Routing

 View Only
last person joined: 2 days ago 

Ask questions and share experiences about ACX Series, CTP Series, MX Series, PTX Series, SSR Series, JRR Series, and all things routing, including portfolios and protocols.
  • 1.  Bgp peering between two routers

    Posted 10-24-2022 06:23
    Edited by Aron 10-24-2022 10:51
    I have an existing cisco router with two bgp peering and the configuration is very simple.
     I have configured the Juniper router with the same equivalent configs as cisco, but it is not woring

    Cisco config :

    Router bgp 62323
    neighbor 66.23.22.1 remote-as 46
    neighbor 155.23.4.3 remote-as 6564
    network 66.88.232.0 mask 255.255.255.0 

    Router 1 -----Router 2 ----Router 3
    6564  ---------62323-------46

    Juniper config:

    set policy-options policy-statement external-peer term connected from protocol direct
    set policy-options policy-statement external-peer term connected then accept
    set protocols bgp group OUTSIDE type external
    set protocols bgp group OUTSIDE export external-peer
    set protocols bgp group OUTSIDE neighbor 155.23.4.3 peer-as 6564
    set protocols bgp group INSIDE  neighbor 66.23.22.1 peer-as 46
    set routing-options autonomous-system 62323

    I see the routes are getting advertised to both peer. What may be the issue that I am not able to reach internet
    via Juniper, but can via cisco

    I am suspecting the issue could be the INSIDE group I have not specified the type internal, what are your thoughts?



  • 2.  RE: Bgp peering between two routers

    Posted 10-24-2022 06:29
    Could you define what doesn't work means specifically?

    Sounds like the peers are coming up and exchanging routes.

    Since all three peers have a different ASN then they must be eBGP and not iBGP so that would not be the reason for the issue.

    If access to specific resources is not working we will need to compare routing tables to see what is missing that would allow access.  Perhaps a static default route is either missing or not being distributed somewhere.

    ------------------------------
    Steve Puluka BSEET - Juniper Ambassador
    IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP - Retired)
    http://puluka.com/home
    ------------------------------



  • 3.  RE: Bgp peering between two routers

    Posted 10-24-2022 08:31
    Edited by Aron 10-24-2022 10:48
    I am suspecting the issue could be the INSIDE group I have not specified the type internal, what are your thoughts?
    Very sorry , it was a typo error. the word 'internal' should replace 'external'
    Can you please validate below two lines if they are correct. Should I also specify external to INSIDE group like the outside group.
    set protocols bgp group OUTSIDE neighbor 155.23.4.3 peer-as 6564
    set protocols bgp group INSIDE  neighbor 66.23.22.1 peer-as 46






  • 4.  RE: Bgp peering between two routers

    Posted 10-24-2022 08:33
    Internal (iBGP) means the ASN on the neighbor pair are the same.

    When the ASN on the pair are different then they are eBGP or external.

    All three neighbors have different ASN so both peers are external here.

    ------------------------------
    Steve Puluka BSEET - Juniper Ambassador
    IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP - Retired)
    http://puluka.com/home
    ------------------------------



  • 5.  RE: Bgp peering between two routers

    Posted 10-24-2022 10:12
    Edited by Aron 10-24-2022 10:48
    Yes, I am aware of ebgp and ibgp.My only concern for now is that I have defined
    two group . Should I specify type external for the both the group.
    Is that a mandatory statement. For one of the group I have not specified 
    and suspect that is causing an issue.






  • 6.  RE: Bgp peering between two routers

     
    Posted 10-25-2022 20:07

    You won't need to define type external, this is the default for Juniper BGP sessions unless you have a different type defined at the "protocols bgp" hierarchy. Best practice is to explicitly define it though to prevent surprises.

    That said, with the sessions establishing I doubt that is the problem, the problem seems to be in the routes being advertised/received.
    I suspect the problem is related to the Cisco line "network 66.88.232.0 mask 255.255.255.0" which you are probably using to advertise the 66.88.232.0/24 subnet to the external neighbor. I dont know if you "receive" this subnet from one of your BGP neighbors and intend to readvertise this, or is this a local interface that you want to advertise to your BGP neighbors? Because I somewhat suspect that the device you are trying to reach the internet from is in this /24 subnet?

