SRX

Hello everyone,

I would just like to ask for some ideas why our BGP configuration is not working when I put it in a routing-instance as virtual router.

 I refered to this example for the config: http://www.juniper.net/documentation/en_US/junos12.3/topics/example/virtual-router-srx-use-case-edu-configuring.html

For now, I have tried to configure BGP without routing-instance and it works well (I can ping the neighbor gateway). When I try to put it in a virtual router, I could not ping the neighbor gateway. 

Normally, when I put the command show bgp summary, it shows that the peer connection was established but I cannot ping the peer itself. 

To give you an example of the config, please refer to these:

root@SRX-A# show routing-instances VR-BGP
instance-type virtual-router;
interface reth3.0;
routing-options {
interface-routes {
rib-group inet ISP-ROUTING;
}
router-id 210.4.100.134;
autonomous-system 134434;
}
protocols {
bgp {
log-updown;
group BGP3 {
type external;
neighbor 210.4.100.133 {
export bgp3-redistributes;
peer-as 17639;
}
}
}
}

root@SRX-A# show policy-options
policy-statement bgp3-redistributes {
term sourced-bgp3-network {
from {
route-filter 103.193.165.0/24 exact;
}
then accept;
}
term from-bgp3 {
from protocol bgp;
then next policy;
}
term bgp3-implicit-deny {
then reject;
}
}

Additional information:

-Our SRXs are configured in HA cluster, which is why reth3.0 was used

-I have configured rib-groups which is important when we have multiple routing instance

-This is only on a test environment and not yet in production

Any input from you guys will be great help. 

Thanks!

Regards,

Ernel

I don't see any interfaces assigned to the virtual router.  Is the interface where the peer needs to connect assigned to VR-BGP?

Hi Ernel,

Since the BGP and the interface are in the virtual-router, the ping shuld also be initiated from the VR:

> ping 210.4.100.133 instance VR-BGP

If it doesn't work from the VR, then please check ARP table and routing table to make sure the Direct route is present.

If you want to ping it from inet.0, make sure the Direct route got imported to inet.0.

A ">show route 210.4.100.133" output would be helpful to troubleshoot this further.

Regards,

Srinath

Hi,

Could you elaborate on the rib-group and which tables you are sharing the interface-routes with.

I assume since this is eBGP config and the BGP neighbor is Up under the VR instance, there is a direct route for the BGP peer in VR-BGP routing-table.

"show bgp neighbor x.x.x.x" would indicate the local address / interface.

From which instance are you running the ping?

Cheers,

Ashvin

Srineth,

Wow I didn't know that you need to ping through the routing instance. I guess that answers why.

Thank you guys! I never knew it was that simple.