[j-nsp] BGP Peering Policies - Best Practices

adamv0025 at netconsultings.com adamv0025 at netconsultings.com
Wed May 22 04:43:44 EDT 2019


> Richard Hicks
> Sent: Monday, May 20, 2019 5:41 PM
> 
> We are currently a mix of Juniper and Cisco.  With the Cisco routers eBGP
> peering with providers, exchanges, and customers.
> 
> We will be reintroducing Juniper as peering routers.  While I have some
old
> Juniper BGP peering policies I can build from, I would like know what is
> working, or not working, well for others.
> 
> For example:
> - How many BGP groups do you use?
> - How are they organized, and does it simplify or complicate policy
design?
What complicates things is the lack of dynamic update peer groups in junos. 

I think the rest is somehow part of the secret sauce. 
> - Do you have large import/export policies, or do you chain smaller
policies
> together?
> - What "knobs" do you have in your policies and how do you organize
them...
> (reject, lower-pref, raise-pref, prepend, etc...)?
> - Do you use policies to put prefixes into specific RIB groups?  For what
> purpose?

> - Is anyone aware of a Best Practices guide for Junos BGP policy design?
Not really, but you might want to search for security policies (to be used
on ingress to your AS) 
If such thing exist for junos it should definitely mention the fact that in
your input normalization/bleaching policies on Junos you also need to
include bleaching of extended communities with your AS#, cause junos will
happily accept say route-targets on all (even eBGP or non-MP-BGP) sessions
and install routes into VRFs by default, something to consider for policies
facing customers as well.
 
adam



More information about the juniper-nsp mailing list