    If it's a local route you might need to add an export policy to readvertise protocol "direct" (for a local interface) or "static" (if it's a static route). Be careful to include a filter on that policy to only match the specific subnets you want to readvertise though, to prevent accidental route leaking if you add any statics/interfaces in the future.

    So as Steve asks it might be helpful for us to have a "show route receive-protocol bgp <neighbor>" and "show route advertising-protocol bgp <neighbor>" for both of these neighbors to have some understanding of what routes are being exchanged where :)




  • 7.  RE: Bgp peering between two routers

    Posted 10-26-2022 05:47

    Router2> show bgp summary
    Threading mode: BGP I/O
    Groups: 2 Peers: 2 Down peers: 0
    Table          Tot Paths  Act Paths Suppressed    History Damp State    Pending
    inet.0
                        1131       1131          0          0          0          0
    Peer                     AS      InPkt     OutPkt    OutQ   Flaps Last Up/Dwn State|#Active/Received/Accepted/Damped...
    66.23.22.1          6564         76         92       0       4        6:11 Establ
      inet.0: 1/1/1/0
    155.23.4.3          46         40         37       0       0       13:36 Establ
      inet.0: 1130/1130/1130/0

    Router2> show route receive-protocol bgp 66.23.22.1

    inet.0: 1135 destinations, 1135 routes (1135 active, 0 holddown, 0 hidden)
      Prefix                  Nexthop              MED     Lclpref    AS path
    * 66.88.232.0/24           66.23.22.1        0                  62323 I

    VZuser@museumfa-boston-30344333e005> show bgp summary
    Threading mode: BGP I/O
    Groups: 2 Peers: 2 Down peers: 0
    Table          Tot Paths  Act Paths Suppressed    History Damp State    Pending
    inet.0
                        1131       1131          0          0          0          0
    Peer                     AS      InPkt     OutPkt    OutQ   Flaps Last Up/Dwn State|#Active/Received/Accepted/Damped...
    66.23.22.1          6564         76         92       0       4        6:11 Establ
      inet.0: 1/1/1/0
    155.23.4.3          46         40         37       0       0       13:36 Establ
      inet.0: 1130/1130/1130/0

    Router2> show route advertising-protocol bgp 66.23.22.1

    inet.0: 1135 destinations, 1135 routes (1135 active, 0 holddown, 0 hidden)
      Prefix                  Nexthop              MED     Lclpref    AS path
    * 0.0.0.0/0               Self                                    46 I

    Router2> show route advertising-protocol bgp  155.23.4.3

    inet.0: 1135 destinations, 1135 routes (1135 active, 0 holddown, 0 hidden)
      Prefix                  Nexthop              MED     Lclpref    AS path
    66.88.232.0/24           Self                                    62323 I

    The 66.88.232.0/24 is the internal network that I am receiving from the neighbor 66.23.22.1
    and advertising it to the peer 155.23.4.3. Also, I am sending the default route to 66.23.22.1.

    I observed one thing, the one highlighted in red is the local asn, but that  should be originating AS , correct?
    if I am receiving it from the peer 66.23.22.1.It should be 6564 ryt.

    Also I went with a different approach, but still there is an issue.

    set policy-options policy-statement VZ-BGP-OUT term tag1 from protocol static
    set policy-options policy-statement VZ-BGP-OUT term tag1 from protocol direct
    set policy-options policy-statement VZ-BGP-OUT term tag1 from protocol local
    set policy-options policy-statement VZ-BGP-OUT term tag1 from route-filter 66.88.232.0/24 exact
    set policy-options policy-statement VZ-BGP-OUT term tag1 then accept
    set policy-options policy-statement VZ-BGP-in term tag2 from protocol static
    set policy-options policy-statement VZ-BGP-in term tag2 from protocol direct
    set policy-options policy-statement VZ-BGP-in term tag2 from protocol local
    set policy-options policy-statement VZ-BGP-in term tag2 then accept
    set protocols bgp group internal-peers peer-as 6564
    set protocols bgp group internal-peers neighbor 66.23.22.1 import VZ-BGP-in
    set protocols bgp group external-peers type external
    set protocols bgp group external-peers peer-as 46
    set protocols bgp group external-peers neighbor 155.23.4.3 export VZ-BGP-OUT
    set routing-options autonomous-system 62323

    Solution  ;

    Instead of defining the different groups, I believe I can add both the peers in the same group.
    It would be simple.What are your thoughts on this please?

