[j-nsp] Odd BGP Issue

Shane Ronan sronan at fattoc.com
Sat Jul 5 15:09:35 EDT 2008


You'll need to apply a filter to your outbound BGP sessions to ONLY  
send YOUR routes.

By default routes learned by BGP are automatically sent out other BGP  
peers.

Here's an example from one of my multi-peered routers.

policy-options {
     policy-statement localannounce {
         term specific-pass-filter {
             from {
                 route-filter <your route>/23 exact accept;
             }
             then reject;

protocols {

     bgp {
         group <your peer name> {
             export localannounce;
             local-as <your AS#>;
             neighbor <your peer IP> {
                 peer-as <your peer's AS#>;
             }
         }
     }

Hope this helps!


On Jul 5, 2008, at 12:06 PM, Lee Hetherington wrote:

> LOL, I am indeed announcing the entire route table to AS1200 from  
> AS1299.
>
> How can I stop this?  I am using the same prefix list to each  
> provider, and should only be announcing a specific range of IP's?
>
>
> Many Thanks,
>
> Lee
>
> --
> Lee Hetherington
>
> Technical Services Lead
> REDtechnology.com
> T: +44 (0) 1865 880800
> F: +44 (0) 1865 880865
> W: www.REDtechnology.com
>
> Email Disclaimer: "This e-mail is for the use of the intended  
> recipient(s) only. Any views or opinions presented are solely those  
> of the author and do not necessarily represent those of  
> REDtechnology.com or any of it's Affiliates. If you are not the  
> intended recipient, be advised that you have received this email in  
> error and that any use, dissemination, forwarding, printing, or  
> copying of this email is strictly prohibited. We have taken  
> precautions to minimize the risk of transmitting software viruses,  
> but we advise you to carry out your own virus checks on any  
> attachment to this message. We cannot accept liability for any loss  
> or damage caused by software viruses."
>
>
>
>
> -----Original Message-----
> From: Shane Ronan [mailto:sronan at fattoc.com]
> Sent: Sat 05/07/2008 19:52
> To: Lee Hetherington
> Cc: juniper-nsp at puck.nether.net
> Subject: Re: [j-nsp] Odd BGP Issue
>
> Sounds like with your configuration you are transiting traffic
> between your two peer AS's.
>
> Can you run 'show route advertising-protocol <neighbor>' for each of
> your two peer's when you have both up and running?
>
> It may be that the 2meg link is saturated and the keepalive messages
> are not making it across in time.
>
> Just a thought.
>
> Shane
>
>
>
> On Jul 5, 2008, at 11:45 AM, Lee Hetherington wrote:
>
> > Hi All,
> >
> > I have a very odd problem with a J Series router and wonder if
> > anyone can help, as neither our providers nor JTAC can shed any
> > light on this one.
> >
> > We have a J2320-JH, it has a Link to AS1200 over a 2meg serial x.21
> > connection and then a 100meg connection to AS1299 over ethernet.  I
> > have bgp from our as accepting ANY from them and announcing a
> > single /23 network to them.
> >
> > My original 2meg connection has been stable and running a BGP
> > session with no flapping for almost 3 weeks now.  As soon as I
> > introduce the new peer, the route table increases as you'd expect
> > to around 500k routes, becomes stable with 245k active routes and
> > then the originally stable connection starts to flap giving a Hold
> > Timer Expired Error.  This then keeps flapping.
> >
> > Whilst this first session is flapping there are no errors on the
> > interfaces to either AS1200 or AS1299.  However, whilst the session
> > is flapping I note that almost exactly 1mbits/sec is going out of
> > our new AS1299 connection and comming into our AS1200 connection.
> > This traffic however does not come onto our LAN as the gig
> > connection to our switch is showing none or very minimal traffic.
> >
> > The guys at AS1200 havent got back to me yet, but the guys from
> > AS1299 have told me to check my prefix-limit, but I dont currently
> > have this configured.  JTAC tell me my router is fine and my
> > configuration is correct.
> >
> > Anyone have an idea?  The providers seem to be stumped but this
> > leaves me with one peer disabled currently.
> >
> > Thanks,
> >
> > Lee
> >
> >
> >
> > _______________________________________________
> > juniper-nsp mailing list juniper-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/juniper-nsp
>
>
> --
> This message has been scanned for viruses and
> dangerous content by REDScanner, and is
> believed to be clean.
>
>
>



More information about the juniper-nsp mailing list