Junos OS

Expand all | Collapse all

Does JunOS breaks iBGP rules when using several routing instances?

  • 1.  Does JunOS breaks iBGP rules when using several routing instances?

    Posted 26 days ago

    I have setup with several routers where 1 is external eBGP router with 2 iBGP routers.

    Routes are coming from eBGP peer are landing to Routing-Instance Ext and after that their are moved to inet.0 or master table. Then you can see iBGP peering via inet.0 and external routes that are accepted from eBGP neighbour accepted in eBGP last neighbour without next-hop self policy.

    This is simple test lab.

    vMX which has several RIs looks like this and no special policies exist on all routers so no next hop self statements exists:

    interfaces {
        ge-0/0/0 {
            unit 0 {
                family inet {
                    address 10.0.0.1/31;
                }}}
        ge-0/0/1 {
            unit 0 {
                family inet {
                    address 10.0.100.0/31;
                }}}
    }
    routing-options {
        instance-import route_import_master;
    }
    protocols {
        bgp {
            group iBGP {
                local-as 2;
                neighbor 10.0.100.1 {
                    peer-as 2;
                }}}
    }
    policy-options {
        policy-statement route_import_master {
            term From_Ext {
                from {
                    instance Ext;
                    protocol bgp;
                }
                then accept;
            }
            then reject;
        }
    }                                       
    routing-instances {
        Ext {
            instance-type virtual-router;
            interface ge-0/0/0.0;
            protocols {
                bgp {
                    group eBGP {
                        local-as 2;
                        neighbor 10.0.0.0 {
                            peer-as 1;
                        }}}}}}

    Here the result routes where we can se route 5.0.0.0/24 exported to master routing table:

    >show route 
    
    inet.0: 3 destinations, 3 routes (3 active, 0 holddown, 0 hidden)
    + = Active Route, - = Last Active, * = Both
    
    5.0.0.0/24         *[BGP/170] 00:02:13, MED 0, localpref 100
                          AS path: 1 I, validation-state: unverified
                        > to 10.0.0.0 via ge-0/0/0.0
    
    Ext.inet.0: 3 destinations, 3 routes (3 active, 0 holddown, 0 hidden)
    + = Active Route, - = Last Active, * = Both
    
    5.0.0.0/24         *[BGP/170] 00:02:13, MED 0, localpref 100
                          AS path: 1 I, validation-state: unverified
                        > to 10.0.0.0 via ge-0/0/0.0

    Next my iBGP only router:

    interfaces {
        ge-0/0/1 {
            unit 0 {
                family inet {
                    address 10.0.100.1/31;
                }}}
    }
    protocols {
        bgp {
            group iBGP {
                local-as 2;
                neighbor 10.0.100.0 {
                    peer-as 2;
                }}}}

    Next we can see that 5.0.0.0/24 accepted and installed to routing table

    inet.0: 3 destinations, 3 routes (3 active, 0 holddown, 0 hidden)
      Prefix                  Nexthop              MED     Lclpref    AS path
    * 5.0.0.0/24              10.0.100.0           0       100        1 I
    
    root> show route 5.0.0.0/24                         
    
    inet.0: 3 destinations, 3 routes (3 active, 0 holddown, 0 hidden)
    + = Active Route, - = Last Active, * = Both
    
    5.0.0.0/24         *[BGP/170] 00:13:10, MED 0, localpref 100
                          AS path: 1 I, validation-state: unverified
                        > to 10.0.100.0 via ge-0/0/1.0

    Does this breaks essential iBGP rules?

    P.S. Maybe someone can point to documentation where I can find explanation/



  • 2.  RE: Does JunOS breaks iBGP rules when using several routing instances?

     
    Posted 26 days ago

    You are just copying the route from Ext.inet.0 into inet.0 without modifying it.  It is the same route.  Copying the route to inet.0 is what allows you to send it to the neighbor in inet.0. 

    But what are you sending to 10.0.100.0  is what you need to look at.  Try show route advertising protocols bgp 10.0.100.0. The next hop should not be modified. 

    Do you also have a rib group to share interface routes? 

    Regards, 



    ------------------------------
    Yasmin Lara
    Juniper Ambassador
    JNCIE-SP, JNCIE-ENT, JNCIE-DC, JNCIE-SEC
    JNCDS-DC, JNCIA-DevOps, JNCIP-CLOUD, CCNP-ENT
    ------------------------------



  • 3.  RE: Does JunOS breaks iBGP rules when using several routing instances?

    Posted 26 days ago

    Thanks for you reply.

    First of all I have to note that all is working and I can reach BGP1 router via simple ping, I just do not understand why ;-)
    Yes you right I'm just copying routes and from this point of view iBGP peering working a little bit strange from now.

