Original Message:
Sent: 08-24-2023 13:24
From: RYAN BLAKE
Subject: BGP Configuration for Internet Exchange (iX) - Help Needed
Yes on the ping and telnet shows established but immediately ends, which I'm thinking is expected?
ping 206.82.106.254 count 4
PING 206.82.106.254 (206.82.106.254): 56 data bytes
64 bytes from 206.82.106.254: icmp_seq=0 ttl=64 time=10.026 ms
64 bytes from 206.82.106.254: icmp_seq=1 ttl=64 time=10.164 ms
64 bytes from 206.82.106.254: icmp_seq=2 ttl=64 time=10.092 ms
64 bytes from 206.82.106.254: icmp_seq=3 ttl=64 time=9.962 ms
--- 206.82.106.254 ping statistics ---
4 packets transmitted, 4 packets received, 0% packet loss
round-trip min/avg/max/stddev = 9.962/10.061/10.164/0.075 ms
ping 206.82.104.254 count 4
PING 206.82.104.254 (206.82.104.254): 56 data bytes
64 bytes from 206.82.104.254: icmp_seq=0 ttl=64 time=12.903 ms
64 bytes from 206.82.104.254: icmp_seq=1 ttl=64 time=21.579 ms
64 bytes from 206.82.104.254: icmp_seq=2 ttl=64 time=14.046 ms
64 bytes from 206.82.104.254: icmp_seq=3 ttl=64 time=10.152 ms
--- 206.82.104.254 ping statistics ---
4 packets transmitted, 4 packets received, 0% packet loss
round-trip min/avg/max/stddev = 10.152/14.670/21.579/4.233 ms
telnet:
telnet interface xe-0/1/4.401 port 179 206.82.106.254
Trying 206.82.106.254...
Connected to rs2.nyc.de-cix.net.
Escape character is '^]'.
Connection closed by foreign host.
telnet interface xe-0/1/4.401 port 179 206.82.104.254
Trying 206.82.104.254...
Connected to rs1.nyc.de-cix.net.
Escape character is '^]'.
Connection closed by foreign host.
By the way, now it's showing the inverse:
Peer AS InPkt OutPkt OutQ Flaps Last Up/Dwn State|#Active/Received/Accepted/Damped...
206.82.104.254 63034 50768 188681 0 1 50:43 Establ
inet.0: 64892/185427/185427/0
206.82.106.254 63034 0 0 0 1 36:21 Active
------------------------------
RYAN BLAKE
Original Message:
Sent: 08-24-2023 13:08
From: Ashm
Subject: BGP Configuration for Internet Exchange (iX) - Help Needed
Hello!
Are you able to ping 206.82.104.254 and perform telnet to 206.82.104.254 dst port 179 from your interface address provided by DE-CIX?
------------------------------
Alexander Shikov
Original Message:
Sent: 08-24-2023 11:41
From: RYAN BLAKE
Subject: BGP Configuration for Internet Exchange (iX) - Help Needed
Hello and yes, DE-CIX is configured properly as, prior to installing the Juniper MX204, I had a Cisco router installed and it worked without any issues other than not having the same throughput as the Juniper (and why I switched).
So that's why I'm almost certain it's a "me" issue and not a "them" issue.
Also, looking at show bgp summary, I see that one route server is showing established but the other one shows as "Active" without any packets passing through:
Peer AS InPkt OutPkt OutQ Flaps Last Up/Dwn State|#Active/Received/Accepted/Damped...
206.82.104.254 63034 0 0 0 1 2:07:52 Active
206.82.106.254 63034 110234 357453 0 0 15:04:46 Establ
I'm not sure if that helps with troubleshooting or not, but thought I'd include it. With regard to my upstream internet peers, they are all showing established with full BGP tables as expected.
------------------------------
RYAN BLAKE
Original Message:
Sent: 08-24-2023 11:28
From: Grzegorz Dacka
Subject: BGP Configuration for Internet Exchange (iX) - Help Needed
Hello
Are You sure the DECIX configure them side ?
i have setup with decix and don't have problem with them
------------------------------
--
Grzegorz Dacka
Original Message:
Sent: 08-24-2023 10:58
From: RYAN BLAKE
Subject: BGP Configuration for Internet Exchange (iX) - Help Needed
I am struggling to figure out how to configure eBGP with an internet exchange so that it accepts the neighbors from the route servers. DE-CIX, my iX, offers guidance on how to configure Cisco but not on how to configure Juniper.
I'm getting these errors repeatedly from all the neighbors in the subnet that I'm supposed to peer with:
rpd[20053]: bgp_listen_accept:6485: NOTIFICATION sent to IP.AD.DR.ESS+8003 (proto): code 6 (Cease) subcode 5 (Connection Rejected), Reason: Connection attempt from unconfigured neighbor: IP.AD.DR.ESS+8003
This is the configuration on our MX204:
policy-options { prefix-list PL_DECIX_ROUTE_SERVERS_IN_4 { 0.0.0.0/0; } prefix-list PL_DECIX_ROUTE_SERVERS_OUT_4; route-filter-list PUBLIC_IPRANGE { OUR.NET.BLO.CK/24 exact; } policy-statement ASBLACKLIST { term find-routes { from as-path ASBLK53667; then reject; } } policy-statement ADVERTISE { term IPRANGE_ONLY { from { route-filter-list PUBLIC_IPRANGE; } then accept; } term OTHERS { then reject; } } policy-statement RM_DECIX_ROUTE_SERVERS_IN_4 { term DE-CIX_ALLOW { from { route-filter 0.0.0.0/0 exact; } then accept; } } policy-statement RM_DECIX_ROUTE_SERVERS_OUT_4 { term DECIX_SETCOMMUNITY { from { route-filter OUR.NET.BLO.CK/24 exact; } then { community add DE-CIX_COMMUNITY; } } } community DE-CIX_COMMUNITY members [ 0:53907 65534:65534 ]; as-path ASBLK53667 ".* 53667";}protocols { bgp { group de-cix-nyc { type external; route-server-client; preference 125; import RM_DECIX_ROUTE_SERVERS_IN_4; family inet { unicast; } export RM_DECIX_ROUTE_SERVERS_OUT_4; peer-as 63034; local-as [OurLocalAS]; multipath { multiple-as; } neighbor 206.82.104.254 { description RS1.NYC.DE-CIX.NET; } neighbor 206.82.106.254 { description RS2.NYC.DE-CIX.NET; } }}
I am absolutely sure I'm missing something here or did something wrong, so I was hoping someone who has set up internet exchanges before has some advice on how to get this operational.
Sincerely appreciate your time reading this and any advice you have for me.
------------------------------
RYAN BLAKE
------------------------------