Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: nsp: juniper

Hidden IPv4 iBGP routes

 

 

nsp juniper RSS feed   Index | Next | Previous | View Threaded


jneiberger at gmail

Mar 13, 2012, 8:30 AM

Post #1 of 19 (3368 views)
Permalink
Hidden IPv4 iBGP routes

I was troubleshooting a problem last night and it boiled down to a
Juniper router that was not a whole slew of iBGP routes from a
neighboring ASR9K. I'm too new to Junos to decipher the reason for it.
I had to disguise it a bit, so I hope it's still readable. What does
this actually mean? Can you tell from this output why it is being
hidden?


> show route a.b.c.d hidden extensive

inet.0: 18326 destinations, 36052 routes (17885 active, 0 holddown, 442 hidden)
Restart Complete
a.b.c.0/26 (1 entry, 0 announced)
BGP
Next hop type: Indirect
Next-hop reference count: 427
Source: x.x.x.x
Next hop type: Router, Next hop index: 1006
Next hop: [physical IP address of ASR9K] via
xe-0/0/0.0, selected
Protocol next hop: y.y.y.y [correct protocol next-hop from ebgp]
Indirect next hop: 9c48790 -
State: <Hidden Int Ext>
Local AS: OurAS Peer AS: OurAS
Age: 1w3d 23:59:56 Metric2: 0
Task: BGP_[stuff]
AS path: XXXXX YYYYY I (Looped: XXXXX)
Communities: [lotsa communities]
Router ID: [correct router ID]
Indirect next hops: 1
Protocol next hop: y.y.y.y (same as above)
Indirect next hop: 9c48790 -
Indirect path forwarding next hops: 1
Next hop type: Router
Next hop: [.physical IP of neighbor,
same as above) via xe-0/0/0.0
a.b.c.d/32 Originating RIB: inet.0
Node path count: 1
Forwarding nexthops: 1
Nexthop: [physical IP of neighbor,
same as above] via xe-0/0/0.0
_______________________________________________
juniper-nsp mailing list juniper-nsp [at] puck
https://puck.nether.net/mailman/listinfo/juniper-nsp


lists at c4inet

Mar 13, 2012, 8:40 AM

Post #2 of 19 (3325 views)
Permalink
Re: Hidden IPv4 iBGP routes [In reply to]

John,

On Tue, Mar 13, 2012 at 09:30:35AM -0600, John Neiberger wrote:
>I was troubleshooting a problem last night and it boiled down to a
>Juniper router that was not a whole slew of iBGP routes from a
>neighboring ASR9K. I'm too new to Junos to decipher the reason for it.
>I had to disguise it a bit, so I hope it's still readable. What does
>this actually mean? Can you tell from this output why it is being
>hidden?

>xe-0/0/0.0, selected
> Protocol next hop: y.y.y.y [correct protocol next-hop from ebgp]
> Indirect next hop: 9c48790 -
> State: <Hidden Int Ext>
> Local AS: OurAS Peer AS: OurAS
> Age: 1w3d 23:59:56 Metric2: 0
> Task: BGP_[stuff]
> AS path: XXXXX YYYYY I (Looped: XXXXX)

I'd say the fact that the ASPATH contains a loop results in the route being hidden.
IIRC that is default behaviour in JunOS

rgds,
s.
_______________________________________________
juniper-nsp mailing list juniper-nsp [at] puck
https://puck.nether.net/mailman/listinfo/juniper-nsp


masalbad at gmail

Mar 13, 2012, 1:10 PM

Post #3 of 19 (3322 views)
Permalink
Re: Hidden IPv4 iBGP routes [In reply to]

Hi john;



As far as I know when an eBGP router receives a route contains its own AS
in the AS path it consider it as a loop, so for your case the juniper router
is seeing its own AS (XXXX) in the route's ASPATH received from its eBGP
neighbor (XXXXX YYYYY I), so the solution I would suggest is to remove AS
XXXX on the other router before sending it to the juniper router, if XXXX is
a private AS you can use remove private on the other router; or you can use
AS override.

Hope it is helpful;
Mohammad Salbad
_______________________________________________
juniper-nsp mailing list juniper-nsp [at] puck
https://puck.nether.net/mailman/listinfo/juniper-nsp


sfouant at shortestpathfirst

Mar 13, 2012, 1:15 PM

Post #4 of 19 (3328 views)
Permalink
Re: Hidden IPv4 iBGP routes [In reply to]

Yes this is correct and is indeed the default Junos behavior. If you wanted to receive a looped BGP update, you can define the amount of loops allowed (.i.e. number of times your own AS appears in the AS Path attribute) by configuring the 'set routing-options autonomous system <as-num> loops <num>' command.

HTHs.

