Mar 28, 2014

[POC] Junos script Operations Automation (op script) - show-bgp-policy

Junos Script Automation is a powerful and flexible on-box toolset which provides customization of network behavior, adaption to what your application expects to configure, manage and diagnose if and when needed. It sits right above the Junos OS, with a northbound interface to Junos Space applications, and southbound access to Junos SDK applications and native management plane instrumentation. This customized programmable solution makes your application smarter and better in real-time.

In Juniper official website provides many script samples to match part of common requests. In my company, we deployed many inter-connections EBGP/IBGP between router or layer 3 switch. So I picked one op script from the JUNOS Script Library - show bgp policy: display all routing-policies in sequential order for a selected BGP peer.


If you ever used JUNOS, you will know that JUNOS BGP needs import/export policy to include/exclude the routes to be advertised or received. When you have lots of different BGP neighbors you may apply different import/export policy to match different BGP peer request or limitation.

So you can leverage this JUNOS script to review each neighbor policy more easily:

Preparation

As below are the steps of installation on your juniper routers:

1. Download the script file from JUNOS Script Library:

2. To confirm that your routers has the directory already(if not, please make the same directory path by yourself by using the command mkdir) : /var/db/scripts/op

--- JUNOS 12.1X46-D10.2 built 2013-12-18 02:43:42 UTC
lab@vSRX-1> start shell 
% pwd
/cf/var/home/lab
% cd /var/db
% ls scripts/
commit  event   import  lib     op

3. Configure the script path under system hierarchical level:

% exit
lab@vSRX-1> configure 
Entering configuration mode
[edit]
lab@vSRX-1#set system scripts op file show-bgp-policy.slax description "show bgp policy import/export policy"

4. Enable ftp service on your router: (you should have any user account already, then you don't need to setup additional user account to use the ftp service)

[edit]
lab@vSRX-1# set system services ftp

5. DO NOT forget to commit to make the commands take effect:

[edit]
lab@vSRX-1# commit 
commit complete

6. Use any ftp client connect to your router then upload the script under the directory /var/db/scripts/op

7. Done! 


Implementation

Now let's start to use the script in your daily operation to help you to check the bgp policy:
At first, let's see what BGP peers we have on router:

[edit]
lab@vSRX-1> show bgp summary 
Groups: 1 Peers: 128 Down peers: 0
Table          Tot Paths  Act Paths Suppressed    History Damp State    Pending
inet.0                 0          0          0          0          0          0
Peer                     AS      InPkt     OutPkt    OutQ   Flaps Last Up/Dwn State|#Active/Received/Accepted/Damped...
10.10.10.1                2      41886      41888       0       0      2w0d1h 0/0/0/0              0/0/0/0


Check your bgp neighbor 10.10.10.1 policy as below: (In my case, I did not config import policy)

lab@vSRX-1> op show-bgp-policy neighbor 10.10.10.1 direction export
BGP Neighbor: 10.10.10.1 in group EBGP
Export Policies: Export_to_EBGP
Policy: Export_to_EBGP
    policy-statement Export_to_EBGP {
        from {
            protocol static;
            route-filter 10.0.0.0/8 orlonger;
        }
        then accept;
    }


lab@vSRX-1> op show-bgp-policy neighbor 10.10.10.1 direction import
error: There are no import policies for 10.10.10.1
BGP Neighbor: 10.10.10.1 in group EBGP
Post a Comment