Routing

 View Only
last person joined: 2 days ago 

Ask questions and share experiences about ACX Series, CTP Series, MX Series, PTX Series, SSR Series, JRR Series, and all things routing, including portfolios and protocols.
Expand all | Collapse all

BGP Configuration for Internet Exchange (iX) - Help Needed

  • 1.  BGP Configuration for Internet Exchange (iX) - Help Needed

    Posted 08-24-2023 11:20

    I am struggling to figure out how to configure eBGP with an internet exchange so that it accepts the neighbors from the route servers.  DE-CIX, my iX, offers guidance on how to configure Cisco but not on how to configure Juniper.

    I'm getting these errors repeatedly from all the neighbors in the subnet that I'm supposed to peer with:
    rpd[20053]: bgp_listen_accept:6485: NOTIFICATION sent to IP.AD.DR.ESS+8003 (proto): code 6 (Cease) subcode 5 (Connection Rejected), Reason: Connection attempt from unconfigured neighbor: IP.AD.DR.ESS+8003

    This is the configuration on our MX204:

    policy-options {
        prefix-list PL_DECIX_ROUTE_SERVERS_IN_4 {
            0.0.0.0/0;
        }
        prefix-list PL_DECIX_ROUTE_SERVERS_OUT_4;
        route-filter-list PUBLIC_IPRANGE {
            OUR.NET.BLO.CK/24 exact;
        }
        policy-statement ASBLACKLIST {
            term find-routes {
                from as-path ASBLK53667;
                then reject;
            }
        }
        policy-statement ADVERTISE {
            term IPRANGE_ONLY {
                from {
                    route-filter-list PUBLIC_IPRANGE;
                }
                then accept;
            }
            term OTHERS {
                then reject;
            }
        }
        policy-statement RM_DECIX_ROUTE_SERVERS_IN_4 {
            term DE-CIX_ALLOW {
                from {
                    route-filter 0.0.0.0/0 exact;
                }
                then accept;
            }
        }
        policy-statement RM_DECIX_ROUTE_SERVERS_OUT_4 {
            term DECIX_SETCOMMUNITY {
                from {
                    route-filter OUR.NET.BLO.CK/24 exact;
                }
                then {
                    community add DE-CIX_COMMUNITY;
                }
            }
        }
        community DE-CIX_COMMUNITY members [ 0:53907 65534:65534 ];
        as-path ASBLK53667 ".* 53667";
    }
    protocols {
        bgp {
            group de-cix-nyc {
                type external;
                route-server-client;
                preference 125;
                import RM_DECIX_ROUTE_SERVERS_IN_4;
                family inet {
                    unicast;
                }
                export RM_DECIX_ROUTE_SERVERS_OUT_4;
                peer-as 63034;
                local-as [OurLocalAS];
                multipath {
                    multiple-as;
                }
                neighbor 206.82.104.254 {
                    description RS1.NYC.DE-CIX.NET;
                }
                neighbor 206.82.106.254 {
                    description RS2.NYC.DE-CIX.NET;
                }
        }
    }

    I am absolutely sure I'm missing something here or did something wrong, so I was hoping someone who has set up internet exchanges before has some advice on how to get this operational.

    Sincerely appreciate your time reading this and any advice you have for me.



    ------------------------------
    RYAN BLAKE
    ------------------------------


  • 2.  RE: BGP Configuration for Internet Exchange (iX) - Help Needed

    Posted 08-24-2023 11:29

    Hello

    Are You sure the DECIX configure them side ?
    i have setup with decix and don't have problem with them 



    ------------------------------
    --
    Grzegorz Dacka
    ------------------------------



  • 3.  RE: BGP Configuration for Internet Exchange (iX) - Help Needed

    Posted 08-24-2023 12:43

    Hello and yes, DE-CIX is configured properly as, prior to installing the Juniper MX204, I had a Cisco router installed and it worked without any issues other than not having the same throughput as the Juniper (and why I switched).

    So that's why I'm almost certain it's a "me" issue and not a "them" issue.

