Routing

Expand all | Collapse all

BGP peering via (allow) not working

Jump to Best Answer
  • 1.  BGP peering via (allow) not working

    Posted 09-22-2017 08:20

    Hello All,

     

    Kindly I am configuring BGP to peer automatically with members of a subnet using:

    set protocols bgp group Route-injectors allow 10.10.10.0/24

     

    And I have a server whose IP: 10.10.10.5/32

     

    - When I use (neighbor 10.10.10.5/32) command, I can establish TCP connection with, and see it as established in (show bgp summary)

     

    - When I use (allow 10.10.10.0/24) command, I can't establish TCP connection with, and session disappears from (show bgp summary)

     

    I checked documentaion and found no need for further configuration to make it up and running.

     

    Any idea please?

     

    Best Regards,

    Mou



  • 2.  RE: BGP peering via (allow) not working

    Posted 09-22-2017 08:52

    Did you try enabling BGP traceoptions and checked if there's anything in the trace logs?

     

    Also, can you paste both of the configuration here?

     

     



  • 3.  RE: BGP peering via (allow) not working

    Posted 09-22-2017 09:10

    One more thing, Allow command is a passive command. As soon as you configure allow option, BGP will listen for any tcp connection sourced from any of the address in allowed subnet.

    BGP will not actively initiate the tcp session for that subnet. So if your server is also in pasisve mode (waiting for remote router/system to initiate the tcp session) , bgp session will not come up.

     

    HTH



  • 4.  RE: BGP peering via (allow) not working

    Posted 09-25-2017 01:16

    Hello Singhh,

     

    Kindly I am peering with linux servers, but from my side you can see the following configs:

     

    mkh@LAB> show configuration protocols bgp group v4-route_injector_Direct
    type external;
    multihop;
    local-address 10.0.0.5;
    import accept-all;
    family inet {
    unicast;
    }
    export reject-all;
    peer-as 64615;
    multipath;
    allow 10.10.10.0/24;

     

    One more point, I configured again BGP with (neighbor + passive) to check if server starts to negotiate TCP connection, after that status stucks on active , which means we did some stuff to negotiate the connection, and server isn't in passive mode.

     

    BR

     



  • 5.  RE: BGP peering via (allow) not working

    Posted 09-25-2017 04:06

    Can you monitor traffic on the interface which is connected to your server and see if you see any incoming TCP connection request from the server?

    Kindly monitor the interface with both configuration type to see the difference.

    One with allow subnet configuration and another with explicit neighbor configuration  (Without Passive and with passive)

     

     



  • 6.  RE: BGP peering via (allow) not working

    Posted 09-29-2017 04:27

    Hi @singhh

     

    Kindly I activated tracoption for this group with (allow) and have the following:

    Local: 10.93.192.5

    Remote: 10.254.11.6

    Command allow 10.254.11.0/24

     

    Sep 29 12:42:36.420915 BGP SEND 10.93.192.5+179 -> 10.254.11.6+33786
    Sep 29 12:42:36.421273 BGP SEND message type 3 (Notification) length 21
    Sep 29 12:42:36.421278 BGP SEND Notification code 6 (Cease) subcode 3 (Peer Unconfigured)
    Sep 29 12:42:36.435720 bgp_reset_flash: resetting flash/new policy routes for BGP_Group_v4-route_injector
    Sep 29 12:42:56.392735 task_alloc: allocated task block for BGP_Group_v4-route_injector priority 50
    Sep 29 12:42:56.392797 task_create: BGP_Group_v4-route_injector
    Sep 29 12:42:56.392801 bgp_group_init: initializing group v4-route_injector_Direct type External

     

    I saw that subcode 3 means Peer Unconfigured, but why? if I use (neighbour) without problem ---> so no problem on server side.


    #singhh


  • 7.  RE: BGP peering via (allow) not working

    Posted 09-29-2017 04:54

    @mkhachfeh wrote:

    @Hi @singhh

     

    Kindly I activated tracoption for this group with (allow) and have the following:

    Local: 10.93.192.5

    Remote: 10.254.11.6

    Command allow 10.254.11.0/24

     

    I saw that subcode 3 means Peer Unconfigured, but why? if I use (neighbour) without problem ---> so no problem on server side.


    See, when you configure allow command on Junos, It will work as a passive and listen for any TCP connection initiated from any device using the source from the allowed subnet.

     

    The reason you are seeing no peer configured message because you haven't configured any peer. You are just allowing the subnet with which your router can form a BGP neighborship.

     

    I believe your server is in passive mode. You can monitor the traffic on the interface on your router with the allow via configuration and can check if you see any TCP session coming from your server.

     

    "monitor traffic interface xxx no-resolve

     

    here xxx is your interface name which is connected to the server.

     

    HTH



  • 8.  RE: BGP peering via (allow) not working
    Best Answer

    Posted 09-29-2017 06:55

    Thanks a lot, it is ok now

     

    The problem was related to a filter applied on my lo0 which I peer via, and allow as input only tcp-established