Routing

Hi folks, 

I am trying to create a BGP session between two loopbacks that are announced through OSPF

juniper:

# run show route 172.16.1.3

inet.0: 57 destinations, 62 routes (57 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

172.16.1.3/32      *[OSPF/10] 2d 23:01:50, metric 11
                    > to 172.16.0.6 via ge-1/2/1.0

linux

# run show ip route 172.16.1.1
Routing entry for 172.16.1.1/32
  Known via "ospf", distance 110, metric 0,  External Route Tag: 0, best
  Last update 2d23h01m ago
  * 172.16.0.5, via eth6

172.16.1.1 and 172.16.1.3 are reachable from both routers.

If I use the interface IP 172.16.0.5 and 172.16.0.6 it will work.

Any help appreciate

Thanks,

Dan

Hi! 

I guess you are trying to use EBGP right? By default EBGP will only establish on directly connected interface. If you want to use loopback to establish EBGP, you need to enable multihop for such neighbor. 

Please check this link:

https://www.juniper.net/documentation/en_US/junos/topics/concept/bgp-multihop-understanding.html

Best

Mu

I want to use it on iBGP, I am using the same ospf area and same AS for BGP as well, I don't want EBGP

Could you share the OSPF and BGP configuration? Did you have the "local-address" knob under bgp to clarify lo0 as the local address?

Best

Mu

bgp configuration on juniper

set protocols bgp group bb2dr type internal
set protocols bgp group bb2dr local-address 172.16.1.1
set protocols bgp group bb2dr import pol-bb2dr-in
set protocols bgp group bb2dr import pol-reject-any
set protocols bgp group bb2dr family inet unicast
set protocols bgp group bb2dr export pol-advertise-default
set protocols bgp group bb2dr export pol-reject-any
set protocols bgp group bb2dr neighbor 172.16.1.3 description dr01
set protocols bgp group bb2dr neighbor 172.16.1.3 peer-as 12345

ospf juniper

set protocols ospf area 0.0.48.57 interface ge-1/2/1.0 interface-type p2p
set protocols ospf area 0.0.48.57 interface ge-1/2/1.0 priority 1
set protocols ospf area 0.0.48.57 interface ge-1/2/1.0 retransmit-interval 5
set protocols ospf area 0.0.48.57 interface ge-1/2/1.0 transit-delay 1
set protocols ospf area 0.0.48.57 interface ge-1/2/1.0 hello-interval 10
set protocols ospf area 0.0.48.57 interface ge-1/2/1.0 dead-interval 40
set protocols ospf export pol-ospf-export-static
set protocols ospf export pol-ospf-export-direct
set protocols ospf import pol-ospf-import

bgp configugation on linux

set protocols bgp 12345 neighbor 172.16.1.1 remote-as 12345
set protocols bgp 12345 neighbor 172.16.1.1 soft-reconfiguration inbound
set protocols bgp 12345 parameters router-id 172.16.1.3

ospf configuration linux

set protocols ospf area 12345 area-type normal
set protocols ospf area 12345 network 172.16.0.4/30
set protocols ospf area 12345 network 172.16.1.3/32
set protocols ospf parameters abr-type cisco
set protocols ospf parameters router-id 172.16.1.3
set protocols ospf passive-interface default
set protocols ospf passive-interface-exclude eth6

 ospf process on juniper

Address          Interface              State     ID               Pri  Dead
172.16.0.6       ge-1/2/1.0             Full      172.16.1.3         1    38

ospf process on linux

Neighbor ID     Pri   State            Dead Time   Address         Interface           Instance ID
172.16.0.1        1   Full/ -          00:00:33    172.16.0.5      eth6                    0

Is there a protect-RE filter configured on the Juniper device that might be restricting bgp access?

Look under the firewall hierarchy

I have no firewall

> show configuration firewall
>

the BGP is working if I configure the session between the interfaces ip 172.16.0.6 and 172.16.0.5, so I don't think there is a firewall issue, I enabled debugging and apparently the linux box is sending notification with the first ip address of the interface 😞

I need to see how can I change that behaviour ...

Aug 27 04:18:14.667325 bgp_listen_accept:5113: NOTIFICATION sent to 172.16.0.6+42970 (proto): code 6 (Cease) subcode 5 (Connection Rejected), Reason: Connection attempt from unconfigured neighbor: 172.16.0.6+42970

Hi,

So we are talking here about the firewall filter called protect-RE that is enabled to avoid lot of traffic twowards Routing-Engine and that is enabled on loopback interface. 

So can you check if there are any filters enabled on loopback interface?

Thanks

Hi 

Thank you for providing the traceoption. Looks like on the linux peer, the BGP messages are sending out from the physical interface instead of the configured loopback interface. 

I'm not sure if on the linux side you could announce the local address as Junos devices. On Cisco there should be a knob called update-source. You could further try something out in this direction.

Best

Mu

yes, that was the missing part, on linux I have update-source, now BGP is up, thanks for your help.

Regards,

Dan