Routing

Expand all | Collapse all

BGP export policy not working

Jump to Best Answer
  • 1.  BGP export policy not working

    Posted 11-23-2018 02:43

    Topology:

    vMX7----(ebgp)----[ge-0/0/1.0]vMX8----(ebgp)----vMX9

    Junos version:

    root> show version
    Model: vmx
    Junos: 14.1R1.10

    On vMX8:

    vMX8 has learnt 7.7.7.7/32 from vMX7 via ebgp, 10.10.10.10/32 is lo0.0 of vMX8

    root> show route table clean 
    
    clean.inet.0: 5 destinations, 5 routes (5 active, 0 holddown, 0 hidden)
    + = Active Route, - = Last Active, * = Both
    
    6.6.6.6/32         *[BGP/170] 00:43:43, localpref 100
                          AS path: 100 I, validation-state: unverified
                        > to 68.1.1.6 via ge-0/0/0.0
    7.7.7.7/32         *[BGP/170] 00:43:43, localpref 100
                          AS path: 200 I, validation-state: unverified
                        > to 78.1.1.7 via ge-0/0/1.0
    10.10.10.10/32     *[Direct/0] 00:27:14
                        > via lo0.1
    89.1.20.0/24       *[Direct/0] 00:58:59
                        > via ge-0/0/2.20
    89.1.20.8/32       *[Local/0] 00:58:59
                          Local via ge-0/0/2.20

    I intend to export both 7.7.7.7/32 and 10.10.10.10/32 to vMX9. below is my policy configuration

    root> show configuration policy-options policy-statement clean-to-bgp 
    from {
        route-filter 6.6.6.6/32 exact;
        route-filter 7.7.7.7/32 exact;
        route-filter 10.10.10.10/32 exact;
    }
    then accept;
    
    root> show configuration routing-instances clean 
    instance-type vrf;
    interface ge-0/0/2.20;
    interface lo0.1;
    route-distinguisher 1:1;
    vrf-target target:1:1;
    routing-options {
        autonomous-system 350;
    }
    protocols {
        bgp {
            group ebgp {
                type external;
                export clean-to-bgp;
                peer-as 300;
                neighbor 89.1.20.9;
            }
        }
    }

    If I do a "show route advertising-protocol bgp 89.1.20.9", only 10.10.10.10/32 gets exported.

    root> show route advertising-protocol bgp 89.1.20.9 
    
    clean.inet.0: 5 destinations, 5 routes (5 active, 0 holddown, 0 hidden)
      Prefix                  Nexthop              MED     Lclpref    AS path
    * 10.10.10.10/32          Self                                    I
    
    root>

     

     



  • 2.  RE: BGP export policy not working

    Posted 11-23-2018 02:46

    Providing further information:

    vMX8 learnt 7.7.7.7/32 via ebgp with vMX7 in inet.0

    root> show route table inet.0 7.7.7.7/32 
    
    inet.0: 11 destinations, 11 routes (11 active, 0 holddown, 0 hidden)
    + = Active Route, - = Last Active, * = Both
    
    7.7.7.7/32         *[BGP/170] 00:55:01, localpref 100
                          AS path: 200 I, validation-state: unverified
                        > to 78.1.1.7 via ge-0/0/1.0

    furthermore vMX8 leaked 7.7.7.7/32 from inet.0 to clean.inet.0 via rib-groups

    root> show configuration routing-options rib-groups 
    global-to-clean {
        import-rib [ inet.0 clean.inet.0 ];
    }
    root> show configuration protocols bgp group ebgp 
    family inet {
        unicast {
            rib-group global-to-clean;
        }
    }
    neighbor 68.1.1.6 {
        peer-as 100;
    }
    neighbor 78.1.1.7 {
        peer-as 200;
    }

    I think route leaking the main reason vMX8 does not export 7.7.7.7/32 to vMX9. I just can not find direct proof nor a solution from Juniper documentation or geek's blog.



  • 3.  RE: BGP export policy not working

    Posted 11-23-2018 03:17

    Can you share the output of " show route 7.7.7.7/32 extensive"



  • 4.  RE: BGP export policy not working

     
    Posted 11-23-2018 03:26

    You're getting the eBGP route in inet.0 then using rib-group you're leaking in to RI Clean. RI Clean, you've EBGP neighborship and you want to advertise BGP routes.

     

    Please correct the understanding.

