[j-nsp] ScreenOS BGP uses wrong interface
Ross Vandegrift
ross at kallisti.us
Mon Feb 8 11:39:52 EST 2010
On Sat, Feb 06, 2010 at 02:48:37PM -0500, Mark Kamichoff wrote:
> Can you try adding the "outgoing-interface loopback.1" to your neighbor
> statement?
>
> set neighbor 10.2.30.254 remote-as 65001 src-interface loopback.1 outgoing-interface loopback.1
No effect, even though it makes sense that I need both.
> On the other two firewalls that /are/ working, do you know who initiated
> the BGP connection? I'm wondering if JUNOS happened to initiate the
> connection first, which is why they're working.
According to the session table, both had the other side open the
connection.
> Also, I ran into some other problems with ScreenOS BGP (somehow, upon
> connection failure, ScreenOS would take 40+ minutes to reconnect to the
> neighbor) that were resolved with an upgrade to 6.1.0r6.0. I'd
> recommend grabbing the latest 6.1.0 just in case.
According to TAC I've hit PR303929:
A BGP peer connection cannot be established if neighbors are
configured using a loopback interface as the source interface. BGP can
not find the local-ip when negotiate the peer status.
TAC engineer says that it's fixed in 6.2.0r4.0 - after upgrading, the
session comes up with the correct local IP:
lab-ssg5b-> get vr trust-vr protocol bgp neighbor
Peer AS Remote IP Local IP Wt Status State ConnID Up/Down
--------------------------------------------------------------------------------------
65001 10.2.30.254 10.2.30.253 100 Enabled ESTABLISH 15 00:01:13
Looks good now,
Ross
--
Ross Vandegrift
ross at kallisti.us
"If the fight gets hot, the songs get hotter. If the going gets tough,
the songs get tougher."
--Woody Guthrie
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: Digital signature
URL: <https://puck.nether.net/pipermail/juniper-nsp/attachments/20100208/9050cde3/attachment.bin>
More information about the juniper-nsp
mailing list