> Richard Hicks > Sent: Monday, May 20, 2019 5:41 PM > > We are currently a mix of Juniper and Cisco. With the Cisco routers eBGP > peering with providers, exchanges, and customers. > > We will be reintroducing Juniper as peering routers. While I have some old > Juniper BGP peering policies I can build from, I would like know what is > working, or not working, well for others. > > For example: > - How many BGP groups do you use? > - How are they organized, and does it simplify or complicate policy design? What complicates things is the lack of dynamic update peer groups in junos.
I think the rest is somehow part of the secret sauce. > - Do you have large import/export policies, or do you chain smaller policies > together? > - What "knobs" do you have in your policies and how do you organize them... > (reject, lower-pref, raise-pref, prepend, etc...)? > - Do you use policies to put prefixes into specific RIB groups? For what > purpose? > - Is anyone aware of a Best Practices guide for Junos BGP policy design? Not really, but you might want to search for security policies (to be used on ingress to your AS) If such thing exist for junos it should definitely mention the fact that in your input normalization/bleaching policies on Junos you also need to include bleaching of extended communities with your AS#, cause junos will happily accept say route-targets on all (even eBGP or non-MP-BGP) sessions and install routes into VRFs by default, something to consider for policies facing customers as well. adam _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
