Routing

hi

Interesting problem, that has got me a running around the houses.

So we have 2 setups, mx960 running 2x re-2000 and mx960 running 2x re-1800-s - as a note we are using a routing-instance, but this is setup on both configurations

Following is for the mx960 running re-2000. snmp is ran to poll both the routing engines - this works as expected.

mx960 running re-1800-s. snmp is ran to poll both the routing engines, but we are only able to poll the active routing-engine. the backup does not want to work. if we failover, the new backup RE becomes unresponsive. dug a little deaper, and the routing on the backup re-1800-s looks perfect, arp entries are up showing the local IP range. from the backup RE I am able to ping anything that is directly connected on the same network. as soon as I attempt to ping an address that is a bgp neighbour on a seperate network, the ping's begin to fail - this IP is reachable from the active RE.

"show route" is the exact same as the active as well. looked at our working pair, and the only changes I can see is the following, but I dont see why these would affect routing:

set system no-multicast-echo

set system no-redirects

set system no-redirects-ipv6

The way we have setup the routing-engine IP's are as follows:

set groups re0 interfaces fxp0 unit 0 family inet address 1.1.1.1/25

set groups re1 interfaces fxp0 unit 0 family inet address 1.1.1.2/25

Looking for generic routing issues that would effect backup RE from being able to communicate with the active routing-table. Any assistance would be great. Thanks CG

Hi CG,

Not sure, if I understand your issue completely, but as you mentioned that backup RE is not able to reach any other subnets except the directly connected subnet, it would be good to check "show route forwarding-table destination <>" for the route you are trying to reach on backup RE. If that does not show any entry and you are not running nonstop-routing, then probably adding backup-router configuration might help. You can refer to techpubs link for more details:

https://www.juniper.net/techpubs/en_US/junos15.1/topics/task/configuration/backup-router-configuring.html

Hope this helps.

Thanks

Hi

We have non-stop routing enabled, and able to see the route on the backup RE - these are routes that are contained within the routing-instance. Looking at the backup routing forwarding table, main difference I can see is there isn't an inet.0 route to the address on the backup RE - but since it doesn't use the inet.0 table shouldn't make any difference:

{backup}
@1> show route forwarding-table destination 2.2.2.0 
Routing table: default.inet
Internet:
Destination        Type RtRef Next hop           Type Index    NhRef Netif
default            perm     0                    rjct       36     1

Routing table: __master.anon__.inet
Internet:
Destination        Type RtRef Next hop           Type Index    NhRef Netif
default            perm     0                    rjct      547     1

Routing table: __juniper_services__.inet
Internet:
Destination        Type RtRef Next hop           Type Index    NhRef Netif
default            perm     0                    dscd      569     2

Routing table: INTERNET.inet
Internet:
Destination        Type RtRef Next hop           Type Index    NhRef Netif
2.2.2.0/24    user     0                    indr  1048578     6
                              1.1.1.3     ucst     1408     3 ae2.0

{backup}
@1> show route 2.2.2.0

inet.0: 11 destinations, 11 routes (11 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

0.0.0.0/0          *[Static/100] 7w0d 18:20:45
                    > to 1.1.1.1 via fxp0.0

INTERNET.inet.0: 629393 destinations, 3575401 routes (629347 active, 0 holddown, 616273 hidden)
+ = Active Route, - = Last Active, * = Both

2.2.2.0/24    *[BGP/170] 4w5d 22:26:33, MED 0, localpref 100
                      AS path: I, validation-state: unverified
                    > to 1.1.1.3 via irb.904

{backup}
@1> exit
rlogin: connection closed

{master}
@1> show route forwarding-table destination 2.2.2.0 
Routing table: default.inet
Internet:
Destination        Type RtRef Next hop           Type Index    NhRef Netif
default            user     0 71:e4:11:3d:1f:4e  ucst      368     3 fxp0.0
default            perm     0                    rjct       36     1

Routing table: __master.anon__.inet
Internet:
Destination        Type RtRef Next hop           Type Index    NhRef Netif
default            perm     0                    rjct      547     1

Routing table: __juniper_services__.inet
Internet:
Destination        Type RtRef Next hop           Type Index    NhRef Netif
default            perm     0                    dscd      569     2