Stefan Fouant
JNCIE-SEC, JNCIE-SP, JNCIE-ER, JNCI
Technical Trainer, Juniper Networks

Follow us on Twitter @JuniperEducate

Sent from my iPad

On Mar 13, 2012, at 4:10 PM, "Mohammad" <masalbad [at] gmail> wrote:

> Hi john;
>
>
>
> As far as I know when an eBGP router receives a route contains its own AS
> in the AS path it consider it as a loop, so for your case the juniper router
> is seeing its own AS (XXXX) in the route's ASPATH received from its eBGP
> neighbor (XXXXX YYYYY I), so the solution I would suggest is to remove AS
> XXXX on the other router before sending it to the juniper router, if XXXX is
> a private AS you can use remove private on the other router; or you can use
> AS override.
>
> Hope it is helpful;
> Mohammad Salbad
> _______________________________________________
> juniper-nsp mailing list juniper-nsp [at] puck
> https://puck.nether.net/mailman/listinfo/juniper-nsp

_______________________________________________
juniper-nsp mailing list juniper-nsp [at] puck
https://puck.nether.net/mailman/listinfo/juniper-nsp


dmiller at tiggee

Mar 13, 2012, 2:37 PM

Post #5 of 19 (3323 views)
Permalink
Re: Hidden IPv4 iBGP routes [In reply to]

On 3/13/2012 4:15 PM, Stefan Fouant wrote:
> Yes this is correct and is indeed the default Junos behavior. If you wanted to receive a looped BGP update, you can define the amount of loops allowed (.i.e. number of times your own AS appears in the AS Path attribute) by configuring the 'set routing-options autonomous system <as-num> loops <num>' command.
>
> HTHs.
>
> Stefan Fouant
> JNCIE-SEC, JNCIE-SP, JNCIE-ER, JNCI
> Technical Trainer, Juniper Networks
>
> Follow us on Twitter @JuniperEducate
>
> Sent from my iPad

You can also allow loops on a per BGP neighbor basis with:

neighbor 10.0.0.1 {
family inet {
unicast {
loops 1;
}
}
}

-DMM

> On Mar 13, 2012, at 4:10 PM, "Mohammad" <masalbad [at] gmail> wrote:
>
>> Hi john;
>>
>>
>>
>> As far as I know when an eBGP router receives a route contains its own AS
>> in the AS path it consider it as a loop, so for your case the juniper router
>> is seeing its own AS (XXXX) in the route's ASPATH received from its eBGP
>> neighbor (XXXXX YYYYY I), so the solution I would suggest is to remove AS
>> XXXX on the other router before sending it to the juniper router, if XXXX is
>> a private AS you can use remove private on the other router; or you can use
>> AS override.
>>
>> Hope it is helpful;
>> Mohammad Salbad
>> _______________________________________________
>> juniper-nsp mailing list juniper-nsp [at] puck
>> https://puck.nether.net/mailman/listinfo/juniper-nsp
> _______________________________________________
> juniper-nsp mailing list juniper-nsp [at] puck
> https://puck.nether.net/mailman/listinfo/juniper-nsp

_______________________________________________
juniper-nsp mailing list juniper-nsp [at] puck
https://puck.nether.net/mailman/listinfo/juniper-nsp


jneiberger at gmail

Mar 13, 2012, 3:08 PM

Post #6 of 19 (3324 views)
Permalink
Re: Hidden IPv4 iBGP routes [In reply to]

Something that makes this a little stranger to me is that in the
output showing the looped AS, the local AS isn't ever listed. The
route is originating in AS YYYYY and passing through AS XXXXX on the
way to this router, which is in AS ZZZZZ. I'm confused about how an AS
path loop could be happening.

[YYYYY] -- ebgp -- [XXXXX] -- ebgp -- [ ZZZZZ] -- ibgp/rr -- [juniper router]

The Juniper box is an RR client of the upstream router, which in turn
is an eBGP peer with XXXXX who is learning a route from YYYYY. I don't
see how a path loop could form. I suspect something is just
misconfigured somewhere.

