Manage cookies that are used for advertising, such as ad personalization, remarketing, and ad effectiveness analysis.
Configuring BGP on Juniper routers
2026-02-04
Input data
| Parameter | Meaning |
|---|---|
| Our AS | 49570 |
| Cogent AS | 174 |
| Our IP (on the link) | 38.120.0.5/31 |
| Cogent IP (gateway) | 38.120.0.4/31 |
| Our announced prefix | 91.105.208.0/21 |
| Home IP | 185.0.0.21 |
1️⃣ Chassis settings
set chassis aggregated-devices ethernet device-count 2
set chassis fpc 0 ir-mode R
set chassis alarm management-ethernet link-down ignore2️⃣ Interface (if not already configured)
Let's assume that this is xe-0/0/0.0
(enter your own interface)
set interfaces xe-0/0/0 unit 0 family inet address 38.120.0.5/31
set chassis aggregated-devices ethernet device-count 23️⃣ Policy options — filters
🔹 Prefix-list: what we are announcing Cogent
set policy-options prefix-list OUR-PREFIXES 91.105.208.0/21🔹 Export policy: what we give to Cogent
set policy-options policy-statement EXPORT-TO-COGENT term ALLOW-OUR-NETS from prefix-list OUR-PREFIXES
set policy-options policy-statement EXPORT-TO-COGENT term ALLOW-OUR-NETS then accept
set policy-options policy-statement EXPORT-TO-COGENT term DENY-ALL then reject➡️ Cogent loves strictness — only your prefixes, no surprises.
🔹 Import policy: what we accept from Cogent
The simplest and most commonly used option is to accept everything:
set policy-options policy-statement IMPORT-FROM-COGENT term ACCEPT-ALL then accept
💡 Later, you can complicate things: max-prefix, local-pref, communities, etc.
4️⃣ BGP configuration
🔹 Primary eBGP group
set protocols bgp group COGENT type external
set protocols bgp group COGENT peer-as 174
set protocols bgp group COGENT local-as 49570🔹 BGP neighbor
set protocols bgp group COGENT neighbor 38.120.0.4
🔹 We apply policies
set protocols bgp group COGENT export EXPORT-TO-COGENT
set protocols bgp group COGENT import IMPORT-FROM-COGENT
set protocols bgp group COGENT description "Cogent Communications"🔹 Session logging
set protocols bgp group COGENT log-updown
5️⃣ Firewall
Restricting access to the router via SSH
🔹 List of IP addresses from which access will be granted
set policy-options prefix-list ssh-access 185.0.0.21/32🔹 Firewall Rules
set firewall family inet filter juniper-access-ipv4 term ALLOW_BGP_DYNAMIC from source-prefix-list BGP_PEERS_DYNAMIC
set firewall family inet filter juniper-access-ipv4 term ALLOW_BGP_DYNAMIC from protocol tcp
set firewall family inet filter juniper-access-ipv4 term ALLOW_BGP_DYNAMIC from port bgp
set firewall family inet filter juniper-access-ipv4 term ALLOW_BGP_DYNAMIC then accept
set firewall family inet filter juniper-access-ipv4 term allow-ssh-access from source-prefix-list ssh-access
set firewall family inet filter juniper-access-ipv4 term allow-ssh-access then accept
set firewall family inet filter juniper-access-ipv4 term discard-ssh-access from protocol tcp
set firewall family inet filter juniper-access-ipv4 term discard-ssh-access from destination-port ssh
set firewall family inet filter juniper-access-ipv4 term discard-ssh-access then discard
🔹 Assign Firewall rules to the port
set interfaces lo0 unit 0 family inet filter input juniper-access-ipv4
set interfaces lo0 unit 0 family inet address 127.0.0.1/326️⃣ Post-commit check
show bgp summary
show route advertising-protocol bgp 38.120.0.4
show route receive-protocol bgp 38.120.0.4