[j-nsp] SRX drops BGP session
Pavel Lunin
plunin at senetsy.ru
Fri Oct 14 02:19:36 EDT 2011
Would it no be advisae to either teace it or a tcpdump from the OS you can
> see what packets are being sent and received on the interface?
Generally yes, but. Though this doesn't seem to be the case for Jeroen since
he uses eBGP with direct interface address peering, you must keep in mind
that in case a packet comes to SRX though interface A having dst-ip set to
address bound to interface B, it will first threat it as a transit packet
and pass through the flow engine (policy, ect). You won't be able to catch
the packet with 'monitor traffic', even though it than goes to the control
plane. Don't know if there are tricks to overcome this.
In case of tracing, you have to use [edit security flow] traceoptions, not
the BGP trace.
As a quick check I'd propose to use a firewall filter, excluding the BGP
packets out of flow processing with selective packet-mode option, or even
temporarily turn the SRX into router context, and see if something changes.
More information about the juniper-nsp
mailing list