Router2> show bgp summary
Threading mode: BGP I/O
Groups: 2 Peers: 2 Down peers: 0
Table Tot Paths Act Paths Suppressed History Damp State Pending
inet.0
1131 1131 0 0 0 0
Peer AS InPkt OutPkt OutQ Flaps Last Up/Dwn State|#Active/Received/Accepted/Damped...
66.23.22.1 6564 76 92 0 4 6:11 Establ
inet.0: 1/1/1/0
155.23.4.3 46 40 37 0 0 13:36 Establ
inet.0: 1130/1130/1130/0
Router2> show route receive-protocol bgp 66.23.22.1
inet.0: 1135 destinations, 1135 routes (1135 active, 0 holddown, 0 hidden)
Prefix Nexthop MED Lclpref AS path
*
66.88.232.0/24 66.23.22.1 0 62323 I
VZuser@museumfa-boston-30344333e005> show bgp summary
Threading mode: BGP I/O
Groups: 2 Peers: 2 Down peers: 0
Table Tot Paths Act Paths Suppressed History Damp State Pending
inet.0
1131 1131 0 0 0 0
Peer AS InPkt OutPkt OutQ Flaps Last Up/Dwn State|#Active/Received/Accepted/Damped...
66.23.22.1 6564 76 92 0 4 6:11 Establ
inet.0: 1/1/1/0
155.23.4.3 46 40 37 0 0 13:36 Establ
inet.0: 1130/1130/1130/0
Router2> show route advertising-protocol bgp 66.23.22.1
inet.0: 1135 destinations, 1135 routes (1135 active, 0 holddown, 0 hidden)
Prefix Nexthop MED Lclpref AS path
*
0.0.0.0/0 Self 46 I
Router2> show route advertising-protocol bgp 155.23.4.3
inet.0: 1135 destinations, 1135 routes (1135 active, 0 holddown, 0 hidden)
Prefix Nexthop MED Lclpref AS path
*
66.88.232.0/24 Self
62323 I
The
66.88.232.0/24 is the internal network that I am receiving from the neighbor 66.23.22.1
and advertising it to the peer 155.23.4.3. Also, I am sending the default route to 66.23.22.1.
I observed one thing, the one highlighted in red is the local asn, but that should be originating AS , correct?
if I am receiving it from the peer
66.23.22.1.It should be 6564 ryt.
Also I went with a different approach, but still there is an issue.
set policy-options policy-statement VZ-BGP-OUT term tag1 from protocol static
set policy-options policy-statement VZ-BGP-OUT term tag1 from protocol direct
set policy-options policy-statement VZ-BGP-OUT term tag1 from protocol local
set policy-options policy-statement VZ-BGP-OUT term tag1 from route-filter
66.88.232.0/24 exact
set policy-options policy-statement VZ-BGP-OUT term tag1 then accept
set policy-options policy-statement VZ-BGP-in term tag2 from protocol static
set policy-options policy-statement VZ-BGP-in term tag2 from protocol direct
set policy-options policy-statement VZ-BGP-in term tag2 from protocol local
set policy-options policy-statement VZ-BGP-in term tag2 then accept
set protocols bgp group internal-peers peer-as 6564
set protocols bgp group internal-peers neighbor 66.23.22.1 import VZ-BGP-in
set protocols bgp group external-peers type external
set protocols bgp group external-peers peer-as 46
set protocols bgp group external-peers neighbor 155.23.4.3 export VZ-BGP-OUT
set routing-options autonomous-system 62323
Solution ;
Instead of defining the different groups, I believe I can add both the peers in the same group.
It would be simple.What are your thoughts on this please?
set policy-options policy-statement EXTERNAL term connected from protocol direct
set policy-options policy-statement EXTERNAL term connected then accept
set policy-options policy-statement EXTERNAL term Static10 from protocol static
set policy-options policy-statement EXTERNAL term Static10 from tag 999
set policy-options policy-statement EXTERNAL term Static10 then reject
set policy-options policy-statement EXTERNAL then accept
set protocols bgp group EXNeighbor type external
set protocols bgp group EXNeighbor export EXTERNAL
set protocols bgp group EXNeighbor neighbor 155.23.4.3 peer-as 46
set protocols bgp group EXNeighbor neighbor 66.23.22.1 peer-as 6564
set routing-options autonomous-system 62323
You won't need to define type external, this is the default for Juniper BGP sessions unless you have a different type defined at the "protocols...
Re: Bgp peering between two routers | | | Oct 25, 2022 8:07 PM | markw | | | You won't need to define type external, this is the default for Juniper BGP sessions unless you have a different type defined at the "protocols bgp" hierarchy. Best practice is to explicitly define it though to prevent surprises.
That said, with the sessions establishing I doubt that is the problem, the problem seems to be in the routes being advertised/received. I suspect the problem is related to the Cisco line "network 66.88.232.0 mask 255.255.255.0" which you are probably using to advertise the 66.88.232.0/24 subnet to the external neighbor. I dont know if you "receive" this subnet from one of your BGP neighbors and intend to readvertise this, or is this a local interface that you want to advertise to your BGP neighbors? Because I somewhat suspect that the device you are trying to reach the internet from is in this /24 subnet?