On Tue, Mar 13, 2012 at 3:37 PM, David Miller <dmiller [at] tiggee> wrote:
> On 3/13/2012 4:15 PM, Stefan Fouant wrote:
>> Yes this is correct and is indeed the default Junos behavior. If you wanted to receive a looped BGP update, you can define the amount of loops allowed (.i.e. number of times your own AS appears in the AS Path attribute) by configuring the 'set routing-options autonomous system <as-num> loops <num>' command.
>>
>> HTHs.
>>
>> Stefan Fouant
>> JNCIE-SEC, JNCIE-SP, JNCIE-ER, JNCI
>> Technical Trainer, Juniper Networks
>>
>> Follow us on Twitter @JuniperEducate
>>
>> Sent from my iPad
>
> You can also allow loops on a per BGP neighbor basis with:
>
> neighbor 10.0.0.1 {
>    family inet {
>        unicast {
>            loops 1;
>        }
>    }
> }
>
> -DMM
>
>> On Mar 13, 2012, at 4:10 PM, "Mohammad" <masalbad [at] gmail> wrote:
>>
>>> Hi john;
>>>
>>>
>>>
>>> As far as I know when an  eBGP router receives a route contains its own AS
>>> in the AS path it consider it as a loop, so for your case the juniper router
>>> is seeing its own AS (XXXX) in the route's ASPATH received from its eBGP
>>> neighbor (XXXXX  YYYYY I), so the solution I would suggest is to remove AS
>>> XXXX on the other router before sending it to the juniper router, if XXXX is
>>> a private AS you can use remove private on the other router; or you can use
>>> AS override.
>>>
>>> Hope it is helpful;
>>> Mohammad Salbad
>>> _______________________________________________
>>> juniper-nsp mailing list juniper-nsp [at] puck
>>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>> _______________________________________________
>> juniper-nsp mailing list juniper-nsp [at] puck
>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp [at] puck
> https://puck.nether.net/mailman/listinfo/juniper-nsp

_______________________________________________
juniper-nsp mailing list juniper-nsp [at] puck
https://puck.nether.net/mailman/listinfo/juniper-nsp


masalbad at gmail

Mar 13, 2012, 3:29 PM

Post #7 of 19 (3318 views)
Permalink
Re: Hidden IPv4 iBGP routes [In reply to]

I think you need to check the autonomous-system under the routing-options
hierarchy; and the local-as under protocols bgp group hierarchy;



Mohammad Salbad

_______________________________________________
juniper-nsp mailing list juniper-nsp [at] puck
https://puck.nether.net/mailman/listinfo/juniper-nsp


jneiberger at gmail

Mar 13, 2012, 4:11 PM

Post #8 of 19 (3327 views)
Permalink
Re: Hidden IPv4 iBGP routes [In reply to]

I'll do that right now. I checked the AS under routing-options, but
didn't check for a local-as. Thanks! I'm very new to Juniper, so I'm
still pretty lost.

On Tue, Mar 13, 2012 at 4:29 PM, Mohammad <masalbad [at] gmail> wrote:
> I think you need to check the autonomous-system under the routing-options
> hierarchy; and the local-as under protocols bgp group hierarchy;
>
>
>
> Mohammad Salbad
>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp [at] puck
> https://puck.nether.net/mailman/listinfo/juniper-nsp
_______________________________________________
juniper-nsp mailing list juniper-nsp [at] puck
https://puck.nether.net/mailman/listinfo/juniper-nsp


jneiberger at gmail

Mar 13, 2012, 4:17 PM

Post #9 of 19 (3331 views)
Permalink
Re: Hidden IPv4 iBGP routes [In reply to]

Okay, there is no local AS configured under protocols bgp, and the AS
configured under routing options is correct.

On Tue, Mar 13, 2012 at 5:11 PM, John Neiberger <jneiberger [at] gmail> wrote:
> I'll do that right now. I checked the AS under routing-options, but
> didn't check for a local-as. Thanks! I'm very new to Juniper, so I'm
> still pretty lost.
>
> On Tue, Mar 13, 2012 at 4:29 PM, Mohammad <masalbad [at] gmail> wrote:
>> I think you need to check the autonomous-system under the routing-options
>> hierarchy; and the local-as under protocols bgp group hierarchy;
>>
>>
>>
>> Mohammad Salbad
>>
>> _______________________________________________
>> juniper-nsp mailing list juniper-nsp [at] puck
>> https://puck.nether.net/mailman/listinfo/juniper-nsp
_______________________________________________
juniper-nsp mailing list juniper-nsp [at] puck
https://puck.nether.net/mailman/listinfo/juniper-nsp


harry at juniper

Mar 13, 2012, 4:21 PM

Post #10 of 19 (3327 views)
Permalink
Re: Hidden IPv4 iBGP routes [In reply to]

Are there any vrfs on this box using AS XXXX?

In JUNOS AS loop check is global, so also applies to any vrfs and their configured asns.

HTHs



-----Original Message-----
From: juniper-nsp-bounces [at] puck [mailto:juniper-nsp-bounces [at] puck] On Behalf Of John Neiberger
Sent: Tuesday, March 13, 2012 4:17 PM
To: Mohammad
Cc: juniper-nsp [at] puck
Subject: Re: [j-nsp] Hidden IPv4 iBGP routes

Okay, there is no local AS configured under protocols bgp, and the AS
configured under routing options is correct.

