[j-nsp] iBGP impacting eBGP
Jad KAROUT
jkarout at kertel.com
Wed Nov 7 09:18:36 EST 2007
Hi Chris,
thanks for your input.
I followed your suggestion regarding the aggregate routes and it
seems to be working just fine now.
As for the PREFIX_OUT policy it was already the way you suggested so
no change needed there.
Thanks again !
Le 5 nov. 07 à 18:50, Chris Kawchuk a écrit :
> Hello Jad,
>
> Ensure that the route you'd like to advertise to your external peer is
> actually in your routing table. (At first glance, it would appear that
> your large superblock is no longer in the local routing table.)
>
> Your M7i cannot advertise a route if it's not in the routing table
> somehow. My suggestion is to create an "aggregate" route for your
> export, such as:
>
> routing-options {
> aggregate {
> route 100.80.240.0/20 {
> as-path {
> atomic-aggregate;
> }
> }
> route 100.246.224.0/20 {
> as-path {
> atomic-aggregate;
> }
> }
> route 100.246.240.0/20 {
> as-path {
> atomic-aggregate;
> }
> }
> }
> autonomous-system 12345;
> }
>
> This will ensure that your larger prefix block exists in your M7i's
> local routing table, and hence is valid for export by your PREFIX_OUT
> policy. Ensure that PREFIX_OUT contains the list of blocks you'd
> like to
> export, such as:
>
> policy-options {
> policy-statement PREFIX_OUT {
> term my-ipblocks {
> from {
> route-filter 100.80.240.0/20 exact;
> route-filter 100.246.224.0/20 exact;
> route-filter 100.246.240.0/20 exact;
> }
> then accept;
> }
> then reject;
> }
> }
>
>
> - Chris.
>
> ____________________________________
> Chris Kawchuk (ckawchuk at juniper.net)
> Systems Engineering, Service Providers
> Juniper Networks Inc., Canada
> local: +1 (403) 470-8174
> toll-free: +1 (866) 470-8174
>
>
> -----Original Message-----
> From: juniper-nsp-bounces at puck.nether.net
> [mailto:juniper-nsp-bounces at puck.nether.net] On Behalf Of Jad KAROUT
> Sent: Monday, November 05, 2007 9:08 AM
> To: juniper-nsp at puck.nether.net
> Subject: [j-nsp] iBGP impacting eBGP
>
> I'm encountering a problematic issue on our juniper M7i.
>
> We use this router to announce our prefix to the world via two
> carriers
> (ts and c&w). This router also establishes an iBGP link with
> another one
> of our routers.
>
> So the BGP configuration goes something like this :
>
> jad at JUNIPER-BGP> show configuration protocols bgp
>
> traceoptions {
> file bgp.log size 1m files 5;
> flag normal;
> flag state;
> }
> log-updown;
> group T-S {
> type external;
> authentication-key "$9$wrsoGUjkf5Q-dXtc.f5yreKx-oJDi.5lKjk"; ##
> SECRET-DATA
> export PREFIX_OUT;
> neighbor IP_TS {
> peer-as TS_AS;
> }
> }
>
> group XTS {
> type internal;
> local-address IP_J;
> neighbor IP_RB {
> export DONT_ADVERTISE;
> }
> }
>
> group CW {
> type external;
> authentication-key "$8*xtdpHKJHJKL-.hjkGUreKx-oJDi.ppWJoi"; ##
> SECRET-DATA
> export PREFIX_OUT;
> neighbor IP_CW {
> peer-as CW_AS;
> }
> }
>
>
> However due to changes in our architecture, the iBGP session is no
> longer needed and must be removed. I tried to do that by deleting the
> corresponding group in the BGP conf as it is now useless.
> However, the second i commit that change, the M7i stops announcing our
> prefix to the two eBGP peers.
>
> I don't understand how removing an iBGP session can impact eBGP
> sessions
> ?
>
> Any idea anyone ?
>
> Thanks.
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
More information about the juniper-nsp
mailing list