[j-nsp] SRX drops BGP session
Paul Stewart
paul at paulstewart.org
Thu Oct 13 17:42:45 EDT 2011
Definitely sounds like an MTU issue ... we had a similar experience between
a Cisco & Juniper BGP session a while back....
-----Original Message-----
From: juniper-nsp-bounces at puck.nether.net
[mailto:juniper-nsp-bounces at puck.nether.net] On Behalf Of Jeroen Valcke
Sent: Thursday, October 13, 2011 4:34 PM
To: juniper-nsp at puck.nether.net
Subject: [j-nsp] SRX drops BGP session
Hello,
I've setup a BGP session between an M120 and an SRX240. Session comes up but
after 1m30sec the session is shut down. The BGP error is "Hold Timer Expired
Error". I'm pretty sure that the SRX is blocking the BGP keepalives after
the initial BGP session has been established.
Indeed, when I check the session table on the SRX. I do get an entry for the
BGP session, but it dissapears after only a few seconds. That seems wrong to
me.
Just to be sure, I've enabled OSPF on the same link and the OSPF neighbor
remains adjacent
The weird thing is that we have plenty of operational BGP sessions between
M120s en SRX routers, but this is really the first time I see this.
Has anybody seen the same behaviour?
Any clues on what might be wrong?
Best regards,
-Jeroen-
Part of the configs
jeroen at m120-2.test> show configuration protocols bgp
...
group bsr_customers {
type external;
traceoptions {
file bgp_trace;
flag keepalive;
flag state;
}
peer-as 65432;
neighbor 10.0.10.30;
}
...
jeroen at m120-2.test> show configuration interfaces ge-2/0/4
unit 0 {
description "to srx-2";
family inet {
address 10.0.10.29/30;
}
family inet6 {
address 2001:6a8:3d00:4007::1/64;
}
}
jeroen at srx-2.test.belnet.net> show configuration interfaces
ge-0/0/14
unit 0 {
description "to srx-1";
family inet {
address 10.0.10.34/30;
}
family inet6 {
address 2001:6a8:3d00:4008::1/64;
}
}
jeroen at srx-2.test.belnet.net> show configuration protocols bgp
group ar {
type external;
traceoptions {
file bgp_trace;
flag keepalive;
flag state;
}
peer-as 2611;
neighbor 10.0.10.29;
}
jeroeo at srx-2.test.belnet.net> show configuration security
zones {
security-zone lab {
host-inbound-traffic {
system-services {
all;
}
protocols {
bgp;
ospf;
ospf3;
all;
}
}
interfaces {
ge-0/0/0.0;
ge-0/0/11.0;
ge-0/0/14.0;
ge-1/0/0.0;
lo0.0;
}
}
}
policies {
from-zone lab to-zone lab {
policy allow-all-intrazone-traffic {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
}
--
Jeroen Valcke
_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
More information about the juniper-nsp
mailing list