On Tue, Mar 13, 2012 at 5:11 PM, John Neiberger <jneiberger [at] gmail> wrote:
> I'll do that right now. I checked the AS under routing-options, but
> didn't check for a local-as. Thanks! I'm very new to Juniper, so I'm
> still pretty lost.
>
> On Tue, Mar 13, 2012 at 4:29 PM, Mohammad <masalbad [at] gmail> wrote:
>> I think you need to check the autonomous-system under the routing-options
>> hierarchy; and the local-as under protocols bgp group hierarchy;
>>
>>
>>
>> Mohammad Salbad
>>
>> _______________________________________________
>> juniper-nsp mailing list juniper-nsp [at] puck
>> https://puck.nether.net/mailman/listinfo/juniper-nsp
_______________________________________________
juniper-nsp mailing list juniper-nsp [at] puck
https://puck.nether.net/mailman/listinfo/juniper-nsp

_______________________________________________
juniper-nsp mailing list juniper-nsp [at] puck
https://puck.nether.net/mailman/listinfo/juniper-nsp


tomasz.kazmierczak at nsn

Mar 13, 2012, 4:26 PM

Post #11 of 19 (3322 views)
Permalink
Re: Hidden IPv4 iBGP routes [In reply to]

Remember about 2x things/2x boxes: prot bgp group <> advertise-peer-as /
routing-options auton-syst <> loop 2


-----Original Message-----
From: juniper-nsp-bounces [at] puck
[mailto:juniper-nsp-bounces [at] puck] On Behalf Of ext John
Neiberger
Sent: Tuesday, March 13, 2012 6:17 PM
To: Mohammad
Cc: juniper-nsp [at] puck
Subject: Re: [j-nsp] Hidden IPv4 iBGP routes

Okay, there is no local AS configured under protocols bgp, and the AS
configured under routing options is correct.

On Tue, Mar 13, 2012 at 5:11 PM, John Neiberger <jneiberger [at] gmail>
wrote:
> I'll do that right now. I checked the AS under routing-options, but
> didn't check for a local-as. Thanks! I'm very new to Juniper, so I'm
> still pretty lost.
>
> On Tue, Mar 13, 2012 at 4:29 PM, Mohammad <masalbad [at] gmail> wrote:
>> I think you need to check the autonomous-system under the
routing-options
>> hierarchy; and the local-as under protocols bgp group hierarchy;
>>
>>
>>
>> Mohammad Salbad
>>
>> _______________________________________________
>> juniper-nsp mailing list juniper-nsp [at] puck
>> https://puck.nether.net/mailman/listinfo/juniper-nsp
_______________________________________________
juniper-nsp mailing list juniper-nsp [at] puck
https://puck.nether.net/mailman/listinfo/juniper-nsp

_______________________________________________
juniper-nsp mailing list juniper-nsp [at] puck
https://puck.nether.net/mailman/listinfo/juniper-nsp


masalbad at gmail

Mar 13, 2012, 4:34 PM

Post #12 of 19 (3319 views)
Permalink
Re: Hidden IPv4 iBGP routes [In reply to]

Try " show bgp neighbor" to check your local AS and peer AS;



Mohammad Salbad

_______________________________________________
juniper-nsp mailing list juniper-nsp [at] puck
https://puck.nether.net/mailman/listinfo/juniper-nsp


jneiberger at gmail

Mar 13, 2012, 4:50 PM

Post #13 of 19 (3321 views)
Permalink
Re: Hidden IPv4 iBGP routes [In reply to]

Oh, I think there are, actually. Let me check. I know when I was
looking for a local AS config, I know I saw one with AS XXXXX
configured.

On Tue, Mar 13, 2012 at 5:21 PM, Harry Reynolds <harry [at] juniper> wrote:
> Are there any vrfs on this box using AS XXXX?
>
> In JUNOS AS loop check is global, so also applies to any vrfs and their configured asns.
>
> HTHs
>
>
>
> -----Original Message-----
> From: juniper-nsp-bounces [at] puck [mailto:juniper-nsp-bounces [at] puck] On Behalf Of John Neiberger
> Sent: Tuesday, March 13, 2012 4:17 PM
> To: Mohammad
> Cc: juniper-nsp [at] puck
> Subject: Re: [j-nsp] Hidden IPv4 iBGP routes
>
> Okay, there is no local AS configured under protocols bgp, and the AS
> configured under routing options is correct.
>
> On Tue, Mar 13, 2012 at 5:11 PM, John Neiberger <jneiberger [at] gmail> wrote:
>> I'll do that right now. I checked the AS under routing-options, but
>> didn't check for a local-as. Thanks! I'm very new to Juniper, so I'm
>> still pretty lost.
>>
>> On Tue, Mar 13, 2012 at 4:29 PM, Mohammad <masalbad [at] gmail> wrote:
>>> I think you need to check the autonomous-system under the routing-options
>>> hierarchy; and the local-as under protocols bgp group hierarchy;
>>>
>>>
>>>
>>> Mohammad Salbad
>>>
>>> _______________________________________________
>>> juniper-nsp mailing list juniper-nsp [at] puck
>>> https://puck.nether.net/mailman/listinfo/juniper-nsp
> _______________________________________________
> juniper-nsp mailing list juniper-nsp [at] puck
> https://puck.nether.net/mailman/listinfo/juniper-nsp
_______________________________________________
juniper-nsp mailing list juniper-nsp [at] puck
https://puck.nether.net/mailman/listinfo/juniper-nsp