Routing table: INTERNET.inet
Internet:
Destination        Type RtRef Next hop           Type Index    NhRef Netif
2.2.2.0/24    user     1                    indr  1048578     7
                              1.1.1.3    ucst     1408     4 ae2.0

{master}
@1> show route 2.2.2.0 

inet.0: 11 destinations, 11 routes (11 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

0.0.0.0/0          *[Static/100] 7w4d 01:03:12
                    > to 1.1.1.1 via fxp0.0

INTERNET.inet.0: 616616 destinations, 2961761 routes (616289 active, 0 holddown, 2340 hidden)
+ = Active Route, - = Last Active, * = Both

2.2.2.0/24    *[BGP/170] 4w5d 22:26:26, MED 0, localpref 100
                      AS path: I, validation-state: unverified
                    > to 1.1.1.3 via irb.904

We don't use backup-router as a solution, as we have a L2 setup for management "fxp.0" to communicate over. I'm trying to understand why the backup RE isn't using the routing-instance table for routes.

No FW and routing looks fine. Wondering if there is a command I am either using or not using that could be causing this.

Thanks

CG

Hi CG,

Looks interesting. The route is exactly same on both the REs. Is it possible to try some steps to isolate this issue further?

1. Can we make the 2.2.2.0 route available in inet.0 table and see if backup RE is getting polled from SNMP server in 2.2.2.0 subnet?

2. Can we try to add a static route inside routing-instance instead of a BGP route to reach 2.2.2.0 subnet?

3. Can you also please share the "show route" outputs from MX960 having RE-2000s(from both backup and master RE) to see if at all there is any other difference?

Thanks

1. Can we make the 2.2.2.0 route available in inet.0 table and see if backup RE is getting polled from SNMP server in 2.2.2.0 subnet?

>>>Before breaking our monitoring, tested it on another IP range - this hasn't worked regrettably. I am able to ping the local address of 192.168.1.24 from the master and backup RE. Here is the result of the neighbour ping:

{master}
@1> show route 192.168.1.25
inet.0: 11 destinations, 11 routes (11 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
192.168.1.0/27   *[Direct/0] 9w2d 18:03:08
                    > via ge-1/2/2.0

INTERNET.inet.0: 617910 destinations, 2970518 routes (617621 active, 0 holddown, 3023 hidden)
+ = Active Route, - = Last Active, * = Both

192.168.1.0/27    *[Aggregate/130] 9w6d 02:29:11
                      Reject
                    [Static/250] 9w6d 02:29:11
                      Discard

{master}
@1> ping 192.168.1.25  
PING 192.168.1.25 (192.168.1.25): 56 data bytes
64 bytes from 192.168.1.25: icmp_seq=0 ttl=128 time=4.751 ms
64 bytes from 192.168.1.25: icmp_seq=1 ttl=128 time=0.497 ms

{backup}
@1> show route 192.168.1.25
inet.0: 11 destinations, 11 routes (11 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
192.168.1.0/27   *[Direct/0] 9w2d 18:04:28
                    > via ge-1/2/2.0

INTERNET.inet.0: 633891 destinations, 3580501 routes (633844 active, 0 holddown, 617602 hidden)
+ = Active Route, - = Last Active, * = Both
192.168.1.0/27    *[Aggregate/130] 9w2d 19:47:58
                      Reject
                    [Static/250] 9w2d 19:47:58
                      Discard

{backup}
@1> ping 192.168.1.25  
PING 192.168.1.25 (192.168.1.25): 56 data bytes

ping: sendto: Network is down
ping: sendto: Network is down

2. Can we try to add a static route inside routing-instance instead of a BGP route to reach 2.2.2.0 subnet?

>>>The above is using static

3. Can you also please share the "show route" outputs from MX960 having RE-2000s(from both backup and master RE) to see if at all there is any other difference?

>>>We run full BGP table

Many thanks

CG

Hi CG,

Earlier you mentioned that you were able to ping the directly connected LAN subnet IP from backup RE. In the latest example you shared, I don't see the ping working even for the directly connected LAN segment IP. This looks different from intial problem where you mentioned the reachability issue from backup RE for a different subnet which is reachable via routing-instance.

I was asking for "show route" specifically "show route x.x.x.x" and "show route forwarding-table destination x.x.x.x" outputs for the MX960 router having RE-2000 for the specific route, not the complete internet table for comparison.

Thanks

Sarathi