Routing

Hi.

I have a fairly basic setup, but am struggling with the setup of BGP to get our expressroute circuit live, I have got BGP up and running and it cab see its neighbours, and can see the advertisement from azure of our range over there.

I have got it setup in a vrouter and have tried adding a static route into that but it doesn't advertise it.

I looked at this post: https://forums.juniper.net/t5/Routing/Export-rib-clarification/td-p/213897 but it didn't make sense to me.

internal range: 192.168.1.0/24
azure range 192.168.2.0/24

show route outputs

Azure_Metro-VR.inet.0: 5 destinations, 6 routes (5 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

192.168.2.0/24      *[BGP/170] 15:35:33, localpref 100
                      AS path: 25180 12076 I, validation-state: unverified
                    > to 172.16.233.1 via reth2.949
                    [BGP/170] 15:34:36, localpref 100
                      AS path: 25180 12076 I, validation-state: unverified
                    > to 172.16.233.2 via reth2.949
172.16.233.0/29    *[Direct/0] 3d 02:52:13
                    > via reth2.949
172.16.233.6/32    *[Local/0] 3d 02:52:13
                      Local via reth2.949
192.168.233.0/30   *[BGP/170] 1d 16:19:30, localpref 100
                      AS path: 25180 I, validation-state: unverified
                    > to 172.16.233.2 via reth2.949
192.168.233.4/30   *[BGP/170] 1d 16:20:28, localpref 100
                      AS path: 25180 I, validation-state: unverified
                    > to 172.16.233.1 via reth2.949

show config for that routing instance

Azure_Metro-VR {
    instance-type virtual-router;
    interface reth2.949;
    routing-options {
        autonomous-system 65432;
    }
    protocols {
        bgp {
            log-updown;
            group Azure_EE {
                type external;
                peer-as 25180;
                neighbor 172.16.233.1;
                neighbor 172.16.233.2;
            }
        }
    }
}

I've not got any other config that BGP uses, no policies etc, running

show route advertising-protocol bgp 172.16.233.1

brings back no results (not sure if this is expected, as BGP is new to me

There’s no export policy applied to bgp peer to advertise any route.

I.e.

Set routing-option static route 0/0 next-hop 10.0.0.1

Set policy-option policy-statement test from route-filter 0/0 exact
Set policy-option policy-statement test then accept

Set protocol bgp group test neighbor x.x.x.x export test

HTH

You either require a policy in configuration to advertise your route or can use "advertise-bgp-static" knob for an statis route.

how does that advertise- bgp-static work does that go in the routing options with an import of the static route on the bgp vr.

Sorry for sounding thick, but this is all new to me..

Thanks.

This knob "advertise-bgp-static" works in conjunction with bgp-static route knob in routing-option. For example:

set routing-options bgp-static route x.x.x.x/32
set protocols bgp group test neighbor x.x.x.x advertise-bgp-static

ok, so does that go inside the virtual router config bit or outside in the global bit?

steve - that 10.10.10.0/24 line is that the route I want to advertise or somthing else

The policy is created globally then referenced by an VR on the box.

The BGP groups are created inside routing instances where they will add to the routing table.

I believe the commands above are setup for your configuration as posted.

If the static route you want to advertise already exists on the device all you need is to create the policy to export the static route and apply this to your peer session.

set policy-options policy-statement Azure_export term static from protocol static

set policy-options policy-statement Azure_export term static from route-filter 10.10.10.0/24 exact

set policy-options policy-statement Azure_export term static then accept

set policy-options policy-statement Azure_export term final then reject

set routing-instances Azure_Metro-VR protocols bgp group Azure_EE export Azure_export

the static route is essentially to advertise the stuff connected onto the main inet.0 router 192.168.1.0/24 range, its directly connected

For your BGP policy the important part is what kind of route is in your table there.

show route 192.168.1.0/24 table Azure_Metro-VR.inet.0

whatever protocol this route is in the Azure table, use this is the policy changing static to direct, ospf or whatever the protocol is there.

By default the BGP export policy will send all BGP routes only.  Other protocols must be specifed in a policy.

Ok. So if you have 192.168.1.0/24 subnet in inet.0 table. Use below config

set routing-instances Azure_Metro-VR routing-options static route 192.168.1.0/24 next-table inet.0

set policy-options policy-statement test from protocol direct    <<<< small change (you can delete this line as well and it will still work)

set policy-options policy-statement test from route-filter 192.168.1.0/24 exact

set policy-options policy-statement test then accept

set routing-instances Azure_Metro-VR protocols bgp group Azure_EE export test

HTH

How do I verify that the routes are being advertised, as if I use the following

show route advertising-protocol bgp 172.16.233.1

it returns nothing.

