[j-nsp] Route Precedence

Ben Dale bdale at comlinx.com.au
Wed Jul 13 03:29:54 EDT 2011 

Hi Chris,

At a guess, It looks like you're trying to dump 170,000 routes from your Border:
> inet.0: 363930 destinations, 363932 routes (170427 active, 0 holddown, 193504 hidden)


 into your core EX4200:
> inet.0: 16384 destinations, 16384 routes (16384 active, 0 holddown, 0 hidden)

which is topping out at 16k (which is over the 10k supported according to the data sheet):

Without knowing your full topology, it's hard to suggest a workaround, but it would be something like create a summary default from your border for your internet routes, and only redistribute your own routes over your iBGP and every thing should work fine.

I think the reason you're seeing internal routes work sometimes (after a power cut) is due to the order they are being added to the route table in (eg: sometimes it's within the first 16k and sometimes it's not)

Cheers,

Ben


On 13/07/2011, at 4:27 PM, Chris wrote:

> Hi all,
> 
> I have a pair of EX4200's which are running iBGP to a pair of J6350's.
> 
> I am seeing some strange behaviour with the routing on them. The
> EX4200's have a few different VLANs setup:
> 
> vlan 50 - Used to connect to a J6350
> vlan 100 - The VLAN the devices I am trying to reach are on
> 
> The devices on vlan 100 are on the 10.10.10.0/24 range, with the
> EX4200's being the gateway for that network (it has been assigned
> 10.10.10.254). The problem I am seeing is from the EX4200's I can reach
> any device in that network fine. From the J6350's I can reach SOME
> devices but not others. I have not been able to find a pattern for this
> - an example device I have plugged in is a Dell blade chassis. It has a
> management controller that sits on 10.10.10.100 which I can get to from
> both the EX4200's and the J6350's. Each blade in the chassis is also
> assigned an IP for management through the same controller, in this case
> 10.10.10.101-117. I can't reach the individual blade management IP's
> from the J6350's yet from the EX4200's I can reach them fine. It has me
> a bit confused as it uses the same port on the EX4200's.
> 
> For the below examples, here is the IP addressing (these are obviously
> not real):
> 99.99.99.240/30 - acc-core vlan50 (99.99.99.241) and acc-bdr1 ge-0/0/0
> (99.99.99.242)
> 99.99.99.253 - acc-core lo0
> 
> On the J6350's the route for 10.10.10.0/24 is learnt via iBGP:
> 
> root at acc-bdr1> show route 10.10.10.0
> 
> inet.0: 363930 destinations, 363932 routes (170427 active, 0 holddown,
> 193504 hidden)
> + = Active Route, - = Last Active, * = Both
> 
> 10.10.10.0/24      *[BGP/170] 00:49:35, localpref 100, from 99.99.99.253
>                      AS path: I
>> to 99.99.99.241 via ge-0/0/0.0
> 
> That route does seem to work, if I ping any IP in 10.10.10.0/24 (even
> the 'non-working' IPs) and run a tcpdump on the J6350 I can see the
> traffic heading out to the EX4200's.
> 
> As a test, I added a static route for 10.10.10.101/32 with a next hop of
> 10.10.10.254 on the J6350. This doesn't show in the routing table on the
> J6350:
> 
> root at acc-bdr1> show configuration routing-options static route
> 10.10.10.101/32
> next-hop 10.10.10.254;
> 
> root at acc-bdr1> show route 10.10.10.101
> 
> inet.0: 363933 destinations, 363935 routes (170429 active, 0 holddown,
> 193505 hidden)
> + = Active Route, - = Last Active, * = Both
> 
> 10.10.10.0/24      *[BGP/170] 00:54:12, localpref 100, from 99.99.99.253
>                      AS path: I
>> to 99.99.99.241 via ge-0/0/0.0
> 
> On the EX4200 the route is there correctly:
> root at acc-core> show route 10.10.10.101
> 
> inet.0: 16384 destinations, 16384 routes (16384 active, 0 holddown, 0
> hidden)
> Restart Complete
> + = Active Route, - = Last Active, * = Both
> 
> 10.10.10.0/24      *[Direct/0] 00:55:58
>> via vlan.100
> 
> After the route was added, the EX4200 had the power cut and restored and
> I could magically ping 10.10.10.101 from the J6350 with no other config
> changes. The power was cut again, and I then lost the ability to ping it
> from the J6350, but I could still ping it from the EX4200. I have no
> idea why this is so I am a bit confused.
> 
> The J6350 has no filters in place currently, it is running the router
> config too with the security features disabled.
> 
> Is there anything obvious I'm missing?
> 
> Thanks
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>

More information about the juniper-nsp mailing list