[j-nsp] Modifying BGP communities in Juniper ISG-2000 firewall .. (Internal)
Truman Boyes
truman at suspicious.org
Thu Sep 4 04:51:46 EDT 2008
Hi Shaheen,
You will set the BGP communities for the peer via a route-map in
ScreenOS.
Something like:
set vrouter untrust-vr
set protocol bgp 64819
set community-list 1 permit 20100
set community-list 1 permit 12000
set route-map name bgp_community permit 1
set community 1
And then you set the route-map on the BGP neighbor like this:
set protocol bgp neighbor xx.xx.xx.xx route-map bgp_community out
set protocol bgp neighbor xx.xx.xx.xx route-map send-community
You are already using route-maps in your redistribution and for the
sake of tagging all your routes that are advertised to your peer, you
can apply another route-map to the BGP neighbor that performs the
tagging.
Regards,
Truman
On 4/09/2008, at 1:35 AM, S.M. Shaheen Reza CN Networks wrote:
> Hi:
>
> To comply with GSMA IR.34, we have to modify our BGP community for
> GRX provider from 64819 to 64819:20100 & 64819:12000. We use Juniper
> ISG-2000 firewall in our network.
>
> Following is our present configuration:
>
> Juniper ISG-2000(M)-> get vrouter untrust-vr protocol bgp config
> set protocol bgp 64819
> set enable
> unset synchronization
> set neighbor xx.xx.xx.xx remote-as 2300 local-ip xx.xx.xx.xy /32
> set neighbor xx.xx.xx.xx enable
> set neighbor xx.xx.xx.xx nhself-enable
> set neighbor xx.xx.xx.xx route-map "advertise_to_FT_GRX" out
> set med 10
> set network 202.zz.z.208/29 no-check
> set network 202.zz.z.248/30 no-check
> exit
> set protocol bgp
> set redistribute route-map "advertise_to_XYZ" protocol connected
> set redistribute route-map "advertise_to_XYZ" protocol static
> exit
> set interface tunnel.9 protocol bgp
> set interface ethernet4/2.220 protocol bgp
>
> We just want to modify the red-marked bgp community 64819 to
> 64819:20100 & 64819:12000.
>
> Can you please suggest the optimal way to make the changes?
>
> Thanking you
>
> Regards,
> Shaheen
>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
More information about the juniper-nsp
mailing list