masalbad at gmail

Mar 13, 2012, 4:50 PM

Post #14 of 19 (3322 views)
Permalink
Re: Hidden IPv4 iBGP routes [In reply to]

And also you can try " show | match XXXXX " to check if XXXXX is configured
anywhere else on your router.



M. Salbad

_______________________________________________
juniper-nsp mailing list juniper-nsp [at] puck
https://puck.nether.net/mailman/listinfo/juniper-nsp


jneiberger at gmail

Mar 13, 2012, 4:54 PM

Post #15 of 19 (3319 views)
Permalink
Re: Hidden IPv4 iBGP routes [In reply to]

We do have the following configured under bgp:

group SomeGroupName {
type external;
traceoptions {
file ipv4-ebgp-customer-logs size 10m files 10;
flag state;
}
description "SomeGroup";
family inet {
unicast;
}
remove-private;
local-as XXXXX private;
}

I wish I could post that stuff without editing. hehe Is that enough
to break things? And if so, what is the fix?

Thanks!


On Tue, Mar 13, 2012 at 5:21 PM, Harry Reynolds <harry [at] juniper> wrote:
> Are there any vrfs on this box using AS XXXX?
>
> In JUNOS AS loop check is global, so also applies to any vrfs and their configured asns.
>
> HTHs
>
>
>
> -----Original Message-----
> From: juniper-nsp-bounces [at] puck [mailto:juniper-nsp-bounces [at] puck] On Behalf Of John Neiberger
> Sent: Tuesday, March 13, 2012 4:17 PM
> To: Mohammad
> Cc: juniper-nsp [at] puck
> Subject: Re: [j-nsp] Hidden IPv4 iBGP routes
>
> Okay, there is no local AS configured under protocols bgp, and the AS
> configured under routing options is correct.
>
> On Tue, Mar 13, 2012 at 5:11 PM, John Neiberger <jneiberger [at] gmail> wrote:
>> I'll do that right now. I checked the AS under routing-options, but
>> didn't check for a local-as. Thanks! I'm very new to Juniper, so I'm
>> still pretty lost.
>>
>> On Tue, Mar 13, 2012 at 4:29 PM, Mohammad <masalbad [at] gmail> wrote:
>>> I think you need to check the autonomous-system under the routing-options
>>> hierarchy; and the local-as under protocols bgp group hierarchy;
>>>
>>>
>>>
>>> Mohammad Salbad
>>>
>>> _______________________________________________
>>> juniper-nsp mailing list juniper-nsp [at] puck
>>> https://puck.nether.net/mailman/listinfo/juniper-nsp
> _______________________________________________
> juniper-nsp mailing list juniper-nsp [at] puck
> https://puck.nether.net/mailman/listinfo/juniper-nsp
_______________________________________________
juniper-nsp mailing list juniper-nsp [at] puck
https://puck.nether.net/mailman/listinfo/juniper-nsp


harry at juniper

Mar 13, 2012, 5:05 PM

Post #16 of 19 (3321 views)
Permalink
Re: Hidden IPv4 iBGP routes [In reply to]

Yes, I believe that is enough to cause your issue.

I believe that independent domain might help with the global as loop check, but it too is global and needs to be carefully tested.

Else use as loops, which should also be tested. ;) Adding will flap bgp IIRC.

Regards







-----Original Message-----
From: John Neiberger [mailto:jneiberger [at] gmail]
Sent: Tuesday, March 13, 2012 4:55 PM
To: Harry Reynolds
Cc: Mohammad; juniper-nsp [at] puck
Subject: Re: [j-nsp] Hidden IPv4 iBGP routes

We do have the following configured under bgp:

group SomeGroupName {
type external;
traceoptions {
file ipv4-ebgp-customer-logs size 10m files 10;
flag state;
}
description "SomeGroup";
family inet {
unicast;
}
remove-private;
local-as XXXXX private;
}

I wish I could post that stuff without editing. hehe Is that enough
to break things? And if so, what is the fix?

Thanks!


