On Wed, 20 Jun 2012, Morgan McLean wrote:
I have a /24 I want to announce, but I don't actually have it anywhere on
the network. I NAT some of its IP's on the SRX that has the BGP session
with our providers.
I've been using static routes with the discard flag, but I don't really
like the way the SRX handles traffic. It still creates sessions for traffic
destined to IP's not used anywhere (hitting the static route) and can be
easily dos'd because of this.
I'm curious what you mean by 'dos' in this scenario. You can use an
aggregate to tell the router to advertise the /24 as long as at least a
portion of it exists in your IGP.
Is there a better way to just tell our providers hey, we have this range?
If you're multi-homed (you didn't say, so I'm not sure), you need to
announce prefixes using BGP. If you're not multi-homed, you could have
your upstream provider announce the /24 for you, and statically route it
to you, but that doesn't change the fact that you would get traffic for
all of the addresses in that range.
You could also use a firewall filter to throw away packets that are
destined for addresses/ranges that you're not using in that /24.
jms
_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
