SRX

 View Only
last person joined: yesterday 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.
  • 1.  Asynchronous routing issue-BGP protocol

    Posted 03-09-2018 09:08

    Hi,

     

    We have 2 MPLS link connected on SRX for internet connection. Primary ISP 50 Mbps(ge-0/0/0.10) Secondary ISP 10 Mbps(ge-0/0/2) both link from different ISP. AS no. and Peer AS is same for both ISP. There is no default route configured. SRX is configured in Packet mode.

    We observed slowness issue from some days. As we checked, ge-0/0/0.100 interface status showing only input(38654789xx) bytes, output bytes showing "0" bytes. And on ge-0/0/2 interface status showing input byetes "0" and output bytes(10673547xx)

     

    If we disabled ge-0/0/2 interface all in and out traffice passing through ge-0/0/0.100 interface. There is no slowness observed.

    If we enabled ge-0/0/2 interface again in and out traffic devide in both interface(as mentioned above- in and out traffic) and network traffic slow.

     

    Kindly suggest solution, to pass all traffic from primary ISP and secondary ISP will get active while primary ISP goes down.

     

    set interfaces ge-0/0/0 vlan-tagging
    set interfaces ge-0/0/0 speed 100m
    set interfaces ge-0/0/0 link-mode full-duplex
    set interfaces ge-0/0/0 gigether-options no-auto-negotiation
    set interfaces ge-0/0/0 unit 10 vlan-id 20
    set interfaces ge-0/0/0 unit 10 family inet filter output voip
    set interfaces ge-0/0/0 unit 10 family inet sampling input
    set interfaces ge-0/0/0 unit 10 family inet sampling output
    set interfaces ge-0/0/0 unit 10 family inet address 10.100.50.2/30
    set interfaces ge-0/0/0 unit 15 vlan-id 45
    set interfaces ge-0/0/0 unit 15 family inet address 10.100.20.2/30
    set interfaces ge-0/0/1 speed 1g
    set interfaces ge-0/0/1 link-mode full-duplex
    set interfaces ge-0/0/1 unit 0 family inet sampling input
    set interfaces ge-0/0/1 unit 0 family inet sampling output
    set interfaces ge-0/0/1 unit 0 family inet address 10.44.47.25/24 vrrp-group 67 virtual-address 10.44.47.27
    set interfaces ge-0/0/1 unit 0 family inet address 10.44.47.25/24 vrrp-group 67 priority 120
    set interfaces ge-0/0/1 unit 0 family inet address 10.44.47.25/24 vrrp-group 67 advertise-interval 3
    set interfaces ge-0/0/1 unit 0 family inet address 10.44.47.25/24 vrrp-group 67 preempt
    set interfaces ge-0/0/1 unit 0 family inet address 10.44.47.25/24 vrrp-group 67 accept-data
    set interfaces ge-0/0/2 speed 100m
    set interfaces ge-0/0/2 link-mode full-duplex
    set interfaces ge-0/0/2 gigether-options auto-negotiation
    set interfaces ge-0/0/2 unit 0 family inet sampling input
    set interfaces ge-0/0/2 unit 0 family inet sampling output
    set interfaces ge-0/0/2 unit 0 family inet address 10.100.90.2/30

    set routing-instances Corporate instance-type vrf
    set routing-instances Corporate interface ge-0/0/0.10
    set routing-instances Corporate interface ge-0/0/1.0
    set routing-instances Corporate interface ge-0/0/2.0
    set routing-instances Corporate route-distinguisher 32561:150
    set routing-instances Corporate vrf-target target:32561:100