On Tue, Mar 13, 2012 at 5:21 PM, Harry Reynolds <harry [at] juniper> wrote:
> Are there any vrfs on this box using AS XXXX?
>
> In JUNOS AS loop check is global, so also applies to any vrfs and their configured asns.
>
> HTHs
>
>
>
> -----Original Message-----
> From: juniper-nsp-bounces [at] puck [mailto:juniper-nsp-bounces [at] puck] On Behalf Of John Neiberger
> Sent: Tuesday, March 13, 2012 4:17 PM
> To: Mohammad
> Cc: juniper-nsp [at] puck
> Subject: Re: [j-nsp] Hidden IPv4 iBGP routes
>
> Okay, there is no local AS configured under protocols bgp, and the AS
> configured under routing options is correct.
>
> On Tue, Mar 13, 2012 at 5:11 PM, John Neiberger <jneiberger [at] gmail> wrote:
>> I'll do that right now. I checked the AS under routing-options, but
>> didn't check for a local-as. Thanks! I'm very new to Juniper, so I'm
>> still pretty lost.
>>
>> On Tue, Mar 13, 2012 at 4:29 PM, Mohammad <masalbad [at] gmail> wrote:
>>> I think you need to check the autonomous-system under the routing-options
>>> hierarchy; and the local-as under protocols bgp group hierarchy;
>>>
>>>
>>>
>>> Mohammad Salbad
>>>
>>> _______________________________________________
>>> juniper-nsp mailing list juniper-nsp [at] puck
>>> https://puck.nether.net/mailman/listinfo/juniper-nsp
> _______________________________________________
> juniper-nsp mailing list juniper-nsp [at] puck
> https://puck.nether.net/mailman/listinfo/juniper-nsp

_______________________________________________
juniper-nsp mailing list juniper-nsp [at] puck
https://puck.nether.net/mailman/listinfo/juniper-nsp


jneiberger at gmail

Mar 13, 2012, 5:29 PM

Post #17 of 19 (3320 views)
Permalink
Re: Hidden IPv4 iBGP routes [In reply to]

Thanks! I just heard from another one of our engineers who is much
more familiar with Juniper than I am. He already knew about this, so I
was just a little slow on the uptake. lol

Thanks to all for the help.

On Tue, Mar 13, 2012 at 6:05 PM, Harry Reynolds <harry [at] juniper> wrote:
> Yes, I believe that is enough to cause your issue.
>
> I believe that independent domain might help with the global as loop check, but it too is global and needs to be carefully tested.
>
> Else use as loops, which should also be tested. ;) Adding will flap bgp IIRC.
>
> Regards
>
>
>
>
>
>
>
> -----Original Message-----
> From: John Neiberger [mailto:jneiberger [at] gmail]
> Sent: Tuesday, March 13, 2012 4:55 PM
> To: Harry Reynolds
> Cc: Mohammad; juniper-nsp [at] puck
> Subject: Re: [j-nsp] Hidden IPv4 iBGP routes
>
> We do have the following configured under bgp:
>
> group SomeGroupName {
>    type external;
>    traceoptions {
>        file ipv4-ebgp-customer-logs size 10m files 10;
>        flag state;
>    }
>    description "SomeGroup";
>    family inet {
>        unicast;
>    }
>    remove-private;
>    local-as XXXXX private;
> }
>
> I wish I could post that stuff without editing.  hehe  Is that enough
> to break things? And if so, what is the fix?
>
> Thanks!
>
>
> On Tue, Mar 13, 2012 at 5:21 PM, Harry Reynolds <harry [at] juniper> wrote:
>> Are there any vrfs on this box using AS XXXX?
>>
>> In JUNOS AS loop check is global, so also applies to any vrfs and their configured asns.
>>
>> HTHs
>>
>>
>>
>> -----Original Message-----
>> From: juniper-nsp-bounces [at] puck [mailto:juniper-nsp-bounces [at] puck] On Behalf Of John Neiberger
>> Sent: Tuesday, March 13, 2012 4:17 PM
>> To: Mohammad
>> Cc: juniper-nsp [at] puck
>> Subject: Re: [j-nsp] Hidden IPv4 iBGP routes
>>
>> Okay, there is no local AS configured under protocols bgp, and the AS
>> configured under routing options is correct.
>>
>> On Tue, Mar 13, 2012 at 5:11 PM, John Neiberger <jneiberger [at] gmail> wrote:
>>> I'll do that right now. I checked the AS under routing-options, but
>>> didn't check for a local-as. Thanks! I'm very new to Juniper, so I'm
>>> still pretty lost.
>>>
>>> On Tue, Mar 13, 2012 at 4:29 PM, Mohammad <masalbad [at] gmail> wrote:
>>>> I think you need to check the autonomous-system under the routing-options
>>>> hierarchy; and the local-as under protocols bgp group hierarchy;
>>>>
>>>>
>>>>
>>>> Mohammad Salbad
>>>>
>>>> _______________________________________________
>>>> juniper-nsp mailing list juniper-nsp [at] puck
>>>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>> _______________________________________________
>> juniper-nsp mailing list juniper-nsp [at] puck
>> https://puck.nether.net/mailman/listinfo/juniper-nsp

