Routing

last person joined: 3 days ago 

Ask questions and share experiences about ACX Series, CTP Series, MX Series, PTX Series, SSR Series, JRR Series, and all things routing, including portfolios and protocols.

  • 1.  Loopback and Routing Instances - Ping returns different source

    Posted 12-08-2012 13:29

    Hi All,

     

    I am currently working with a pair of MX80s on 11.2r7.4 and am using multiple Routing Instances for the first time.

     

    The design is fairly strightforward:

    1. The default Master Routing table is used for Interior Routing.

    2. Additional Tables for Peering, Transit and additional ones for special cases where I need to get subsets of either Transit or Peering to other customers.

     

    All of this works very well, however I'm experiencing something I can't explain with a loopback interface I have configured. Let's say the loopback is on 123.0.0.1/32 (not its actual address).

     

    1. Routers/Switches that are within the Master Routing instance can ping 123.0.0.1/32 and get 123.0.0.1/32 as the source of the return packets.

     

    2. Pings that come via one of the other routing tables (i.e. Peering or Transit) are received by the loopback, but return the ping as from an address associated with the physical interface (either the IRB or Physical interface - whichever is the egress for the return packet).

     

    For the routing instance peering, I have the following (abbreviated):

     

    router-peering {

       instance-type virtual-router;

       interface ge-1/1/2.599;

       interface irb.306;

       interface irb.315;

       routing-options {

           instance-import vr-send-to-peering-provider;

       }

    ....

    }

     

    Here's part of the vr-send-to-peering-provider policy that imports routes which exposes (among other things) the loopback interface to the router-peering instance.

     

    term 4 {

       from protocol [ direct ospf ];

       then accept;

    }

     

    Sure enough, the route is there 

    ------

    router-peering.inet.0: 10668 destinations, 10674 routes (10668 active, 0 holddown, 0 hidden)

    + = Active Route, - = Last Active, * = Both

     

    123.0.0.1/32  *[Direct/0] 10:15:10

                        > via lo0.0

    ------

     

    The configuration of my loopback interface is fairly straightforward:

    ----

    unit 0 {

       description LO-MGMNT;

       family inet {

           no-redirects;

           filter {

              input-list [ accept-common-services ... discard-all ];

           }

           address 123.0.0.0.1/32 {

              primary;

              preferred;

          }

          address 127.0.0.1/32;

    }

     

    ----

     

    Clearly I have misunderstood something here. Thoughts anyone?

     

    Thanks!



  • 2.  RE: Loopback and Routing Instances - Ping returns different source

    Posted 12-09-2012 07:46

    Hi,

     

    As a loopback is made for answering on each interface (of the vrf, the master in your case as th lo0 seems to be on your master vrf) and as the VRF avoid the loopback to be joinable from the other VRF internally, I understand that he packet goes out to look for the Lo0, I don't really understand what is the problem then... 



  • 3.  RE: Loopback and Routing Instances - Ping returns different source

    Posted 12-09-2012 22:42

    The loopback is indeed in the master instance.

     

    I don't quite understand the logic here. If an ICMP echo request is forwarded from one of the other routing instances to the master instance for lo0.0 and is actually getting to the interface on the RE, why is it that the source is being rewritten with the egress IP instead of the interface on which it was received?

     

    Perhaps if this is the wrong approach, what would be the best way to have a single management interface that is visible from all routing instances where pings come from the interface to which they were sent?



  • 4.  RE: Loopback and Routing Instances - Ping returns different source

    Posted 12-10-2012 02:44

    Exactly the same behaviour as http://forums.juniper.net/t5/Routing/Loopback-interface-and-rib-groups/td-p/135127

     

    I was able to resolve it in the same way. One loopback interface in each routing instance with the same IP.

     

    I'm curious to know why this is the case however?



  • 5.  RE: Loopback and Routing Instances - Ping returns different source
    Best Answer

    Posted 12-10-2012 13:38

    Hey there,

     

     I would say this is expected because if there isn't a loopback interface in a routing-instance, then the egress interfaces's IP would have to be used for any outgoing packet, even if default-address-selection is configured.

     

     Keep in mind that once you configure a lo0.X interface for a routing instance, you have to put the input firewall filter for the lo0.0 (if any) to all those units.

     

    Cheers,



  • 6.  RE: Loopback and Routing Instances - Ping returns different source

    Posted 12-11-2012 16:05

    Thanks for the advice erdems.

     

    I did try default-address-selection and as you say, this still resulted in the egress interface being used.

     

    I managed to resolve this by having a loopback per routing instance. Becuase they're all the same config and have a little more config than just an IP to account for firewall filters, I've ended up storing all of the loopback config in a group and then use apply-groups to each one.

     

    Works well!