    set routing-options interface-routes rib-group inet import
    set routing-options rib-groups import import-rib inet.0
    set routing-options rib-groups import import-rib Corporate.inet.0
    set routing-instances Corporate routing-options static route 10.44.90.0/22 next-hop 10.44.66.3
    set routing-instances Corporate routing-options static route 10.44.66.0/26 next-hop 10.44.66.3
    set routing-instances Corporate routing-options static route 10.45.251.0/26 next-hop 10.44.47.1
    set routing-instances Corporate routing-options static route 10.16.18.0/18 next-hop 10.44.47.1
    set routing-instances Corporate routing-options static route 10.12.0.0/20 next-hop 10.44.47.1
    set routing-instances Corporate routing-options static route 10.44.47.0/19 next-hop 10.44.47.1
    set routing-instances Corporate routing-options static route 10.44.47.0/19 next-hop 10.44.47.1
    set routing-instances Corporate routing-options static route 10.5.43.0/24 next-hop 10.44.47.1
    set routing-instances Corporate protocols bgp group Corporate-Sec type external
    set routing-instances Corporate protocols bgp group Corporate-Sec export redistribute-static-connected
    set routing-instances Corporate protocols bgp group Corporate-Sec peer-as 2833
    set routing-instances Corporate protocols bgp group Corporate-Sec local-as 32561
    set routing-instances Corporate protocols bgp group Corporate-Sec neighbor 10.100.90.1
    set routing-instances Corporate protocols bgp group Corporate-Pri type external
    set routing-instances Corporate protocols bgp group Corporate-Pri export redistribute-static-connected
    set routing-instances Corporate protocols bgp group Corporate-Pri peer-as 2833
    set routing-instances Corporate protocols bgp group Corporate-Pri local-as 32561
    set routing-instances Corporate protocols bgp group Corporate-Pri neighbor 10.100.50.1

    Thank You...

     


    #SRX


  • 2.  RE: Asynchronous routing issue-BGP protocol

    Posted 03-09-2018 09:37
    If you are using BGP, You can simply apply an import policy and increase local-preference for all the routes received from primary ISP.

    This will cause all the traffic go out via primary ISP and via secondary in case primary goes down


  • 3.  RE: Asynchronous routing issue-BGP protocol

    Posted 03-09-2018 20:24

    Hi Kingsman,

    Is below configuration correct as per IP and interface connectivity.

    set protocols bgp group Corporate type internal
    set protocols bgp group Corporate local-address 10.100.50.2

     

    Please share KB if available. In our setup both the ISP interface part of "Corporate" vrf.

    Thank you..



  • 4.  RE: Asynchronous routing issue-BGP protocol
    Best Answer

    Posted 03-09-2018 22:13
    You can refer to below document for the local-preference configuration

    https://www.juniper.net/documentation/en_US/junos/topics/topic-map/bgp-local-preference.html


    If you want you return traffic also come via primary ISP, then you can use AS-path prepend (as vadivel said) and prepend your AS (2-3 time) while advertising routes towards secondary ISP.
    Please refer to blow links to understand and configure as-path prepend.

    https://www.juniper.net/documentation/en_US/junos/topics/usage-guidelines/policy-prepending-as-numbers-to-bgp-as-paths.html
    https://www.juniper.net/documentation/en_US/junos/topics/example/routing-policy-security-routing-policy-to-prepend-to-as-path-configuring.html


    HTH


  • 5.  RE: Asynchronous routing issue-BGP protocol

    Posted 03-09-2018 20:17

    Hi Nikhil,

     

    1. Pick a route and check why it is preferring the ISP2 for outgoing traffic, Check for BGP route selection algorithm
    2. Increase your LP for Primary LSP

     

    > set routing-instances Corporate protocols bgp group Corporate-Pri local-preference 300

     

    3. Otherwise, request your ISP 2 increase the As-path which advertising the routes with you, so that you dont have to make any changes on your current SRX configuration on your side.

     

    Above options  provided, IN/OUT traffic flow only via Primary link  when it is up and if Primary links fails it will automatically failover to secondary without any inteventions

     

     

    Hope this helps

    --------------------------------------------------------------------------------------------------------
    If this post was helpful, please mark this post as an "Accepted Solution".
    Kudos are always appreciated!
    --------------------------------------------------------------------------------------------------------