Routing

 View Only
last person joined: 4 days ago 

Ask questions and share experiences about ACX Series, CTP Series, MX Series, PTX Series, SSR Series, JRR Series, and all things routing, including portfolios and protocols.

iBGP on loopbacks in routing instance

  • 1.  iBGP on loopbacks in routing instance

    Posted 11-20-2022 14:02
    Hi all,

    I am facing the following problem: iBGP does not work from routing instance when using loopback interfaces. Without routing instance, it works perfectly.

    Details:

    1. There is SRX1 and SRX2, both directly connected to each other via ge-0/0/0.1. This interface remains in the main routing instance.  SRX1 has IP 10.0.0.1/24, SRX2 has IP 10.0.0.2/24.
    2. On each SRX1 and SRX2, there is a routing instance INS_Transit with a loopback interface lo0.0 assigned to it. SRX1's loopback has IP 192.168.0.1, SRX2's loopback has IP 192.168.0.2
    3. On SRX1, there is a route for 192.168.0.2/32 in the main routing table pointing to 10.0.0.2. On SRX2, the route for 192.168.0.1/32 is pointing to 10.0.0.1
    4. The abovementioned route is imported to the routing instanses using instance-import.
    5. Security policies are set to allow all (permit source/destination/application any)


    Issue: iBGP never gets established and is stuck in "active" phase.

    Troubleshooting so far:
     - I can ping 10.0.0.1 from 10.0.0.2 and back.
     - I can ping 192.168.0.1 from 192.168.0.2 and back, from both main routing table and the routing instance.
     - I can telnet to BGP port 179 on 192.168.0.1 from inside routing instance on SRX2. Same for telnetting to port 179 on 192.168.0.2 from SRX1.
    - There are no firewall rules and/or security policies prohibiting BGP.
     - Loopback and ge-0/0/1.0 are in different security zones due to routing-instance, but I have an "allow all" policy between them.
     - As soon as I remove the routing instance and configure iBGP in the main instance instead, the iBGP session gets established immediately.

    BGP log:

    Nov 20 19:53:58.727872 bgp_recv_open: called for peer 192.168.0.2 (Internal AS 65532)
    Nov 20 19:53:58.727911 task_process_events_internal: recv ready for BGP_65532_65532.192.168.0.2
    Nov 20 19:53:58.727923 bgp_recv_open: called for peer 192.168.0.2 (Internal AS 65532)
    Nov 20 19:53:58.727946 BGP RECV 192.168.0.2+179 -> 192.168.0.1+60966
    Nov 20 19:53:58.727963 BGP RECV message type 3 (Notification) length 21
    Nov 20 19:53:58.727976 BGP RECV Notification code 6 (Cease) subcode 5 (Connection Rejected)
    Nov 20 19:53:58.727991 BGP_UNEXPECTED_MESSAGE_TYPE: bgp_read_message: peer 192.168.0.2 (Internal AS 65532): Notification arrived, expected Open (instance INS_Transit)
    Nov 20 19:53:58.728094 bgp_read_message: received 21 byte message type 3 (Notification) from 192.168.0.2 (Internal AS 65532)
    Nov 20 19:53:58.728139 bgp_read_message:3515: NOTIFICATION received from 192.168.0.2 (Internal AS 65532): code 6 (Cease) subcode 5 (Connection Rejected)
    Nov 20 19:53:58.728154 Notify received from 192.168.0.2 (Internal AS 65532), code 6, subcode 5
    Nov 20 19:53:58.728186 task_process_events_internal: recv ready for BGP_65532_65532.192.168.0.2
    Nov 20 19:53:58.728198 bgp_recv_open: called for peer 192.168.0.2 (Internal AS 65532)
    Nov 20 19:53:58.728238 bgp_recv: peer 192.168.0.2 (Internal AS 65532): received unexpected EOF
    Nov 20 19:53:58.728253 bgp_peer_close_and_restart: peer 192.168.0.2 (Internal AS 65532), state is 4 (OpenSent) event TransportError, flags=0x0
    Nov 20 19:53:58.728265 bgp_peer_close_and_restart: closing peer 192.168.0.2 (Internal AS 65532), state is 4 (OpenSent) event TransportError
    Nov 20 19:53:58.728277 bgp_send_deactivate:3639: 192.168.0.2 (Internal AS 65532) ,flags=0x0: removed from active list

    Routing instance config:

    protocols {
     bgp {
      group ibgp-v4-test {
      type internal;
      local-address 192.168.0.1;
      import accept;
      export reject;
      neighbor 192.168.0.2;
      }
     } 
    }
    interface lo0.0;
    interface irb.10;
    instance-type virtual-router;
    routing-options {
     router-id 192.168.0.1;
     autonomous-system 65532;
     instance-import import-from-main-table;
    }


    If I remove the setup from the routing instance and configure iBGP in the main one, it works.
    If I remove loopbacks and set up an IPIP tunnel between 10.0.0.1 and 10.0.0.2 in the routing instance, and terminate BGP on the tunnel interface in this routing instance, it works.
    With loopbacks, it does not work.

    Any ideas?

    ​​