    set policy-options policy-statement EXTERNAL term connected from protocol direct
    set policy-options policy-statement  EXTERNAL   term connected then accept
    set policy-options policy-statement  EXTERNAL   term Static10 from protocol static
    set policy-options policy-statement  EXTERNAL   term Static10 from tag 999
    set policy-options policy-statement  EXTERNAL   term Static10 then reject
    set policy-options policy-statement  EXTERNAL   then accept
    set protocols bgp group EXNeighbor type external
    set protocols bgp group EXNeighbor export  EXTERNAL
    set protocols bgp group EXNeighbor neighbor  155.23.4.3 peer-as 46
    set protocols bgp group EXNeighbor neighbor  66.23.22.1 peer-as 6564
    set routing-options autonomous-system 62323







    On Tue, Oct 25, 2022 at 8:09 PM markw via Juniper Networks <Mail@community.juniper.net> wrote:
    You won't need to define type external, this is the default for Juniper BGP sessions unless you have a different type defined at the "protocols...
    Earn 6 Juniper certifications.
    Free training/Discounted exams
    Juniper Email Header

    Routing

    Post New Message
    Re: Bgp peering between two routers
    Reply to Group Reply to Sender
    Oct 25, 2022 8:07 PM
    markw

    You won't need to define type external, this is the default for Juniper BGP sessions unless you have a different type defined at the "protocols bgp" hierarchy. Best practice is to explicitly define it though to prevent surprises.

    That said, with the sessions establishing I doubt that is the problem, the problem seems to be in the routes being advertised/received.
    I suspect the problem is related to the Cisco line "network 66.88.232.0 mask 255.255.255.0" which you are probably using to advertise the 66.88.232.0/24 subnet to the external neighbor. I dont know if you "receive" this subnet from one of your BGP neighbors and intend to readvertise this, or is this a local interface that you want to advertise to your BGP neighbors? Because I somewhat suspect that the device you are trying to reach the internet from is in this /24 subnet?

    If it's a local route you might need to add an export policy to readvertise protocol "direct" (for a local interface) or "static" (if it's a static route). Be careful to include a filter on that policy to only match the specific subnets you want to readvertise though, to prevent accidental route leaking if you add any statics/interfaces in the future.

    So as Steve asks it might be helpful for us to have a "show route receive-protocol bgp <neighbor>" and "show route advertising-protocol bgp <neighbor>" for both of these neighbors to have some understanding of what routes are being exchanged where :)

      Reply to Group Online   View Thread   Recommend   Forward   Flag as Inappropriate  




     
    You are receiving this message because you followed the 'Bgp peering between two routers' message thread. To unsubscribe from this message thread, go to Unsubscribe.

    Update your email preferences to choose the types of email you receive

    Unsubscribe from all participation emails




    Original Message:
    Sent: 10/25/2022 1:14:00 PM
    From: markw
    Subject: RE: Bgp peering between two routers

    You won't need to define type external, this is the default for Juniper BGP sessions unless you have a different type defined at the "protocols bgp" hierarchy. Best practice is to explicitly define it though to prevent surprises.

    That said, with the sessions establishing I doubt that is the problem, the problem seems to be in the routes being advertised/received.
    I suspect the problem is related to the Cisco line "network 66.88.232.0 mask 255.255.255.0" which you are probably using to advertise the 66.88.232.0/24 subnet to the external neighbor. I dont know if you "receive" this subnet from one of your BGP neighbors and intend to readvertise this, or is this a local interface that you want to advertise to your BGP neighbors? Because I somewhat suspect that the device you are trying to reach the internet from is in this /24 subnet?

    If it's a local route you might need to add an export policy to readvertise protocol "direct" (for a local interface) or "static" (if it's a static route). Be careful to include a filter on that policy to only match the specific subnets you want to readvertise though, to prevent accidental route leaking if you add any statics/interfaces in the future.

    So as Steve asks it might be helpful for us to have a "show route receive-protocol bgp <neighbor>" and "show route advertising-protocol bgp <neighbor>" for both of these neighbors to have some understanding of what routes are being exchanged where :)


    Original Message:
    Sent: 10-24-2022 10:11
    From: Arun kumar R
    Subject: Bgp peering between two routers

    Yes, I am aware of ebgp and ibgp.My only concern for now is that I have defined
    two group . Should I specify type external for the both the group.
    Is that a mandatory statement. For one of the group I have not specified 
    and suspect that is causing an issue.




