Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Configuring BGP Between the EDGE and Service Provider

    In VDC 1.0, Internet connectivity for the data center is achieved by establishing EBGP peering with multiple service providers. As shown in Unresolved xref, EBGP is configured from Edge-R1 to SP1 and Edge-R2 to SP2. Internet routes are simulated using testing tools connected to SP1 and SP2. SP1 and SP2 advertise the same Internet routes to the edge routers.

    The next element of routing in the solution is the configuration of EDGE R1 and EDGE R2 peering via iBGP with an export policy to enable "next-hop self". BGP local preference is configured to prefer the SP1.

    • The edge routers must advertise the data center's business-critical applications’ (SharePoint, Exchange, and Wikimedia) public address space into the Internet for the Internet users to access the data center resources. To support redundancy, each edge router is advertising the same prefix into the Internet.
    • Application server Internet access is provided using Source NAT on the edge firewall and forwarded to the edge routers for Internet access to service provider networks.
    • Remote access users connecting from Internet will use the Junos Pulse gateway public IP address for the VPN connection. The SA appliance VM hosting the pulse gateway service IP address is advertised to the Internet using an export policy.

    To configure BGP between the edge and the service provider, follow these steps:

    1. Configure the Simulated Service Provider (1).
      1. Configure the AE interface to Edge-R1.
        [edit]set interfaces xe-0/0/20 ether-options 802.3ad ae1set interfaces xe-0/0/22 ether-options 802.3ad ae1
        set interfaces ae1 description "To VDC Edge R1"set interfaces ae1 aggregated-ether-options lacp activeset interfaces ae1 aggregated-ether-options lacp periodic fastset interfaces ae1 unit 0 family inet address 10.94.127.229/30
      2. Configure EBGP peering with Edge-R1.
        [edit]set protocols bgp group EDGE-R1 local-address 10.94.127.229set protocols bgp group EDGE-R1 neighbor 10.94.127.230 peer-as 64512

      Note: Step 1 is provided for completeness. In a real-world scenario, the service provider configuration is outside of administrator control. The solution validation lab simulated a service provider connection as shown in step 1.

    2. Configure VDC-Edge-R1.
      1. Configure routing-options and EBGP to SP1.
        [edit]set routing-options autonomous-system 64512set protocols bgp group SP1 export Export-VDC-Subnetsset protocols bgp group SP1 neighbor 10.94.127.229 peer-as 100
      2. Configure iBGP peering with EDGE-R2.
        [edit]set protocols bgp group EDGE-R2 local-address 192.168.168.1set protocols bgp group EDGE-R2 neighbor 192.168.168.2 peer-as 64512
      3. Configure route export “next-hop-self”.
        [edit]set protocols bgp group EDGE-R2 export next-hop-self
      4. Configure the BGP export policy to advertise the applications’ public prefix
        [edit]set policy-options policy-statement Export-VDC-Subnets term App-Server-VIP from protocol ospfset policy-options policy-statement Export-VDC-Subnets term App-Server-VIP from route-filter 10.94.127.128/26 exact accept
      5. Configure the remote secure access prefix export policy
        [edit]set policy-options policy-statement Export-VDC-Subnets term Secure-Acces-IP from protocol ospfset policy-options policy-statement Export-VDC-Subnets term Secure-Acces-IP from route-filter 10.94.127.32/27 exact accept
      6. Enable Internet access for application servers.
        [edit]set policy-options policy-statement Export-VDC-Subnets term Server-Internet-NAT-IP from protocol ospfset policy-options policy-statement Export-VDC-Subnets term Server-Internet-NAT-IP from route-filter 10.94.127.0/27 exact accept
      7. Configure the next-hop-self policy.
        [edit]set policy-options policy-statement next-hop-self term 1 then local-preference 200set policy-options policy-statement next-hop-self term 1 then next-hop selfset policy-options policy-statement next-hop-self term 1 then accept
    3. Configure VDC-Edge-R2.
      1. Configure EBGP and export policy to SP2.
        [edit]set protocols bgp group T0-B6-Gateway neighbor 10.94.127.241 peer-as 300set protocols bgp group EDGE-R2 export from-ospfset protocols bgp group EDGE-R2 neighbor 10.94.127.246 peer-as 64512
      2. Configure BGP export of VDC subnets.
        [edit]set protocols bgp group SP2 export Export-VDC-Subnetsset protocols bgp group SP2 neighbor 10.94.127.245 peer-as 200
      3. Configure iBGP peering with VDC-Edge-R1.
        [edit]set protocols bgp group EDGE-R1 local-address 192.168.168.2set protocols bgp group EDGE-R1 export next-hop-selfset protocols bgp group EDGE-R1 neighbor 192.168.168.1 peer-as 64512
      4. Configure routing policy.
        [edit]set policy-options policy-statement Export-VDC-Subnets term App-Server-VIP from protocol ospfset policy-options policy-statement Export-VDC-Subnets term App-Server-VIP from route-filter 10.94.127.128/26 exact acceptset policy-options policy-statement Export-VDC-Subnets term Secure-Acces-IP from protocol ospfset policy-options policy-statement Export-VDC-Subnets term Secure-Acces-IP from route-filter 10.94.127.32/27 exact acceptset policy-options policy-statement Export-VDC-Subnets term Server-Internet-NAT-IP from protocol ospfset policy-options policy-statement Export-VDC-Subnets term Server-Internet-NAT-IP from route-filter 10.94.127.0/27 exact acceptset policy-options policy-statement Export-VDC-Subnets term Tera-VM-Server from route-filter 10.20.127.0/24 exact acceptset policy-options policy-statement Export-VDC-Subnets term TrafficGenerator from protocol ospfset policy-options policy-statement Export-VDC-Subnets term TrafficGenerator from route-filter 10.30.2.0/24 exact acceptset policy-options policy-statement Export-VDC-Subnets term TrafficGenerator from route-filter 10.30.3.0/24 exact acceptset policy-options policy-statement Export-VDC-Subnets term TrafficGenerator from route-filter 10.30.4.0/24 exact accept
      5. Configure BGP “next-hop self”.
        [edit]set policy-options policy-statement next-hop-self term 1 from protocol bgpset policy-options policy-statement next-hop-self term 1 then local-preference 100set policy-options policy-statement next-hop-self term 1 then next-hop selfset policy-options policy-statement next-hop-self term 1 then accept

    Published: 2015-04-20