Friday, November 19, 2021

How to extend the Mpls network to spoke devices using Juniper Mx480 and Juniper Srx340






We can extend the MPLS backbone to spoke router which we install newly below is the configuration 

Head end   Juniper MX480 < > Spoke device Juniper SRX340

Step by step process 
  1. Create the Bgp community.
  2. Create the bgp group for bgp peer .
  3. Create write the policy for routes to come in and out .
  4. Create routing instance and assign interface.
  5. Check the bgp peer is ping reachable. 

Head end configuration 
------------------------------------------------------

Bgp configuration 

set protocols bgp group SR2_TC1 type external
set protocols bgp group SR2_TC1 hold-time 30
set protocols bgp group SR2_TC1 advertise-inactive
set protocols bgp group SR2_TC1 log-updown
set protocols bgp group SR2_TC1 family inet labeled-unicast
set protocols bgp group SR2_TC1 family inet-vpn unicast
set protocols bgp group SR2_TC1 export BGP-export-l3vpn
set protocols bgp group SR2_TC1 export DEFAULT-ONLY
set protocols bgp group SR2_TC1 peer-as 4099.35
set protocols bgp group SR2_TC1 neighbor 94.54.4.242


BGP Community 

set policy-options community cust-svcs-1121_export members target:503:101121
set policy-options community cust-svcs-1121_import members target:4100:101121
set policy-options community cust_fwl_1121_export members target:503:101279
set policy-options community cust_fwl_1121_import members target:4100:101279


Only adv the default 

set policy-options policy-statement DEFAULT-ONLY term default-only from route-filter 0.0.0.0/0 exact
set policy-options policy-statement DEFAULT-ONLY term default-only then accept
set policy-options policy-statement DEFAULT-ONLY term reject-others then reject

L3VPN routes policy 

set policy-options policy-statement BGP-export-l3vpn term T1 from family inet-vpn
set policy-options policy-statement BGP-export-l3vpn term T1 then accept
set policy-options policy-statement BGP-export-l3vpn term T2 from family route-target
set policy-options policy-statement BGP-export-l3vpn term T2 then accept


Spoke site 

set protocols bgp group SR2_TC1 type external
set protocols bgp group SR2_TC1 hold-time 30
set protocols bgp group SR2_TC1 family inet labeled-unicast
set protocols bgp group SR2_TC1 family inet-vpn unicast
set protocols bgp group SR2_TC1 export bgp-export
set protocols bgp group SR2_TC1 peer-as 5503
set protocols bgp group SR2_TC1 neighbor 94.54.4.241
set protocols bgp group SR2_TC1 neighbor 94.54.4.243
set protocols mpls traffic-engineering mpls-forwarding

Route policy to adv the routes

set policy-options policy-statement bgp-export term T1 from protocol direct
set policy-options policy-statement bgp-export term T1 from route-filter 94.154.4.26/32 exact   (Loopback ip address of router)
set policy-options policy-statement bgp-export term T1 then accept
set policy-options policy-statement bgp-export term T2 then reject


Policy community 


set policy-options policy-statement VRF_1121_export term VRF_1121_export then community add cust-svcs-1121_import
set policy-options policy-statement VRF_1121_export term VRF_1121_export then next term
set policy-options policy-statement VRF_1121_export term VRF_1121_export-1 then community add cust_fwl_1121_import
set policy-options policy-statement VRF_1121_export term VRF_1121_export-1 then accept
set policy-options policy-statement VRF_1121_import term SVC_cust_fwl_1121 from protocol bgp
set policy-options policy-statement VRF_1121_import term SVC_cust_fwl_1121 from community cust_fwl_1121_export
set policy-options policy-statement VRF_1121_import term SVC_cust_fwl_1121 then accept
set policy-options policy-statement VRF_1121_import term SVC_cust_services_1121 from community cust-svcs-1121_export
set policy-options policy-statement VRF_1121_import term SVC_cust_services_1121 then accept

BGP Community 

set policy-options community cust-svcs-1121_export members target:503:101121
set policy-options community cust-svcs-1121_import members target:4100:101121
set policy-options community cust_fwl_1121_export members target:503:101279
set policy-options community cust_fwl_1121_import members target:4100:101279

Route-instances configuration

set routing-instances Monitoring-LCN-1121 interface ae1.55
set routing-instances Monitoring-LCN-1121 instance-type vrf
set routing-instances Monitoring-LCN-1121 route-distinguisher 94.54.4.26:8757
set routing-instances Monitoring-LCN-1121 vrf-import VRF_1121_import
set routing-instances Monitoring-LCN-1121 vrf-export VRF_1121_export
set routing-instances Monitoring-LCN-1121 vrf-table-label
By -
Labels: ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Optimization of fortigate IPS

IPS signature need select according to infrastructure environment  Eg:-  if  we are not have Linux servers this ips signature can disable (d...