Routing

Hello Team,

 

I am required introduce an EBGP session to one of our MX 480s that is currently having IBGP session with our M120 router that shares the whole routing table.the next hop for the internet is the M120 at the moment.

when i activate the new EBGP session and apply import and export polices, the MX removes the nexthop from the M120 and install this new table from the EBGP neighbor (this is OK). problem is This new BGP table/prefixes gets redistrbuted to the ISIS and all the small routers are killed by this .

 

any advise how to avoid this ISIS redistribution??

 

below is the IBGP config on the MX and the export policy.

 

group *** {
type internal;
local-address *.*.*.*;
mtu-discovery;
family inet {
any;
}
family inet-vpn {
any;
}
family l2vpn {
signaling;
}
authentication-key "$9$9snsCOREcyrK8RheWx7sYfTz36AO1hSyl"; ## SECRET-DATA
export IBGP;

neighbor *.*.8.0;
neighbor *.*.8.1;

 

[edit policy-options policy-statement IBGP]
term ROUTES {
from community CUSTOMERS;
then {
local-preference 375;
next-hop self;
accept;
}
}
term DIRECT {
from protocol direct;
then {
metric 0;
local-preference 375;
community add ROYAL-CUSTOMERS;
next-hop self;
accept;
}
}

 

 

This is the ISIS config:

 

[edit protocols isis]

reference-bandwidth 100g;
lsp-lifetime 65535;
overload timeout 200;
level 1 disable;
level 2 {
authentication-key "$9$XOvxb2goJZDk24UHmP3nylKM87bs4aJG"; ## SECRET-DATA
authentication-type md5;
wide-metrics-only;
}
interface ge-0/0/3.0 {
point-to-point;
}
interface ge-0/0/5.0 {
point-to-point;
}
interface ge-0/1/1.0 {
point-to-point;
}
interface xe-0/2/0.0 {
point-to-point;
}
interface ae0.10 {
point-to-point;
}
interface fxp0.0 {
disable;
}
interface lo0.0 {
passive;
}

 

I need to indroduce new redundant EBGP from another ISP and terminate on this MX.

i would appreciate any help.

There is nothing inherent in this configuration that exports all the routes from BGP into the ISIS routing table.  In other words, there's no export policy applied to 'protocols isis'.  Are you sure that the routes are being redistributed into ISIS?

hi evt,

when the new ebgp session becomes established, we loose the isis adjacency to all the Jseries and SRXs. all the IBGP session to this boxes changes state to active. some how at some point the whole bgp prefixes is sent to this boxes, if not via isis its via IBGP and they immediately run out of memory. cant tell how its redistributed... there is only one export policy applied to the ibgp that has two terms, could there be any that is sending the whole prefixes to the IBGP neighbors?

thanks
sheeel.

Well, yes.  If you only want the routes matched in the policy to be exported, then you need to set a final 'reject' clause.  See this page for default BGP behavior in Juniper routers:

 

http://www.juniper.net/documentation/en_US/junos13.3/topics/concept/policy-routing-policies-actions-defaults.html

 

I suspect what is happening is that your router is sending a full table to its iBGP neighbors and it is causing them to run out of memory.  To add a reject policy, just do this:

 

set policy-options policy-statement IBGP then reject

 

 

 

Dear evt,

 

I found the issue. it was one of the terms in the export policy applied to the IBGP. the term was saying from comunity xxxxx:3.* (this will match any comunity value that starts with 3), and concidenltly the  new EBGP prefixes are tagged with comunity vlaue xxxxx:37100.

this is how the BGP routes matched the term in the IBGP policy and got pushed to the other IBGP neighbors that got less momory to handle the full table (this term was matching the existing full table before, but that table was learnt from another IBGP neighbor so it wasnt pushed to other IBGP speakers coz if default IBGP policy i think.

i  changed the policy match and now the EBGP is established and so far so good we are ok. 

 

 i would to take this opportunity to specifically thank you (EVT) and all the other members who took time to respond to the post. 

i will update incase of any thing. thanks once again.

 

Regards,

Sheel.