_______________________________________________
juniper-nsp mailing list juniper-nsp [at] puck
https://puck.nether.net/mailman/listinfo/juniper-nsp


ivanov.ivan at gmail

Mar 14, 2012, 2:51 AM

Post #18 of 19 (3322 views)
Permalink
Re: Hidden IPv4 iBGP routes [In reply to]

Hi,

Harry, in JNCIP study guide is written that if route is discarded because
of AS loop it's not stored in RIB. So it should not be visible with
'hidden' switch.

Or I am wrong and the case here is different.

Thanks!

On Wed, Mar 14, 2012 at 01:29, John Neiberger <jneiberger [at] gmail> wrote:

> Thanks! I just heard from another one of our engineers who is much
> more familiar with Juniper than I am. He already knew about this, so I
> was just a little slow on the uptake. lol
>
> Thanks to all for the help.
>
> On Tue, Mar 13, 2012 at 6:05 PM, Harry Reynolds <harry [at] juniper> wrote:
> > Yes, I believe that is enough to cause your issue.
> >
> > I believe that independent domain might help with the global as loop
> check, but it too is global and needs to be carefully tested.
> >
> > Else use as loops, which should also be tested. ;) Adding will flap bgp
> IIRC.
> >
> > Regards
> >
> >
> >
> >
> >
> >
> >
> > -----Original Message-----
> > From: John Neiberger [mailto:jneiberger [at] gmail]
> > Sent: Tuesday, March 13, 2012 4:55 PM
> > To: Harry Reynolds
> > Cc: Mohammad; juniper-nsp [at] puck
> > Subject: Re: [j-nsp] Hidden IPv4 iBGP routes
> >
> > We do have the following configured under bgp:
> >
> > group SomeGroupName {
> > type external;
> > traceoptions {
> > file ipv4-ebgp-customer-logs size 10m files 10;
> > flag state;
> > }
> > description "SomeGroup";
> > family inet {
> > unicast;
> > }
> > remove-private;
> > local-as XXXXX private;
> > }
> >
> > I wish I could post that stuff without editing. hehe Is that enough
> > to break things? And if so, what is the fix?
> >
> > Thanks!
> >
> >
> > On Tue, Mar 13, 2012 at 5:21 PM, Harry Reynolds <harry [at] juniper>
> wrote:
> >> Are there any vrfs on this box using AS XXXX?
> >>
> >> In JUNOS AS loop check is global, so also applies to any vrfs and their
> configured asns.
> >>
> >> HTHs
> >>
> >>
> >>
> >> -----Original Message-----
> >> From: juniper-nsp-bounces [at] puck [mailto:
> juniper-nsp-bounces [at] puck] On Behalf Of John Neiberger
> >> Sent: Tuesday, March 13, 2012 4:17 PM
> >> To: Mohammad
> >> Cc: juniper-nsp [at] puck
> >> Subject: Re: [j-nsp] Hidden IPv4 iBGP routes
> >>
> >> Okay, there is no local AS configured under protocols bgp, and the AS
> >> configured under routing options is correct.
> >>
> >> On Tue, Mar 13, 2012 at 5:11 PM, John Neiberger <jneiberger [at] gmail>
> wrote:
> >>> I'll do that right now. I checked the AS under routing-options, but
> >>> didn't check for a local-as. Thanks! I'm very new to Juniper, so I'm
> >>> still pretty lost.
> >>>
> >>> On Tue, Mar 13, 2012 at 4:29 PM, Mohammad <masalbad [at] gmail> wrote:
> >>>> I think you need to check the autonomous-system under the
> routing-options
> >>>> hierarchy; and the local-as under protocols bgp group hierarchy;
> >>>>
> >>>>
> >>>>
> >>>> Mohammad Salbad
> >>>>
> >>>> _______________________________________________
> >>>> juniper-nsp mailing list juniper-nsp [at] puck
> >>>> https://puck.nether.net/mailman/listinfo/juniper-nsp
> >> _______________________________________________
> >> juniper-nsp mailing list juniper-nsp [at] puck
> >> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp [at] puck
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>



--
Best Regards!

Ivan Ivanov
_______________________________________________
juniper-nsp mailing list juniper-nsp [at] puck
https://puck.nether.net/mailman/listinfo/juniper-nsp


harry at juniper

Mar 14, 2012, 9:07 AM

Post #19 of 19 (3323 views)
Permalink
Re: Hidden IPv4 iBGP routes [In reply to]

That was my initial recollection as well. Seems we used to need keep-all to even see such a hidden route.

