Routing

last person joined: 4 days ago 

Ask questions and share experiences about ACX Series, CTP Series, MX Series, PTX Series, SSR Series, JRR Series, and all things routing, including portfolios and protocols.

  • 1.  BGP Setup.... What am I missing?

    Posted 09-21-2011 07:33

    I feel this is a very basic setup, but I can't for the life of me route traffic using the block assigned to me by my ISP. I need to be able to send and received sourced/dest for the IP block that was assigned to me. I've talked to JTac and couple times but they don't seem to have a handle on BGP.   Help!

     

     

     

    Single ISP. Point to Point between CPE and ISP

    Block assigned by ISP  12.12.12.0/24  

     

     

    Here's the config

     

     

    ge-0/0/1

    {description TimeWarner_AS_4323;

    speed 100m;link-mode full-duplex;

    unit 0 {family inet {

    }address 1.1.1.1/30;

    }family inet6;

     

    ********************************************

    protocols {   

    bgp {        group sessio-toAS4323 {           

    type external;           

    export bgp_transit_export;           

    peer-as 4323;           

    Neighbor 1.1.1.2;

    *********************************************

     }    router-id 12.12.12.1;   

    autonomous-system 36072;

     

    *********************************************

     

    BGP Export Policy

     

    policy-options {   

    policy-statement bgp_transit_export {       

    term the_rest {           

    then reject;        }       

    from {           

    protocol [ static  ];           

    interface 12.12.12.254;           

    route-filter 12.12.12.0/24 exact;        }       

    then accept;    }

     

    *********************************************

    BGP neighbors is ESTABLISHED 

    I'm able to ping the far end of my Point-to-Point.

    I have NAT setup to translate traffic sourced from 10.1.1.0/24 to 12.12.12.2/24

    I seeing traffic translate and  go out, but not come back in.

    Proxy Arp is setup

     

    *********************************************

     

    NAT logs

    Sep 21 10:17:26 10:17:26.570138:CID-0:RT:  flow_first_create_session
    Sep 21 10:17:26 10:17:26.570191:CID-0:RT:  flow_first_in_dst_nat: in <ge-0/0/2.0>, out <N/A> dst_adr 4.2.2.2, sp 39704, dp 1024
    Sep 21 10:17:26 10:17:26.570191:CID-0:RT:  chose interface ge-0/0/2.0 as incoming nat if.
    Sep 21 10:17:26 10:17:26.570191:CID-0:RT:flow_first_rule_dst_xlate: DST no-xlate: 0.0.0.0(0) to 4.2.2.2(1024)
    Sep 21 10:17:26 10:17:26.570253:CID-0:RT:flow_first_routing: call flow_route_lookup(): src_ip 10.1.1.21, x_dst_ip 4.2.2.2, in ifp ge-0/0/2.0, out ifp N/A sp 39704, dp 1024, ip_proto 1, tos 0
    Sep 21 10:17:26 10:17:26.570253:CID-0:RT:Doing DESTINATION addr route-lookup
    Sep 21 10:17:26 10:17:26.570253:CID-0:RT:  routed (x_dst_ip 4.2.2.2) from DMZ (ge-0/0/2.0 in 0) to ge-0/0/1.0, Next-hop: 64.132.167.13
    Sep 21 10:17:26 10:17:26.570253:CID-0:RT:  policy search from zone DMZ-> zone untrust (0x0,0x9b180400,0x400)
    Sep 21 10:17:26 10:17:26.570253:CID-0:RT:  app 0, timeout 60s, curr ageout 60s
    Sep 21 10:17:26 10:17:26.570253:CID-0:RT:flow_first_src_xlate: 10.1.1.21/39704 -> 4.2.2.2/1024 | 4.2.2.2/1024 -> 0.0.0.0/39704: nat_src_xlated: False, nat_src_xlate_failed: False
    Sep 21 10:17:26 10:17:26.570253:CID-0:RT:flow_first_src_xlate: src nat 0.0.0.0(39704) to 4.2.2.2(1024) returns status: 1, rule/pool id: 1/61445, pst_nat: False.
    Sep 21 10:17:26 10:17:26.570253:CID-0:RT:  dip id = 5/15, 10.1.1.21/39704->12.12.12.1/18174
    Sep 21 10:17:26 10:17:26.570253:CID-0:RT:  dip id = 5/15, 10.1.1.21/39704->12.58.170.1/18174
    Sep 21 10:17:26 10:17:26.570253:CID-0:RT:  choose interface ge-0/0/1.0 as outgoing phy if
    Sep 21 10:17:26 10:17:26.570253:CID-0:RT:is_loop_pak: No loop: on ifp: ge-0/0/1.0, addr: 4.2.2.2, rtt_idx:0
    ******************************************

    proxy-arp {         

      interface ge-0/0/1.0 {             

      address {                   

    12.12.12.1/32 to 12.12.12.254/32;         

          }

     

     

     



  • 2.  RE: BGP Setup.... What am I missing?
    Best Answer

    Posted 09-21-2011 20:14

    It sounds like your /24 is not being advertised to the service provider.  You are able to ping the peer address because (by default) it will use your local address on that link as the source.

     

    I've never used a policy-statement that had some parameters under a term and some that did not, so I'm not sure which is processed first.  I would reorganize it as follows (for readability if nothing else):

     

    policy-options {
        policy-statement bgp_transit_export {
            term export {
                from {    
                    protocol [ static  ];  
                    interface 12.12.12.254;  
                    route-filter 12.12.12.0/24 exact;
                }  
                then accept;
            }
            term the_rest {  
                then reject;
            }
        }
    }

    You didn't post enough of your configuration for me to be certain, but I'm guessing your conditions on that policy statement are also incorrect.  If you're doing NAT then 12.12.12.254 probably doesn't exist on any of your interfaces.  I would do a static discard route for 12.12.12.0/24 (set routing-options static route 12.12.12/24 discard) and remove the "interface" condition in the match.  The NAT rules should keep the discard route from dropping any traffic you care about.

     

    :w

     



  • 3.  RE: BGP Setup.... What am I missing?

    Posted 09-22-2011 00:06

    In your policy option your reject is above your accept.

     

    Swap them around and this should then work.

     

    Nick