hi, i configured a srx with two peers, one as primary link an another link as the backup, and a public segment
189.202.255.136/29, i advertise this segment to my peers, but it dosent forwarding traffic, and my segment in the show route has as the next hop the same interface on the configured segment, any body have an idea?.
I share my configuration.
thanks
Regards.
interfaces {
ge-0/0/0 {
description ENLACE_WAN;
speed 100m;
link-mode full-duplex;
gigether-options {
no-auto-negotiation;
}
unit 0 {
family inet {
address 189.202.254.109/30;
}
}
}
ge-0/0/1 {
description ENLACE_WAN;
speed 100m;
link-mode full-duplex;
gigether-options {
no-auto-negotiation;
}
unit 0 {
family inet {
address 189.202.254.113/30;
}
}
}
fe-0/0/7 {
description ENLACE_LAN;
speed 100m;
link-mode full-duplex;
fastether-options {
no-auto-negotiation;
}
unit 0 {
family inet {
address 189.202.255.137/29;
}
}
}
lo0 {
unit 0 {
family inet {
filter {
input ntp;
}
address 127.0.0.1/32;
}
}
}
}
routing-options {
router-id 189.202.254.109;
autonomous-system 65100;
}
protocols {
bgp {
group SUMIDA_PRI {
type external;
local-preference 100;
local-address 189.202.254.109;
export SUMIDA_OUT;
peer-as 18734;
neighbor 189.202.254.110;
}
group SUMIDA_RESP {
type external;
local-preference 90;
local-address 189.202.254.113;
export SUMIDA_OUT;
peer-as 18734;
neighbor 189.202.254.114;
}
}
}
policy-statement SUMIDA_OUT {
from {
protocol direct;
route-filter 189.202.255.136/29 exact accept;
}
}
community SUMIDA100 members 65100:100;
community SUMIDA90 members 65100:90;
}
security {
flow {
traceoptions {
file DebugTraffic;
flag basic-datapath;
packet-filter MatchTraffic {
source-prefix 0.0.0.0/0;
destination-prefix 189.202.255.138/32;
}
}
}
screen {
ids-option untrust-screen {
icmp {
ping-death;
}
ip {
source-route-option;
tear-drop;
}
tcp {
syn-flood {
alarm-threshold 1024;
attack-threshold 200;
source-threshold 1024;
destination-threshold 2048;
timeout 20;
}
land;
}
}
}
policies {
from-zone trust to-zone untrust {
policy trust-to-untrust {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
from-zone untrust to-zone trust {
policy untrust-trust {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
from-zone trust to-zone trust {
policy any {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
}
zones {
security-zone trust {
host-inbound-traffic {
system-services {
all;
}
protocols {
all;
}
}
interfaces {
fe-0/0/7.0;
}
}
security-zone untrust {
screen untrust-screen;
host-inbound-traffic {
system-services {
all;
}
protocols {
all;
}
}
interfaces {
ge-0/0/0.0;
ge-0/0/1.0;
}
}
security-zone blockntp {
interfaces {
lo0.0;
}
}
}
}
firewall {
filter ntp {
term 2 {
from {
protocol udp;
port ntp;
}
then {
discard;
}
}
term 3 {
then accept;
}
}
}