    Original Message:
    Sent: 10/24/2022 8:33:00 AM
    From: spuluka
    Subject: RE: Bgp peering between two routers

    Internal (iBGP) means the ASN on the neighbor pair are the same.

    When the ASN on the pair are different then they are eBGP or external.

    All three neighbors have different ASN so both peers are external here.

    ------------------------------
    Steve Puluka BSEET - Juniper Ambassador
    IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP - Retired)
    http://puluka.com/home

    Original Message:
    Sent: 10-24-2022 07:46
    From: ARUN KUMAR R
    Subject: Bgp peering between two routers

    I am suspecting the issue could be the INSIDE group I have not specified the type internal, what are your thoughts?
    Very sorry , it was a typo error. the word 'internal' should replace 'external'
    Can you please validate below two lines if they are correct. Should I also specify external to INSIDE group like the outside group.
    set protocols bgp group OUTSIDE neighbor 155.23.4.3 peer-as 6564
    set protocols bgp group INSIDE  neighbor 66.23.22.1 peer-as 46

    Arun kumar R
    Implementation Engineer | MSIE | Verizon Enterprise Solutions
    Escalation Level 
    Working hours : 11:30 am EST - 9 pm EST,Mon-Fri

    1st  Level | MSIE SME | Tier2-SME | MSD.Tier2.SME@verizon.com

    2nd Level | Sagar Sonnappa | Team Lead | sagar.sonnappa@one.verizon.com                   

    3rd Level | Alok Prasad | Team Manager | alok.prasad@verizon.com




    Original Message:
    Sent: 10/24/2022 6:29:00 AM
    From: spuluka
    Subject: RE: Bgp peering between two routers

    Could you define what doesn't work means specifically?

    Sounds like the peers are coming up and exchanging routes.

    Since all three peers have a different ASN then they must be eBGP and not iBGP so that would not be the reason for the issue.

    If access to specific resources is not working we will need to compare routing tables to see what is missing that would allow access.  Perhaps a static default route is either missing or not being distributed somewhere.

    ------------------------------
    Steve Puluka BSEET - Juniper Ambassador
    IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP - Retired)
    http://puluka.com/home

    Original Message:
    Sent: 10-23-2022 10:00
    From: ARUN KUMAR R
    Subject: Bgp peering between two routers

    I have an existing cisco router with two bgp peering and the configuration is very simple.
     I have configured the Juniper router with the same equivalent configs as cisco, but it is not woring

    Cisco config :

    Router bgp 62323
    neighbor 66.23.22.1 remote-as 46
    neighbor 155.23.4.3 remote-as 6564
    network 66.88.232.0 mask 255.255.255.0 

    Router 1 -----Router 2 ----Router 3
    6564  ---------62323-------46

    Juniper config:

    set policy-options policy-statement external-peer term connected from protocol direct
    set policy-options policy-statement external-peer term connected then accept
    set protocols bgp group OUTSIDE type external
    set protocols bgp group OUTSIDE export external-peer
    set protocols bgp group OUTSIDE neighbor 155.23.4.3 peer-as 6564
    set protocols bgp group INSIDE  neighbor 66.23.22.1 peer-as 46
    set routing-options autonomous-system 62323

    I see the routes are getting advertised to both peer. What may be the issue that I am not able to reach internet
    via Juniper, but can via cisco

    I am suspecting the issue could be the INSIDE group I have not specified the type internal, what are your thoughts?


    ------------------------------
    ARUN KUMAR R
    ------------------------------


  • 8.  RE: Bgp peering between two routers

    Posted 10-26-2022 05:55
    The purpose of a group of peers is to allow the application of the same configuration to multiple peers easily and shrink the size of the configuration.  They do not change the behavior of policy just allow a shortcut to applying the same policy to multiple peers.

    The key to solving your issue here is to figure out what exactly is different in the route advertisements with the cisco configuration that is working for you and the Juniper that is not.  Do you know what prefixes may be missing in the distribution and what type of route it is in the local table?

    ------------------------------
    Steve Puluka BSEET - Juniper Ambassador
    IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP - Retired)
    http://puluka.com/home
    ------------------------------