Sorry for the confusion here.  Since we don't have your full topology lets just focus on your virtual router connecting to Azure.

confirm the route you want to advertise is 190.168.1.0/24

Is the route in question in this route table?

show route 192.168.1.0/24 table Azure_Metro-VR.inet.0

Yes: 

What protocol does this route show and does it have the * indicating it is active.

If yes then the policy and application are this:

changing the static if necessary to direct, ospf or whatever protocol the route is in the routing table.

set policy-options policy-statement Azure_export term static from protocol static

set policy-options policy-statement Azure_export term static from route-filter 10.10.10.0/24 exact

set policy-options policy-statement Azure_export term static then accept

set policy-options policy-statement Azure_export term final then reject

set routing-instances Azure_Metro-VR protocols bgp group Azure_EE export Azure_export

If the route is NOT in the Azure_Metro-VR routing table then more questions arise.

Is the subnet reachable via other routes in the Azure_Metro-VR routing table like the default or larger segments?

If yes, then you can use the bgp-static static technique to create the route to advertise or a generate route.

If no, this is not reachable yet, then you need to have a look at your topology and options for getting reachability first.

in Policy options I have

policy-statement Azure_BGP_Policy {
    from {
        route-filter 192.168.1.0/24 exact;
    }
}

and my vrouter looks like

Azure_Metro-VR {
    instance-type virtual-router;
    interface reth2.949;
    routing-options {
        static {
            route 192.168.1.0/24 next-table inet.0;
        }
        autonomous-system 65432;
    }
    protocols {
        bgp {
            log-updown;
            group Azure_EE {
                type external;
                export Azure_BGP_Policy;
                peer-as 25180;
                neighbor 172.16.233.1;
                neighbor 172.16.233.2;
            }
        }
    }
}

my routing table looks like

show route 192.168.1.0/24 table Azure_Metro-VR.inet.0

Azure_Metro-VR.inet.0: 6 destinations, 7 routes (6 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

192.168.1.0/24        *[Static/5] 01:44:33
                      to table inet.0

Thanks for the help so far, its beginning to make sense

This looks good.  Are the peers up?

show bgp neighbor 172.16.233.1

show bgp neighbor 172.16.233.2

Is the route advertised?

show route advertising-protocol bgp 172.16.233.1

show route advertising-protocol bgp 172.16.233.2

then the next thing to consider is the return path for resources that need to reach Azure prefixes.

What prefixes are you learning from these peers?

show route receive-protocol bgp 172.16.233.1

show route receive-protocol bgp 172.16.233.1

Is there a route from you main inet.0 instance into the Azure routing instance for these routes?

If not, are you going to add static routes?  A bgp peer?

If the network is larger than this device how will you distribute these routes to other devices in the network?

Peers are up

root@SRX345_A> show bgp neighbor 172.16.233.1
Peer: 172.16.233.1+179 AS 25180 Local: 172.16.233.6+57954 AS 65432
  Type: External    State: Established    Flags: <Sync>
  Last State: OpenConfirm   Last Event: RecvKeepAlive
  Last Error: None
  Export: [ Azure_BGP_Policy ]
  Options: <Preference LogUpDown PeerAS Refresh>
  Holdtime: 90 Preference: 170
  Number of flaps: 0
  Peer ID: 62.244.170.198  Local ID: 172.16.233.6      Active Holdtime: 90
  Keepalive Interval: 30         Group index: 0    Peer index: 0
  BFD: disabled, down
  Local Interface: reth2.949
  NLRI for restart configured on peer: inet-unicast
  NLRI advertised by peer: inet-unicast
  NLRI for this session: inet-unicast
  Peer supports Refresh capability (2)
  Stale routes from peer are kept for: 300
  Peer does not support Restarter functionality
  Peer does not support Receiver functionality
  Peer does not support LLGR Restarter or Receiver functionality
  Peer supports 4 byte AS extension (peer-as 25180)
  Peer does not support Addpath
  Table Azure_Metro-VR.inet.0 Bit: 10000
    RIB State: BGP restart is complete
    RIB State: VPN restart is complete
    Send state: in sync
    Active prefixes:              2
    Received prefixes:            2
    Accepted prefixes:            2
    Suppressed due to damping:    0
    Advertised prefixes:          0
  Last traffic (seconds): Received 11   Sent 18   Checked 41
  Input messages:  Total 9970   Updates 7       Refreshes 0     Octets 189685
  Output messages: Total 11033  Updates 0       Refreshes 0     Octets 209671
  Output Queue[0]: 0            (Azure_Metro-VR.inet.0, inet-unicast)