    Topology is BGP1 ->(eBGP)-> MX1 ->(iBGP)-> MX2

    I mean when we advertise something in iBGP then the next hop IP address doesn't change and we can change this with the next-hop-self command. I do not perform next-hop-self in any policy.As the result MX2 should receive 5.0.0.0/24 route but should not install it in routing table.

    I can see Nexthop becomes self and looks like some BGP information is lost after transferring routes between RI's and this breaks iBGP rules.

    root@MX1> show route advertising-protocol bgp 10.0.100.1   
    
    inet.0: 3 destinations, 3 routes (3 active, 0 holddown, 0 hidden)
      Prefix                  Nexthop              MED     Lclpref    AS path
    * 5.0.0.0/24              Self                 0       100        1 I
    
    root@MX2> show route receive-protocol bgp 10.0.100.0 
    
    inet.0: 3 destinations, 3 routes (3 active, 0 holddown, 0 hidden)
      Prefix                  Nexthop              MED     Lclpref    AS path
    * 5.0.0.0/24              10.0.100.0           0       100        1 I

    Full routing table on both routers:

    root@MX1> show route 
    
    inet.0: 3 destinations, 3 routes (3 active, 0 holddown, 0 hidden)
    + = Active Route, - = Last Active, * = Both
    
    5.0.0.0/24         *[BGP/170] 00:11:40, MED 0, localpref 100
                          AS path: 1 I, validation-state: unverified
                        > to 10.0.0.0 via ge-0/0/0.0
    10.0.100.0/31      *[Direct/0] 00:11:44
                        > via ge-0/0/1.0
    10.0.100.0/32      *[Local/0] 00:11:44
                          Local via ge-0/0/1.0
    
    Ext.inet.0: 3 destinations, 3 routes (3 active, 0 holddown, 0 hidden)
    + = Active Route, - = Last Active, * = Both
    
    5.0.0.0/24         *[BGP/170] 00:11:40, MED 0, localpref 100
                          AS path: 1 I, validation-state: unverified
                        > to 10.0.0.0 via ge-0/0/0.0
    10.0.0.0/31        *[Direct/0] 00:11:44
                        > via ge-0/0/0.0
    10.0.0.1/32        *[Local/0] 00:11:44
                          Local via ge-0/0/0.0
    
    root@MX2> show route 
    
    inet.0: 3 destinations, 3 routes (3 active, 0 holddown, 0 hidden)
    + = Active Route, - = Last Active, * = Both
    
    5.0.0.0/24         *[BGP/170] 00:10:27, MED 0, localpref 100
                          AS path: 1 I, validation-state: unverified
                        > to 10.0.100.0 via ge-0/0/1.0
    10.0.100.0/31      *[Direct/0] 00:10:45
                        > via ge-0/0/1.0
    10.0.100.1/32      *[Local/0] 00:10:45
                          Local via ge-0/0/1.0

    I've only removed inet6.0 default routes

    When I use one inet.0 routing table on MX1 eBGP work as expected.

    P.S. Without RIs

    [edit]
    root@MX1# run show route advertising-protocol bgp 10.0.100.1 
    
    inet.0: 5 destinations, 5 routes (5 active, 0 holddown, 0 hidden)
      Prefix                  Nexthop              MED     Lclpref    AS path
    * 5.0.0.0/24              10.0.0.0             0       100        1 I



  • 4.  RE: Does JunOS breaks iBGP rules when using several routing instances?

     
    Posted 25 days ago

    I see what you are saying now.  I think yesterday I had the IBGP/EBGP session swapped in my mind. 

     I actually tried it today with virtual routers: 

    NOTE: In neither case I can ping 1.2.3.4 from vR13, because 10.1.1.1 cannot be reached from inet.0  nor 10.2.2.2 can be reached from vR11 or vR12.  You would need to use a combination of firewall filters, rib-groups to share the interface routes or static route with next-table to allow this traffic. 

    Now, changing the next-hop for IBGP sessions in inet.0 is expected and standard behavior when you have VRF routing instances (VPN scenarios), but I had not tried with VRs instead of VRFs.  It is behaving the same way.  I will have to do some more research :-) 

    Regards, 



    ------------------------------
    Yasmin Lara
    Juniper Ambassador
    JNCIE-SP, JNCIE-ENT, JNCIE-DC, JNCIE-SEC
    JNCDS-DC, JNCIA-DevOps, JNCIP-CLOUD, CCNP-ENT
    ------------------------------



  • 5.  RE: Does JunOS breaks iBGP rules when using several routing instances?

    Posted 26 days ago