[j-nsp] Whats the best way to announce an IP range in BGP? Doesn't physically exist anywhere.
Justin M. Streiner
streiner at cluebyfour.org
Wed Jun 20 22:44:38 EDT 2012
On Wed, 20 Jun 2012, Morgan McLean wrote:
> I have a /24 I want to announce, but I don't actually have it anywhere on
> the network. I NAT some of its IP's on the SRX that has the BGP session
> with our providers.
>
> I've been using static routes with the discard flag, but I don't really
> like the way the SRX handles traffic. It still creates sessions for traffic
> destined to IP's not used anywhere (hitting the static route) and can be
> easily dos'd because of this.
I'm curious what you mean by 'dos' in this scenario. You can use an
aggregate to tell the router to advertise the /24 as long as at least a
portion of it exists in your IGP.
> Is there a better way to just tell our providers hey, we have this range?
If you're multi-homed (you didn't say, so I'm not sure), you need to
announce prefixes using BGP. If you're not multi-homed, you could have
your upstream provider announce the /24 for you, and statically route it
to you, but that doesn't change the fact that you would get traffic for
all of the addresses in that range.
You could also use a firewall filter to throw away packets that are
destined for addresses/ranges that you're not using in that /24.
jms
More information about the juniper-nsp
mailing list