If it's a local route you might need to add an export policy to readvertise protocol "direct" (for a local interface) or "static" (if it's a static route). Be careful to include a filter on that policy to only match the specific subnets you want to readvertise though, to prevent accidental route leaking if you add any statics/interfaces in the future.
So as Steve asks it might be helpful for us to have a "show route receive-protocol bgp <neighbor>" and "show route advertising-protocol bgp <neighbor>" for both of these neighbors to have some understanding of what routes are being exchanged where :) | | Reply to Group Online View Thread Recommend Forward Flag as Inappropriate |
Original Message: Sent: 10-24-2022 10:11 | |
| |
Original Message:
Sent: 10/25/2022 1:14:00 PM
From: markw
Subject: RE: Bgp peering between two routers
You won't need to define type external, this is the default for Juniper BGP sessions unless you have a different type defined at the "protocols bgp" hierarchy. Best practice is to explicitly define it though to prevent surprises.
That said, with the sessions establishing I doubt that is the problem, the problem seems to be in the routes being advertised/received.
I suspect the problem is related to the Cisco line "network 66.88.232.0 mask 255.255.255.0" which you are probably using to advertise the 66.88.232.0/24 subnet to the external neighbor. I dont know if you "receive" this subnet from one of your BGP neighbors and intend to readvertise this, or is this a local interface that you want to advertise to your BGP neighbors? Because I somewhat suspect that the device you are trying to reach the internet from is in this /24 subnet?
If it's a local route you might need to add an export policy to readvertise protocol "direct" (for a local interface) or "static" (if it's a static route). Be careful to include a filter on that policy to only match the specific subnets you want to readvertise though, to prevent accidental route leaking if you add any statics/interfaces in the future.
So as Steve asks it might be helpful for us to have a "show route receive-protocol bgp <neighbor>" and "show route advertising-protocol bgp <neighbor>" for both of these neighbors to have some understanding of what routes are being exchanged where :)
Original Message:
Sent: 10-24-2022 10:11
From: Arun kumar R
Subject: Bgp peering between two routers
Yes, I am aware of ebgp and ibgp.My only concern for now is that I have defined
two group . Should I specify type external for the both the group.
Is that a mandatory statement. For one of the group I have not specified
and suspect that is causing an issue.
Original Message:
Sent: 10/24/2022 8:33:00 AM
From: spuluka
Subject: RE: Bgp peering between two routers
Internal (iBGP) means the ASN on the neighbor pair are the same.
When the ASN on the pair are different then they are eBGP or external.
All three neighbors have different ASN so both peers are external here.
------------------------------
Steve Puluka BSEET - Juniper Ambassador
IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP - Retired)
http://puluka.com/homeOriginal Message:
Sent: 10-24-2022 07:46
From: ARUN KUMAR R
Subject: Bgp peering between two routers
I am suspecting the issue could be the INSIDE group I have not specified the type internal, what are your thoughts?
Very sorry , it was a typo error. the word 'internal' should replace 'external'
Can you please validate below two lines if they are correct. Should I also specify external to INSIDE group like the outside group.
set protocols bgp group OUTSIDE neighbor 155.23.4.3 peer-as 6564
set protocols bgp group INSIDE neighbor 66.23.22.1 peer-as 46
Original Message:
Sent: 10/24/2022 6:29:00 AM
From: spuluka
Subject: RE: Bgp peering between two routers
Could you define what doesn't work means specifically?
Sounds like the peers are coming up and exchanging routes.
Since all three peers have a different ASN then they must be eBGP and not iBGP so that would not be the reason for the issue.
If access to specific resources is not working we will need to compare routing tables to see what is missing that would allow access. Perhaps a static default route is either missing or not being distributed somewhere.
------------------------------
Steve Puluka BSEET - Juniper Ambassador
IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP - Retired)
http://puluka.com/homeOriginal Message:
Sent: 10-23-2022 10:00
From: ARUN KUMAR R
Subject: Bgp peering between two routers
I have an existing cisco router with two bgp peering and the configuration is very simple.
I have configured the Juniper router with the same equivalent configs as cisco, but it is not woring
Cisco config :
Router bgp 62323
neighbor 66.23.22.1 remote-as 46
neighbor 155.23.4.3 remote-as 6564
network 66.88.232.0 mask 255.255.255.0
Router 1 -----Router 2 ----Router 3
6564 ---------62323-------46
Juniper config:
set policy-options policy-statement external-peer term connected from protocol direct
set policy-options policy-statement external-peer term connected then accept
set protocols bgp group OUTSIDE type external
set protocols bgp group OUTSIDE export external-peer
set protocols bgp group OUTSIDE neighbor 155.23.4.3 peer-as 6564
set protocols bgp group INSIDE neighbor 66.23.22.1 peer-as 46
set routing-options autonomous-system 62323
I see the routes are getting advertised to both peer. What may be the issue that I am not able to reach internet
via Juniper, but can via cisco
I am suspecting the issue could be the INSIDE group I have not specified the type internal, what are your thoughts?
------------------------------
ARUN KUMAR R
------------------------------