Routing

Hey folks,

I have an ospf and bgp configuration issue, below I will describe a bit the topology to give more context:
my topology:

ISP <-> BB - |<-> DR01
                      |<-> DRnn

ISP is sending default route to BB then BB is sending is passing out default route + connected + direct to DR routers over BGP

DR routers are sending back to BB the local routes

BB is announcing to ISP a specific prefix-list
so far so good, all traffic is flowing without issue between ISP and BB and between BB and DRs, I can reach all public IPs originating from DR behind BB, but doesn't work from internet.

there is OSPF between BB and each DR using private /30 ips, each DR is announcing its private /32 Loopback and then there is a BGP session between BB loopback and each DR loopback.
BB is also route reflector to avoid full mesh

the issue is that I can not reach from the internet public IPs originating from DR which technically should not happen

acronyms: ISP - internet service provider
                   BB - backbone router
                   DR - distribution routers

BB output:

bb> show route 0.0.0.0

inet.0: 78 destinations, 82 routes (78 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

0.0.0.0/0          *[BGP/170] 13w5d 20:30:38, localpref 100
                      AS path: xxx I, validation-state: unverified
                    > to xx.xx.140.209 via xe-0/0/0.0
                    [BGP/170] 44w6d 09:53:12, localpref 90
                      AS path: yyy I, validation-state: unverified
                    > to yy.yy.178.97 via ge-1/2/5.0

bb> show ospf neighbor
Address          Interface              State     ID               Pri  Dead
172.16.0.2       ge-1/3/0.0             Full      172.16.0.2         1    38
172.16.0.6       xe-0/0/1.10            Full      172.16.1.3         1    37


bb> show ospf route
Topology default Route Table:

Prefix             Path  Route      NH       Metric NextHop       Nexthop
                   Type  Type       Type            Interface     Address/LSP
172.16.0.2         Intra Router     IP            1 ge-1/3/0.0    172.16.0.2
172.16.1.3         Intra Router     IP            1 xe-0/0/1.10   172.16.0.6
172.16.0.0/30      Intra Network    IP            1 ge-1/3/0.0
172.16.0.4/30      Intra Network    IP            1 xe-0/0/1.10
172.16.1.2/32      Intra Network    IP           11 ge-1/3/0.0    172.16.0.2
172.16.1.3/32      Intra Network    IP           11 xe-0/0/1.10   172.16.0.6

bb> show bgp summary
Groups: 4 Peers: 4 Down peers: 0
Table          Tot Paths  Act Paths Suppressed    History Damp State    Pending
inet.0
                      31         30          0          0          0          0
Peer                     AS      InPkt     OutPkt    OutQ   Flaps Last Up/Dwn State|#Active/Received/Accepted/Damped...
xx.xx.140.209          xxx     279012     308649       0       3 13w5d 20:36:49 1/1/1/0              0/0/0/0
yy.yy.178.97           yyy     905572    1002155       0       2 44w6d 9:59:23 0/1/1/0              0/0/0/0
172.16.1.2            zzz      12448      13699       0       1  4d 7:39:13 27/27/27/0           0/0/0/0
172.16.1.3            zzz        285        315       0       6     2:21:39 2/2/2/0              0/0/0/0

the example prefix that is not reachable from the internet:

bb> show route aa.bb.25.0

inet.0: 78 destinations, 82 routes (78 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

aa.bb.25.0/24      *[BGP/170] 02:26:05, localpref 100, from 172.16.1.3
                      AS path: I, validation-state: unverified
                    > to 172.16.0.6 via xe-0/0/1.10

DR route output:

dr01>show ip route 0.0.0.0
Routing entry for 0.0.0.0/0
  Known via "bgp", distance 200, metric 0,  External Route Tag: xxx, best
  Last update 02:38:22 ago
  * xx.xx.140.209, via eth1

I don't understand why is not working so if anyone has any idea I will be forever grateful 🙂 

Thanks

Dan

Hello,

A couple of suggestions:

1/ please share Your sanitized configurations

2/ please traceroute from internet towards any of Your public IP, and share the printout to show us where the traceroute stops

3/ please check Your public prefixes using BGP looking glass of Your ISP, then using BGP looking glass of Your ISP' upstream; or if You have difficulty finding them, using any closest BGP looking glass, and share the outputs

You can find BGP looking glasses at http://www.bgplookingglass.com  or simply googling them.

HTH

Thx

Alex

so there is a /23 that I am advertising to ISP while one /24 is working which is direct connected on BB the other /24 that is advertised from DR is not working, 

the traceroute is stopping at local BB xx.xx.140.210 which is the local BB IP address that is used on the interface between ISP and BB

#ISP BGP

set protocols bgp group cogent type external
set protocols bgp group cogent import pol-bb2isp-in
set protocols bgp group cogent import pol-reject-any
set protocols bgp group cogent family inet unicast
set protocols bgp group cogent export pol-bb2isp-out
set protocols bgp group cogent export pol-reject-any
set protocols bgp group cogent neighbor xx.xx.140.209 description Cogent
set protocols bgp group cogent neighbor xx.xx.140.209 peer-as xxx

set policy-options policy-statement pol-bb2isp-in term match-default-in from protocol bgp
set policy-options policy-statement pol-bb2isp-in term match-default-in from route-filter 0.0.0.0/0 exact
set policy-options policy-statement pol-bb2isp-in term match-default-in then accept

set policy-options policy-statement pol-bb2isp-out term match-static from protocol static
set policy-options policy-statement pol-bb2isp-out term match-static from route-filter xx.xx.24.0/23 exact
set policy-options policy-statement pol-bb2isp-out term match-static then accept

set routing-options static route xx.xx.24.0/23 reject
set routing-options static route xx.xx.24.0/23 install

set interfaces xe-0/0/0 unit 0 family inet address xx.xx.140.210/29
set interfaces xe-0/0/0 unit 0 family inet address xx.xx.140.212/29
set interfaces xe-0/0/0 unit 0 family inet address xx.xx.140.211/29

#BGP
set protocols bgp group bb2dr type internal
set protocols bgp group bb2dr local-address 172.16.1.1
set protocols bgp group bb2dr import pol-bb2dr-in
set protocols bgp group bb2dr import pol-reject-any
set protocols bgp group bb2dr family inet unicast
set protocols bgp group bb2dr export pol-advertise-default
set protocols bgp group bb2dr export pol-bb2dr-out
set protocols bgp group bb2dr export pol-reject-any
set protocols bgp group bb2dr cluster 172.16.1.1
set protocols bgp group bb2dr neighbor 172.16.1.3 description dr01
set protocols bgp group bb2dr neighbor 172.16.1.3 peer-as zzz

set policy-options policy-statement pol-bb2dr-in term match-any from protocol bgp
set policy-options policy-statement pol-bb2dr-in term match-any then next-hop peer-address
set policy-options policy-statement pol-bb2dr-in term match-any then accept

set policy-options policy-statement pol-reject-any then reject

set policy-options policy-statement pol-advertise-default from route-filter 0.0.0.0/0 exact
set policy-options policy-statement pol-advertise-default then accept

set policy-options policy-statement pol-bb2dr-out term match-static from protocol bgp
set policy-options policy-statement pol-bb2dr-out term match-static then accept
set policy-options policy-statement pol-bb2dr-out term match-direct from protocol direct
set policy-options policy-statement pol-bb2dr-out term match-direct from protocol static
set policy-options policy-statement pol-bb2dr-out term match-direct then accept

Hello,

Please add 1 extra line into BB config:

set policy-options policy-statement pol-advertise-default then next-hop self

HTH

Thx

Alex

aweesoomee! working!