuHomePhabricator
Paste P27787

JunOS Dynamic Neighbors With Different Peer-AS
ActivePublic
Actions

Authored by cmooney on May 11 2022, 2:01 PM.
Tags
None
Referenced Files
F35130397: JunOS Dynamic Neighbors With Different Peer-AS
May 11 2022, 2:01 PM
Subscribers
None
# AS-Path definitons as follows:
set policy-options as-path K8S ".* (64601|64602)$"
set policy-options as-path LVS ".* 64600$"
set policy-options as-path K8S_STAGE ".* (64603|64604)$"
set policy-options as-path K8S_MLSTAGE ".* 64608$"
set policy-options as-path K8S_MLSERVE ".* (64606|64607)$"
set policy-options as-path ANYCAST ".* 64604$"
# AS-Path list is defined to match all our potential end-host peers:
set policy-options as-list SERVER_BGP members 64600-64609
# BGP Groups are defined with 'dynamic-neighbor' configured for the whole private subnet, and the "peer-as-list" command (note vQFX insisted on also having 'peer-as' defined, but doesn't seem to matter):
cathal@LSW1> show configuration routing-instances WMF_PROD protocols bgp
group DYNAMIC_PEERS_V4 {
type external;
import SERVER_BGP_IN;
family inet {
unicast;
}
authentication-key "$9$aCUqf0ORcrvQFEyleXxjHqfF/tuOIhS9C"; ## SECRET-DATA
export DEFAULT_EVPN;
peer-as 10;
local-as 14907 loops 2 private no-prepend-global-as;
dynamic-neighbor RACK_E1 {
allow 198.18.101.0/24;
}
dynamic-neighbor ROW_E {
allow 198.18.201.0/24;
}
peer-as-list SERVER_BGP;
}
group DYNAMIC_PEERS_V6 {
type external;
import SERVER_BGP_IN;
family inet6 {
unicast;
}
authentication-key "$9$d7saU3nCpORikA0B1yr24aUkPQFn9tuf5"; ## SECRET-DATA
export DEFAULT_EVPN;
peer-as 10;
local-as 14907 loops 2 private no-prepend-global-as;
dynamic-neighbor RACK_E1 {
allow 2001:470:6a7f:91::/64;
}
dynamic-neighbor ROW_E {
allow 2001:470:6a7f:90::/64;
}
peer-as-list SERVER_BGP;
}
local-as 65187;
# With this config BGP establishes to separate peers on the same subnet using different ASNs:
cathal@LSW1> show bgp summary instance WMF_PROD | find ^Peer
Peer AS InPkt OutPkt OutQ Flaps Last Up/Dwn State|#Active/Received/Accepted/Damped...
198.18.101.10 64600 125 135 0 0 1:00:01 Establ
WMF_PROD.inet.0: 1/1/1/0
198.18.101.11 64601 72 78 0 0 33:27 Establ
WMF_PROD.inet.0: 1/1/1/0
2001:470:6a7f:91::10 64600 107 116 0 0 51:46 Establ
WMF_PROD.inet6.0: 1/1/1/0
2001:470:6a7f:91::11 64601 72 79 0 0 33:27 Establ
WMF_PROD.inet6.0: 1/1/1/0
# The SERVER-BGP-IN policy is defined as follows, combining the terms from our existing policies into one, but matching on the AS-path in each:
cathal@LSW1> show configuration policy-options policy-statement SERVER_BGP_IN
term lvs_service_ips {
from {
family inet;
protocol bgp;
as-path LVS;
prefix-list-filter LVS-service-ips orlonger;
}
then accept;
}
term lvs_service_ips6 {
from {
family inet6;
protocol bgp;
as-path LVS;
prefix-list-filter LVS-service-ips6 orlonger;
}
then accept;
}
term kubernetes_ipv4 {
from {
family inet;
protocol bgp;
as-path K8S;
prefix-list-filter kubernetes-ipv4 orlonger;
}
then {
local-preference 163;
accept;
}
}
term kubernetes_ipv6 {
from {
family inet6;
protocol bgp;
as-path K8S;
prefix-list-filter kubernetes-ipv6 orlonger;
}
then accept;
}
then reject;
The policy only affects what we want, for instance the local-pref set to 163 we only see on the route from AS 64601:
cathal@LSW1> show route protocol bgp table WMF_PROD.inet.0 terse
WMF_PROD.inet.0: 15 destinations, 16 routes (15 active, 0 holddown, 0 hidden)
@ = Routing Use Only, # = Forwarding Use Only
+ = Active Route, - = Last Active, * = Both
A V Destination P Prf Metric 1 Metric 2 Next hop AS path
* ? 1.2.3.4/32 B 170 100 0 64600 ?
unverified >198.18.101.10
* ? 3.4.5.6/32 B 170 163 0 64601 ?
unverified >198.18.101.11
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL