Hello all,
I'm having an issue with a virtual router and I think BGP might be interfering with the route but I'm not sure. I did not originally set up the SRX240 so much of this programming was already in place. I have only basic knowledge on how BGP works. It was my understanding that static routes have a higher priority metric so I'm not sure how this isn't working unless I missed something simple.
We have two ISPs. I have ISP1 plugged into ge-0/0/0 with a WAN address along with ge-0/0/1 & ge-0/0/2 plugged into our redundant firewalls using our main block of /26 public IP addresses. We recently added ISP2 plugged into ge-0/0/4 with a WAN address and ge-0/0/5 & ge-0/0/6 going to our redundant firewalls and a block of /26 addresses from them.
ISP1 uses BGP back to the provider for its routes. ISP2 uses a standard default route. I created a VR for ISP2 and set the ISP's default gateway.
When I plug my laptop into ge-0/0/5 with a public IP address from our /26 block I am able to ping interface ge-0/0/4 but I'm not able to reach ISP2's default gateway or anything beyond that. Below are some programming excerpts from the Juniper. If additional info is needed please let me know. Thank you.
routing-instances {
isp2 {
instance-type virtual-router;
interface ge-0/0/4.0;
interface vlan.1001;
routing-options {
static {
route 0.0.0.0/0 next-hop 216.25.x.x;
}
}
}
}
Interfaces ge-0/0/5 & ge-0/0/6 are in vlan 1001 that has an IP address from the /26 block
vlan {
unit 1001 {
description isp2-to-fw;
family inet {
address 216.138.x.x/xx;
}
}
}
vlans {
isp2-to-fw {
description isp2-to-fw;
vlan-id 1001;
l3-interface vlan.1001;
}
}
Here are the BGP/routing-options programming but again I didn't program this and have basic knowledge about it:
protocols {
bgp {
group external-peers {
type external;
local-address 4.30.x.x;
export bgp-transit-export;
peer-as 33xx;
local-as 10xx;
neighbor 4.30.x.x;
}
}
stp;
}
policy-options {
prefix-list manager-ip {
4.30.x.x/xx;
}
policy-statement bgp-transit-export {
term 1 {
from {
protocol direct;
route-filter 4.34.x.x/xx exact;
}
then accept;
}
}
}
routing-options {
interface-routes {
family inet {
export {
point-to-point;
lan;
}
}
}
router-id 192.168.1.2;
autonomous-system 10xx;
multicast {
interface ge-0/0/0 {
maximum-bandwidth;
}
}
}