{primary:node0}
root@SRX345_A>

{primary:node0}
root@SRX345_A> show bgp neighbor 172.16.233.2
Peer: 172.16.233.2+179 AS 25180 Local: 172.16.233.6+55959 AS 65432
  Type: External    State: Established    Flags: <Sync>
  Last State: OpenConfirm   Last Event: RecvKeepAlive
  Last Error: None
  Export: [ Azure_BGP_Policy ]
  Options: <Preference LogUpDown PeerAS Refresh>
  Holdtime: 90 Preference: 170
  Number of flaps: 0
  Peer ID: 62.244.170.199  Local ID: 172.16.233.6      Active Holdtime: 90
  Keepalive Interval: 30         Group index: 0    Peer index: 1
  BFD: disabled, down
  Local Interface: reth2.949
  NLRI for restart configured on peer: inet-unicast
  NLRI advertised by peer: inet-unicast
  NLRI for this session: inet-unicast
  Peer supports Refresh capability (2)
  Stale routes from peer are kept for: 300
  Peer does not support Restarter functionality
  Peer does not support Receiver functionality
  Peer does not support LLGR Restarter or Receiver functionality
  Peer supports 4 byte AS extension (peer-as 25180)
  Peer does not support Addpath
  Table Azure_Metro-VR.inet.0 Bit: 10000
    RIB State: BGP restart is complete
    RIB State: VPN restart is complete
    Send state: in sync
    Active prefixes:              1
    Received prefixes:            2
    Accepted prefixes:            2
    Suppressed due to damping:    0
    Advertised prefixes:          0
  Last traffic (seconds): Received 10   Sent 22   Checked 40
  Input messages:  Total 9973   Updates 10      Refreshes 0     Octets 189833
  Output messages: Total 11031  Updates 0       Refreshes 0     Octets 209633
  Output Queue[0]: 0            (Azure_Metro-VR.inet.0, inet-unicast)

advertised and received looks like

{primary:node0}
root@SRX345_A> show route advertising-protocol bgp 172.16.233.1


{primary:node0}
root@SRX345_A> show route advertising-protocol bgp 172.16.233.2

{primary:node0}
root@SRX345_A> show route receive-protocol bgp 172.16.233.1

Azure_Metro-VR.inet.0: 6 destinations, 7 routes (6 active, 0 holddown, 0 hidden)
  Prefix                  Nexthop              MED     Lclpref    AS path
* 192.168.2.0/24          172.16.233.1                            25180 12076 I
* 192.168.233.4/30        172.16.233.1                            25180 I

inet6.0: 1 destinations, 1 routes (1 active, 0 holddown, 0 hidden)

{primary:node0}
root@SRX345_A>

{primary:node0}
root@SRX345_A> show route receive-protocol bgp 172.16.233.2

Azure_Metro-VR.inet.0: 6 destinations, 7 routes (6 active, 0 holddown, 0 hidden)
  Prefix                  Nexthop              MED     Lclpref    AS path
  192.168.2.0/24          172.16.233.2                            25180 12076 I
* 192.168.233.0/30        172.16.233.2                            25180 I

inet6.0: 1 destinations, 1 routes (1 active, 0 holddown, 0 hidden)

{primary:node0}
root@SRX345_A>

as for the final jump at our end, we have always had a good bit of luck with NAT.

Policy configuration doesn't look good. Please change the same as mentioned by Steve/Harpreet.

set policy-options policy-statement Azure_export term static from protocol static
set policy-options policy-statement Azure_export term static from route-filter 192.168.1.0/24 exact
set policy-options policy-statement Azure_export term static then accept

Regards,

Rahul

Sorry, I missed this typo earlier.  You need from protocol static in this policy

policy-statement Azure_BGP_Policy {
    from {
        protocol static;
        route-filter 192.168.1.0/24 exact;
    }
}

its up and running like a champ final config is:

root@SRX345_A> show configuration policy-options
policy-statement Azure_BGP_Policy {
    from {
        protocol static;
        route-filter 192.168.1.0/24 exact;
    }
    then accept;
}

root@SRX345_A> show configuration routing-instances Azure_Metro-VR
instance-type virtual-router;
interface reth2.949;
routing-options {
    static {
        route 192.168.1.0/24 next-table inet.0;
    }
    autonomous-system 65432;
}
protocols {
    bgp {
        log-updown;
        group Azure_EE {
            type external;
            export Azure_BGP_Policy;
            peer-as 25180;
            neighbor 172.16.233.1;
            neighbor 172.16.233.2;
        }
    }
}

Thanks for your help on this guys, really appreciated..

Hello @liquidkristal,

Could you please share example configuration for whole Azure Express route? I need to create it, too but have no idea where to start.

Thank you.

Isac