[j-nsp] iBGP impacting eBGP

Chris Kawchuk ckawchuk at juniper.net
Mon Nov 5 12:50:29 EST 2007


Hello Jad,

Ensure that the route you'd like to advertise to your external peer is
actually in your routing table. (At first glance, it would appear that
your large superblock is no longer in the local routing table.)

Your M7i cannot advertise a route if it's not in the routing table
somehow. My suggestion is to create an "aggregate" route for your
export, such as:

routing-options {
    aggregate {
        route 100.80.240.0/20 {
            as-path {
                atomic-aggregate;
            }
        }
        route 100.246.224.0/20 {
            as-path {
                atomic-aggregate;
            }
        }
        route 100.246.240.0/20 {
            as-path {
                atomic-aggregate;
            }
        }
    }
    autonomous-system 12345;
}

This will ensure that your larger prefix block exists in your M7i's
local routing table, and hence is valid for export by your PREFIX_OUT
policy. Ensure that PREFIX_OUT contains the list of blocks you'd like to
export, such as:

policy-options {
    policy-statement PREFIX_OUT {
        term my-ipblocks {
            from {
                route-filter 100.80.240.0/20 exact;
                route-filter 100.246.224.0/20 exact;
                route-filter 100.246.240.0/20 exact;
            }
            then accept;
        }
        then reject;
    }
}


- Chris.

____________________________________
Chris Kawchuk (ckawchuk at juniper.net)
Systems Engineering, Service Providers
Juniper Networks Inc., Canada
local:     +1 (403) 470-8174
toll-free: +1 (866) 470-8174


-----Original Message-----
From: juniper-nsp-bounces at puck.nether.net
[mailto:juniper-nsp-bounces at puck.nether.net] On Behalf Of Jad KAROUT
Sent: Monday, November 05, 2007 9:08 AM
To: juniper-nsp at puck.nether.net
Subject: [j-nsp] iBGP impacting eBGP

I'm encountering a problematic issue on our juniper M7i.

We use this router to announce our prefix to the world via two carriers
(ts and c&w). This router also establishes an iBGP link with another one
of our routers.

So the BGP configuration goes something like this :

jad at JUNIPER-BGP> show configuration protocols bgp

traceoptions {
     file bgp.log size 1m files 5;
     flag normal;
     flag state;
}
log-updown;
group T-S {
     type external;
     authentication-key "$9$wrsoGUjkf5Q-dXtc.f5yreKx-oJDi.5lKjk"; ##
SECRET-DATA
     export PREFIX_OUT;
     neighbor IP_TS {
         peer-as TS_AS;
     }
}

group XTS {
     type internal;
     local-address IP_J;
     neighbor IP_RB {
         export DONT_ADVERTISE;
     }
}

group CW {
     type external;
     authentication-key "$8*xtdpHKJHJKL-.hjkGUreKx-oJDi.ppWJoi"; ##
SECRET-DATA
     export PREFIX_OUT;
     neighbor IP_CW {
         peer-as CW_AS;
     }
}


However due to changes in our architecture, the iBGP session is no
longer needed and must be removed. I tried to do that by deleting the
corresponding group in the BGP conf as it is now useless.
However, the second i commit that change, the M7i stops announcing our
prefix to the two eBGP peers.

I don't understand how removing an iBGP session can impact eBGP sessions
?

Any idea anyone ?

Thanks.
_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp


More information about the juniper-nsp mailing list