    Also, looking at show bgp summary, I see that one route server is showing established but the other one shows as "Active" without any packets passing through:

    Peer                     AS      InPkt     OutPkt    OutQ   Flaps Last Up/Dwn State|#Active/Received/Accepted/Damped...
    206.82.104.254        63034          0          0       0       1     2:07:52 Active
    206.82.106.254        63034     110234     357453       0       0    15:04:46 Establ

    I'm not sure if that helps with troubleshooting or not, but thought I'd include it.  With regard to my upstream internet peers, they are all showing established with full BGP tables as expected.



    ------------------------------
    RYAN BLAKE
    ------------------------------



  • 4.  RE: BGP Configuration for Internet Exchange (iX) - Help Needed

    Posted 08-24-2023 13:08

    Hello!

    Are you able to ping 206.82.104.254 and perform telnet to 206.82.104.254 dst port 179 from your interface address provided by DE-CIX?



    ------------------------------
    Alexander Shikov
    ------------------------------



  • 5.  RE: BGP Configuration for Internet Exchange (iX) - Help Needed

    Posted 08-24-2023 13:25

    Yes on the ping and telnet shows established but immediately ends, which I'm thinking is expected?

    ping 206.82.106.254 count 4
    PING 206.82.106.254 (206.82.106.254): 56 data bytes
    64 bytes from 206.82.106.254: icmp_seq=0 ttl=64 time=10.026 ms
    64 bytes from 206.82.106.254: icmp_seq=1 ttl=64 time=10.164 ms
    64 bytes from 206.82.106.254: icmp_seq=2 ttl=64 time=10.092 ms
    64 bytes from 206.82.106.254: icmp_seq=3 ttl=64 time=9.962 ms

    --- 206.82.106.254 ping statistics ---
    4 packets transmitted, 4 packets received, 0% packet loss
    round-trip min/avg/max/stddev = 9.962/10.061/10.164/0.075 ms

    ping 206.82.104.254 count 4
    PING 206.82.104.254 (206.82.104.254): 56 data bytes
    64 bytes from 206.82.104.254: icmp_seq=0 ttl=64 time=12.903 ms
    64 bytes from 206.82.104.254: icmp_seq=1 ttl=64 time=21.579 ms
    64 bytes from 206.82.104.254: icmp_seq=2 ttl=64 time=14.046 ms
    64 bytes from 206.82.104.254: icmp_seq=3 ttl=64 time=10.152 ms

    --- 206.82.104.254 ping statistics ---
    4 packets transmitted, 4 packets received, 0% packet loss
    round-trip min/avg/max/stddev = 10.152/14.670/21.579/4.233 ms

    telnet:

    telnet interface xe-0/1/4.401 port 179 206.82.106.254
    Trying 206.82.106.254...
    Connected to rs2.nyc.de-cix.net.
    Escape character is '^]'.
    Connection closed by foreign host.

    telnet interface xe-0/1/4.401 port 179 206.82.104.254
    Trying 206.82.104.254...
    Connected to rs1.nyc.de-cix.net.
    Escape character is '^]'.
    Connection closed by foreign host.

    By the way, now it's showing the inverse:

    Peer                     AS      InPkt     OutPkt    OutQ   Flaps Last Up/Dwn State|#Active/Received/Accepted/Damped...
    206.82.104.254        63034      50768     188681       0       1       50:43 Establ

      inet.0: 64892/185427/185427/0
    206.82.106.254        63034          0          0       0       1       36:21 Active



    ------------------------------
    RYAN BLAKE
    ------------------------------



  • 6.  RE: BGP Configuration for Internet Exchange (iX) - Help Needed

    Posted 08-24-2023 14:04

    > By the way, now it's showing the inverse:

    Looks a bit weird. 
    Have you checked the output of 'show bgp neighbor 206.82.106.254 extensive' output? Can you share it?
    I'd recommend to enable traceoptins for problematic peer:
    set protocols bgp group ... neighbor 206.82.106.254 traceoptions 206.82.106.254-bgp.log flag general
    commit

    ... and then check out entries of 206.82.106.254-bgp.log file. You can also add other trace flags to increase debug level, for example: state, normal, etc.

    btw, some useful information can be just in show log messages output. 



    ------------------------------
    Alexander Shikov
    ------------------------------