Hi all,
I am facing the following problem: iBGP does not work from routing instance when using loopback interfaces. Without routing instance, it works perfectly.
Details:
- There is SRX1 and SRX2, both connected via ge-0/0/0.0. This interface remains in the main routing instance. SRX1 has IP 10.0.0.1/24, SRX2 has IP 10.0.0.2/24.
- On each SRX1 and SRX2, there is a routing instance with a loopback interface assigned to it. SRX1's loopback has IP 192.168.0.1, SRX2's loopback has IP 192.168.0.2
- On SRX1, there is a route for 192.168.0.2/32 in the main routing table pointing to 10.0.0.2. On SRX2, the route for 192.168.0.1/32 is pointing to 10.0.0.1
- The abovementioned route is imported to the routing instanses using instance-import.
- Security policies are set to allow all
Issue: iBGP never gets established and is stuck in "active" phase.
Troubleshooting so far:
- I can ping 10.0.0.1 from 10.0.0.2 and back.
- I can ping 192.168.0.1 from 192.168.0.2 and back, from both main routing table and the routing instance.
- I can telnet to BGP port 179 on 192.168.0.1 from inside routing instance on SRX2. Same for telnetting to port 179 on 192.168.0.2 from SRX1.
- There are no firewall rules and/or security policies prohibiting BGP.
- Loopback and ge-0/0/0.0 are in different security zones due to routing-instance, but I have an "allow all" policy between them.
- As soon as I remove the routing instance and configure iBGP in the main instance instead, the iBGP session gets established immediately.
BGP log:
Nov 20 19:53:58.727872 bgp_recv_open: called for peer 192.168.0.2 (Internal AS 65532)
Nov 20 19:53:58.727911 task_process_events_internal: recv ready for BGP_65532_65532.192.168.0.2
Nov 20 19:53:58.727923 bgp_recv_open: called for peer 192.168.0.2 (Internal AS 65532)
Nov 20 19:53:58.727946 BGP RECV 192.168.0.2+179 -> 192.168.0.1+60966
Nov 20 19:53:58.727963 BGP RECV message type 3 (Notification) length 21
Nov 20 19:53:58.727976 BGP RECV Notification code 6 (Cease) subcode 5 (Connection Rejected)
Nov 20 19:53:58.727991 BGP_UNEXPECTED_MESSAGE_TYPE: bgp_read_message: peer 192.168.0.2 (Internal AS 65532): Notification arrived, expected Open (instance INS_Transit)
Nov 20 19:53:58.728094 bgp_read_message: received 21 byte message type 3 (Notification) from 192.168.0.2 (Internal AS 65532)
Nov 20 19:53:58.728139 bgp_read_message:3515: NOTIFICATION received from 192.168.0.2 (Internal AS 65532): code 6 (Cease) subcode 5 (Connection Rejected)
Nov 20 19:53:58.728154 Notify received from 192.168.0.2 (Internal AS 65532), code 6, subcode 5
Nov 20 19:53:58.728186 task_process_events_internal: recv ready for BGP_65532_65532.192.168.0.2
Nov 20 19:53:58.728198 bgp_recv_open: called for peer 192.168.0.2 (Internal AS 65532)
Nov 20 19:53:58.728238 bgp_recv: peer 192.168.0.2 (Internal AS 65532): received unexpected EOF
Nov 20 19:53:58.728253 bgp_peer_close_and_restart: peer 192.168.0.2 (Internal AS 65532), state is 4 (OpenSent) event TransportError, flags=0x0
Nov 20 19:53:58.728265 bgp_peer_close_and_restart: closing peer 192.168.0.2 (Internal AS 65532), state is 4 (OpenSent) event TransportError
Nov 20 19:53:58.728277 bgp_send_deactivate:3639: 192.168.0.2 (Internal AS 65532) ,flags=0x0: removed from active list
Routing instance config:
protocols {
bgp {
group ibgp-v4-test {
type internal;
local-address 192.168.0.1;
import accept;
export reject;
neighbor 192.168.0.2;
}
}
}
interface lo0.0;
instance-type virtual-router;
routing-options {
router-id 192.168.0.1;
autonomous-system 65532;
instance-import import-from-main-table;
}
Any ideas?