[j-nsp] "set routing-options protect core" breaks local-preference
Karl Gerhard
karl_gerh at gmx.at
Tue Sep 11 05:47:43 EDT 2018
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
*From:* [mailto:adamv0025 at netconsultings.com]
*Sent:* Tue, Sep 11, 2018 9:52 AM CEST
*To:* 'Karl Gerhard'; juniper-nsp at puck.nether.net
*Subject:* [j-nsp] "set routing-options protect core" breaks local-preference
>> -----Original Message-----
>> From: juniper-nsp [mailto:juniper-nsp-bounces at puck.nether.net] On Behalf
>> Of Karl Gerhard
>>
>> Hello
>>
>> I am experimenting with BGP PIC before deploying it to production and I
>> have found an oddity:
>> With "set routing-options protect core" local-preference stops working the
>> way I would expect it to work.
>>
>> If I configure "local-preference 120" on import from my IBGP neighbor the
>> router will send traffic for some prefixes to my IBGP neighbor (where they
>> will egress through EBGP) and for other prefixes directly to my EBGP
>> neighbor. It seems like they're getting load-balanced per destination subnet.
>> This is how it looks in the routing table:
>>
>> root at router1# run show route 1.0.143.0/24 table inet.0
>> inet.0: 705394 destinations, 2116034 routes (705393 active, 0 holddown, 2
>> hidden) @ = Routing Use Only, # = Forwarding Use Only
>> + = Active Route, - = Last Active, * = Both
>>
>> 1.0.143.0/24 @[BGP/170] 00:08:21, localpref 120
>> AS path: 174 38040 23969 ?, validation-state: unverified
>> > to 123.123.123.1 via ae1.0
>> to 55.55.55.2 via ae3.0
>> [BGP/170] 00:07:37, localpref 100
>> AS path: 174 38040 23969 ?, validation-state: unverified
>> > to 55.55.55.2 via ae3.0
>> #[Multipath/255] 00:07:37, metric2 0
>> to 123.123.123.1 via ae1.0
>> > to 55.55.55.2 via ae3.0
>> to 55.55.55.2 via ae3.0
>>
>> 123.123.123.1 is my IBGP neighbor where I would like traffic to go
>> 55.55.55.2 is my EBGP neighbor
>>
>> This is the part that is causing issues:
>> #[Multipath/255] 00:07:37, metric2 0
>> to 123.123.123.1 via ae1.0
>> > to 55.55.55.2 via ae3.0
>> to 55.55.55.2 via ae3.0
>>
>> With "local-preference 120" configured on my IBGP session I would expect all
>> packets to go to my IBGP neighbor (123.123.123.1) - at least that's how it
>> used to work. But for this specific subnet (and many others) the traffic will go
>> directly to my EBGP neighbor.
>>
>> How do I make all traffic go to my IBGP neighbor?
>> Is that "by design" or is it a bug in Junos 18.2R1?
>>
> There seem to be two next hops for the entry with localpref120 and AS path: 174 38040 23969, if everything else is equal then eBGP path wins.
>
> 1.0.143.0/24 @[BGP/170] 00:08:21, localpref 120
> AS path: 174 38040 23969 ?, validation-state: unverified
> > to 123.123.123.1 via ae1.0
> to 55.55.55.2 via ae3.0
>
> adam
>
> netconsultings.com
> ::carrier-class solutions for the telecommunications industry::
>
Hello Adam
1. There is only one next-hop with local-preference 120, that's the IBGP one. Junos is just displaying weird things. That's probably part of the problem.
2. I have found even more brokenness with "protect core" on Junos 18.2R1 and rolled back to Junos 17.3. With this Junos version "protect core" and local-preference work as expected. Thank you Adam and and thank you Ivan for confirming that I am not crazy.
One of the worst things about running Juniper hardware is the software updates. I feel like every time I upgrade Junos bits and pieces of previously working stuff break in miraculous ways and it steals you hours or days of your time.
Regards
Karl
More information about the juniper-nsp
mailing list