     

    You can create aggregate/default route and advertise it to bgp neighbor.

     

    Regards,
    Rahul



  • 5.  RE: BGP export policy not working

    Posted 11-24-2018 23:00

    Hi rnayar,

     

    Your understanding is correct. And I'm fully aware that I can  create aggregate/default route and advertise it to bgp neighbor under RI clean.

    However, this is not the problem I'm trying to solve. I'd still like to have specific routes leaked from inet.0 to be advertised.

    Thank you for looking into it.



  • 6.  RE: BGP export policy not working

    Posted 11-24-2018 22:58
    root> show route 7.7.7.7/32 extensive 
    
    inet.0: 11 destinations, 11 routes (11 active, 0 holddown, 0 hidden)
    7.7.7.7/32 (1 entry, 1 announced)
    TSI:
    KRT in-kernel 7.7.7.7/32 -> {78.1.1.7}
    Page 0 idx 0, (group igbp type Internal) Type 1 val 0x955669c (adv_entry)
       Advertised metrics:
         Nexthop: 78.1.1.7
         Localpref: 100
         AS path: [300] 200 I
         Communities:
    Page 0 idx 1, (group ebgp type External) Type 1 val 0x9556680 (adv_entry)
       Advertised metrics:
         Nexthop: 78.1.1.7
         AS path: [300] 200 I
         Communities:
        Advertise: 00000001
    Path 7.7.7.7 from 78.1.1.7 Vector len 4.  Val: 0 1
            *BGP    Preference: 170/-101
                    Next hop type: Router, Next hop index: 551
                    Address: 0x940ebb4
                    Next-hop reference count: 5
                    Source: 78.1.1.7
                    Next hop: 78.1.1.7 via ge-0/0/1.0, selected
                    Session Id: 0x203
                    State: <Active Ext>
                    Local AS:   300 Peer AS:   200
                    Age: 1d 21:08:11 
                    Validation State: unverified 
                    Task: BGP_200.78.1.1.7+57857
                    Announcement bits (3): 0-KRT 3-BGP_RT_Background 4-Resolve tree 1 
                    AS path: 200 I
                    Accepted
                    Localpref: 100
                    Router ID: 7.7.7.7
                    Secondary Tables: clean.inet.0
    
    clean.inet.0: 5 destinations, 5 routes (5 active, 0 holddown, 0 hidden)
    
    7.7.7.7/32 (1 entry, 1 announced)
    TSI:
    KRT in-kernel 7.7.7.7/32 -> {78.1.1.7}
            *BGP    Preference: 170/-101
                    Next hop type: Router, Next hop index: 551
                    Address: 0x940ebb4
                    Next-hop reference count: 5
                    Source: 78.1.1.7
                    Next hop: 78.1.1.7 via ge-0/0/1.0, selected
                    Session Id: 0x203
                    State: <Secondary Active Ext>
                    Local AS:   300 Peer AS:   200
                    Age: 1d 21:03:43 
                    Validation State: unverified 
                    Task: BGP_200.78.1.1.7+57857
                    Announcement bits (1): 0-KRT 
                    AS path: 200 I
                    Accepted
                    Localpref: 100
                    Router ID: 7.7.7.7
                    Primary Routing Table inet.0


  • 7.  RE: BGP export policy not working
    Best Answer

    Posted 11-25-2018 03:29

    vMX8 is not advertising the route 7.7.7.7/32 to vMX9 because you are using same autonomous system 300 in vMX8's inet0 and vMX9. The route 7.7.7.7/32 has as-path 300 in it bgp attributes. By default, JunOS does not advertise the routes back to any EBGP peers that are in the same AS (in this case 300)  as the originating peer, regardless of the routing instance.Since vMX9 is also in AS 300, by default vMX8 will not advertise the route to vMX9. 

    You can override this behavior using "advertise-peer-as" command on vMX8 and "loops" at vMX9

     

    set routing-instances clean protocols bgp advertise-peer-as   <-----vMX8

    set protocols bgp group ebgp family inet unicast loops 1  <------vMX9

     

     

    Or use different AS no at vMX8 inet0 and vMX9

     

     



  • 8.  RE: BGP export policy not working

    Posted 11-25-2018 05:19

    Hi Netllikka, 

     

    You are right. My mistake, I overlooked.

    Appreciate a lot.



  • 9.  RE: BGP export policy not working

    Posted 11-25-2018 06:54

    Now I realize I was so stupid.