I guess it changes at some point.

Regards





From: Ivan Ivanov [mailto:ivanov.ivan [at] gmail]
Sent: Wednesday, March 14, 2012 2:51 AM
To: John Neiberger
Cc: Harry Reynolds; juniper-nsp [at] puck; Mohammad
Subject: Re: [j-nsp] Hidden IPv4 iBGP routes

Hi,

Harry, in JNCIP study guide is written that if route is discarded because of AS loop it's not stored in RIB. So it should not be visible with 'hidden' switch.

Or I am wrong and the case here is different.

Thanks!
On Wed, Mar 14, 2012 at 01:29, John Neiberger <jneiberger [at] gmail<mailto:jneiberger [at] gmail>> wrote:
Thanks! I just heard from another one of our engineers who is much
more familiar with Juniper than I am. He already knew about this, so I
was just a little slow on the uptake. lol

Thanks to all for the help.

On Tue, Mar 13, 2012 at 6:05 PM, Harry Reynolds <harry [at] juniper<mailto:harry [at] juniper>> wrote:
> Yes, I believe that is enough to cause your issue.
>
> I believe that independent domain might help with the global as loop check, but it too is global and needs to be carefully tested.
>
> Else use as loops, which should also be tested. ;) Adding will flap bgp IIRC.
>
> Regards
>
>
>
>
>
>
>
> -----Original Message-----
> From: John Neiberger [mailto:jneiberger [at] gmail<mailto:jneiberger [at] gmail>]
> Sent: Tuesday, March 13, 2012 4:55 PM
> To: Harry Reynolds
> Cc: Mohammad; juniper-nsp [at] puck<mailto:juniper-nsp [at] puck>
> Subject: Re: [j-nsp] Hidden IPv4 iBGP routes
>
> We do have the following configured under bgp:
>
> group SomeGroupName {
> type external;
> traceoptions {
> file ipv4-ebgp-customer-logs size 10m files 10;
> flag state;
> }
> description "SomeGroup";
> family inet {
> unicast;
> }
> remove-private;
> local-as XXXXX private;
> }
>
> I wish I could post that stuff without editing. hehe Is that enough
> to break things? And if so, what is the fix?
>
> Thanks!
>
>
> On Tue, Mar 13, 2012 at 5:21 PM, Harry Reynolds <harry [at] juniper<mailto:harry [at] juniper>> wrote:
>> Are there any vrfs on this box using AS XXXX?
>>
>> In JUNOS AS loop check is global, so also applies to any vrfs and their configured asns.
>>
>> HTHs
>>
>>
>>
>> -----Original Message-----
>> From: juniper-nsp-bounces [at] puck<mailto:juniper-nsp-bounces [at] puck> [mailto:juniper-nsp-bounces [at] puck<mailto:juniper-nsp-bounces [at] puck>] On Behalf Of John Neiberger
>> Sent: Tuesday, March 13, 2012 4:17 PM
>> To: Mohammad
>> Cc: juniper-nsp [at] puck<mailto:juniper-nsp [at] puck>
>> Subject: Re: [j-nsp] Hidden IPv4 iBGP routes
>>
>> Okay, there is no local AS configured under protocols bgp, and the AS
>> configured under routing options is correct.
>>
>> On Tue, Mar 13, 2012 at 5:11 PM, John Neiberger <jneiberger [at] gmail<mailto:jneiberger [at] gmail>> wrote:
>>> I'll do that right now. I checked the AS under routing-options, but
>>> didn't check for a local-as. Thanks! I'm very new to Juniper, so I'm
>>> still pretty lost.
>>>
>>> On Tue, Mar 13, 2012 at 4:29 PM, Mohammad <masalbad [at] gmail<mailto:masalbad [at] gmail>> wrote:
>>>> I think you need to check the autonomous-system under the routing-options
>>>> hierarchy; and the local-as under protocols bgp group hierarchy;
>>>>
>>>>
>>>>
>>>> Mohammad Salbad
>>>>
>>>> _______________________________________________
>>>> juniper-nsp mailing list juniper-nsp [at] puck<mailto:juniper-nsp [at] puck>
>>>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>> _______________________________________________
>> juniper-nsp mailing list juniper-nsp [at] puck<mailto:juniper-nsp [at] puck>
>> https://puck.nether.net/mailman/listinfo/juniper-nsp

_______________________________________________
juniper-nsp mailing list juniper-nsp [at] puck<mailto:juniper-nsp [at] puck>
https://puck.nether.net/mailman/listinfo/juniper-nsp



--
Best Regards!

Ivan Ivanov
_______________________________________________
juniper-nsp mailing list juniper-nsp [at] puck
https://puck.nether.net/mailman/listinfo/juniper-nsp

nsp juniper RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.