[j-nsp] Odd BGP Issue

Erdem Sener erdems at gmail.com
Sat Jul 5 16:12:46 EDT 2008


 Hi,
 You may also want to edit your input policy and refine this ANYof
yours a little, such as:

- reject prefixes that are smaller than /24
- reject private addresses
- delete community information that is used (has a meaning) within
your network from the prefixes you receive,
so that you won't _automatically_ treat them in some way

Here's an example, which should be followed by stuff you want to
accept, maybe alter localpref etc.

term rfc1918 {
    from {
        route-filter 10.0.0.0/8 orlonger;
        route-filter 172.16.0.0/12 orlonger;
        route-filter 192.168.0.0/16 orlonger;
    }
    then reject;
}
term smaller-prefixes {
    from {
        route-filter 0.0.0.0/0 prefix-length-range /25-/32;
    }
    then reject;
}
term strip-my-communities {
    from community my-communities;
    then {
        community delete all;
        next term;
    }
}

On Sat, Jul 5, 2008 at 9:28 PM, Lee Hetherington
<lee.hetherington at redtechnology.com> wrote:
> Thanks for your help both!
>
> I am now only announcing the correct things.
>
> I'll go and have a word with myself now :p
>
> Enjoy the rest of the weekend,
>
> Lee
>
>
> -----Original Message-----
> From: Shane Ronan [mailto:sronan at fattoc.com]
> Sent: Sat 05/07/2008 20:19
> To: swm at emanon.com
> Cc: Lee Hetherington; juniper-nsp at puck.nether.net
> Subject: Re: [j-nsp] Odd BGP Issue
>
> Or maybe they wouldn't be upset if you were providing a reliable link
> between two previously un-peered AS's.
>
>
> On Jul 5, 2008, at 12:11 PM, Scott Morris wrote:
>
>> HA!  You are correct that they SHOULDN'T accept that from you,
>> but....  Best
>> ideas are not always implemented.  :)   Just make sure you have a
>> reject at
>> the end of your export policy to then and it'll be much better then!
>>
>> Otherwise, enjoy making their route table a bit mental, but if it's
>> the same
>> AS you're peering with over two links you really aren't messing up
>> the whole
>> world, so nothing huge!  More people would be reacting and upset
>> with you if
>> you were transiting between two DIFFERENT ASNs! (smirk)
>>
>> Scott
>>
>> -----Original Message-----
>> From: Lee Hetherington [mailto:lee.hetherington at redtechnology.com]
>> Sent: Saturday, July 05, 2008 3:11 PM
>> To: swm at emanon.com; juniper-nsp at puck.nether.net
>> Subject: RE: [j-nsp] Odd BGP Issue
>>
>> Thanks Scott...
>>
>> I am peering with interface addresses...
>>
>> I have specific export statements which export a particular filter
>> list,
>> which only includes a /23 of addresses.  For some reason when
>> showing what I
>> am advertising to AS1200 i'm announcing the full route table.  I am
>> surprised an ISP would accept such routes from me, I expect their
>> network is
>> going a bit mental every time I fire up the session again.
>>
>> Lee
>>
>>
>>
>> -----Original Message-----
>> From: Scott Morris [mailto:swm at emanon.com]
>> Sent: Sat 05/07/2008 20:02
>> To: Lee Hetherington; juniper-nsp at puck.nether.net
>> Subject: RE: [j-nsp] Odd BGP Issue
>>
>> I've seen this type of thing before with the random dropping and
>> "hold time
>> exceeded" message when a routing loop has been introduced.
>>
>> Are you peering to a loopback on your peer's router, or to the
>> directly
>> connected physical link?  Watch to be sure you aren't learning
>> through BGP
>> the connected links or loopback interfaces you are connecting to as
>> this may
>> be causing some issues.
>>
>> Do you have traceoptions on your bgp sessions at all?  Perhaps that
>> could
>> give you better details as the routes all come in and your router
>> tries to
>> sort things all out, something is irritating it, so perhaps it will
>> tell you
>> why!
>>
>> BGP sorts a number of things out with its series of bestpath selection
>> algorithms, but if you have done anything else to modify these or just
>> exactly how/where bgp fits into the rest of your routing scenario
>> it may
>> cause issues.
>>
>> HTH,
>>
>> Scott
>>
>>
>> -----Original Message-----
>> From: juniper-nsp-bounces at puck.nether.net
>> [mailto:juniper-nsp-bounces at puck.nether.net] On Behalf Of Lee
>> Hetherington
>> Sent: Saturday, July 05, 2008 2:45 PM
>> To: juniper-nsp at puck.nether.net
>> Subject: [j-nsp] Odd BGP Issue
>>
>> Hi All,
>>
>> I have a very odd problem with a J Series router and wonder if
>> anyone can
>> help, as neither our providers nor JTAC can shed any light on this
>> one.
>>
>> We have a J2320-JH, it has a Link to AS1200 over a 2meg serial x.21
>> connection and then a 100meg connection to AS1299 over ethernet.  I
>> have bgp
>> from our as accepting ANY from them and announcing a single /23
>> network to
>> them.
>>
>> My original 2meg connection has been stable and running a BGP
>> session with
>> no flapping for almost 3 weeks now.  As soon as I introduce the new
>> peer,
>> the route table increases as you'd expect to around 500k routes,
>> becomes
>> stable with 245k active routes and then the originally stable
>> connection
>> starts to flap giving a Hold Timer Expired Error.  This then keeps
>> flapping.
>>
>> Whilst this first session is flapping there are no errors on the
>> interfaces
>> to either AS1200 or AS1299.  However, whilst the session is
>> flapping I note
>> that almost exactly 1mbits/sec is going out of our new AS1299
>> connection and
>> comming into our AS1200 connection.  This traffic however does not
>> come onto
>> our LAN as the gig connection to our switch is showing none or very
>> minimal
>> traffic.
>>
>> The guys at AS1200 havent got back to me yet, but the guys from
>> AS1299 have
>> told me to check my prefix-limit, but I dont currently have this
>> configured.
>> JTAC tell me my router is fine and my configuration is correct.
>>
>> Anyone have an idea?  The providers seem to be stumped but this
>> leaves me
>> with one peer disabled currently.
>>
>> Thanks,
>>
>> Lee
>>
>>
>>
>> _______________________________________________
>> juniper-nsp mailing list juniper-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>>
>>
>> --
>> This message has been scanned for viruses and dangerous content by
>> REDScanner, and is believed to be clean.
>>
>>
>>
>> _______________________________________________
>> juniper-nsp mailing list juniper-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
>
> --
> This message has been scanned for viruses and
> dangerous content by REDScanner, and is
> believed to be clean.
>
>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>


More information about the juniper-nsp mailing list