SRX with BGP isn´t forwarding traffic.

last person joined: yesterday

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.

Back to discussions

Expand all | Collapse all

SRX with BGP isn´t forwarding traffic.

Jump to Best Answer

1. SRX with BGP isn´t forwarding traffic.

0 Recommend
Erdem
Posted 04-01-2015 16:15

Reply Reply Privately
hi, i configured a srx with two peers, one as primary link an another link as the backup, and a public segment
189.202.255.136/29, i advertise this segment to my peers, but it dosent forwarding traffic, and my segment in the show route has as the next hop the same interface on the configured segment, any body have an idea?.
I share my configuration.
thanks
Regards.
interfaces {
ge-0/0/0 {
description ENLACE_WAN;
speed 100m;
link-mode full-duplex;
gigether-options {
no-auto-negotiation;
}
unit 0 {
family inet {
address 189.202.254.109/30;
}
}
}
ge-0/0/1 {
description ENLACE_WAN;
speed 100m;
link-mode full-duplex;
gigether-options {
no-auto-negotiation;
}
unit 0 {
family inet {
address 189.202.254.113/30;
}
}
}
fe-0/0/7 {
description ENLACE_LAN;
speed 100m;
link-mode full-duplex;
fastether-options {
no-auto-negotiation;
}
unit 0 {
family inet {
address 189.202.255.137/29;
}
}
}
lo0 {
unit 0 {
family inet {
filter {
input ntp;
}
address 127.0.0.1/32;
}
}
}
}
routing-options {
router-id 189.202.254.109;
autonomous-system 65100;
}
protocols {
bgp {
group SUMIDA_PRI {
type external;
local-preference 100;
local-address 189.202.254.109;
export SUMIDA_OUT;
peer-as 18734;
neighbor 189.202.254.110;
}
group SUMIDA_RESP {
type external;
local-preference 90;
local-address 189.202.254.113;
export SUMIDA_OUT;
peer-as 18734;
neighbor 189.202.254.114;
}
}
}
policy-statement SUMIDA_OUT {
from {
protocol direct;
route-filter 189.202.255.136/29 exact accept;
}
}
community SUMIDA100 members 65100:100;
community SUMIDA90 members 65100:90;
}
security {
flow {
traceoptions {
file DebugTraffic;
flag basic-datapath;
packet-filter MatchTraffic {
source-prefix 0.0.0.0/0;
destination-prefix 189.202.255.138/32;
}
}
}
screen {
ids-option untrust-screen {
icmp {
ping-death;
}
ip {
source-route-option;
tear-drop;
}
tcp {
syn-flood {
alarm-threshold 1024;
attack-threshold 200;
source-threshold 1024;
destination-threshold 2048;
timeout 20;
}
land;
}
}
}
policies {
from-zone trust to-zone untrust {
policy trust-to-untrust {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
from-zone untrust to-zone trust {
policy untrust-trust {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
from-zone trust to-zone trust {
policy any {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
}
zones {
security-zone trust {
host-inbound-traffic {
system-services {
all;
}
protocols {
all;
}
}
interfaces {
fe-0/0/7.0;
}
}
security-zone untrust {
screen untrust-screen;
host-inbound-traffic {
system-services {
all;
}
protocols {
all;
}
}
interfaces {
ge-0/0/0.0;
ge-0/0/1.0;
}
}
security-zone blockntp {
interfaces {
lo0.0;
}
}
}
}
firewall {
filter ntp {
term 2 {
from {
protocol udp;
port ntp;
}
then {
discard;
}
}
term 3 {
then accept;
}
}
}
2. RE: SRX with BGP isn´t forwarding traffic.

0 Recommend
Erdem
Posted 04-01-2015 16:29

Reply Reply Privately
as you can see thi is the output:
juniper@SumidaComponets> show route 0/0

inet.0: 8 destinations, 9 routes (7 active, 0 holddown, 1 hidden)
+ = Active Route, - = Last Active, * = Both

0.0.0.0/0 *[BGP/170] 01:11:01, localpref 100
AS path: 18734 701 I
> to 189.202.254.110 via ge-0/0/0.0
[BGP/170] 01:10:57, localpref 100
AS path: 18734 701 I
> to 189.202.254.114 via ge-0/0/1.0
189.202.254.108/30 *[Direct/0] 04:54:16
> via ge-0/0/0.0
189.202.254.109/32 *[Local/0] 04:54:27
Local via ge-0/0/0.0
189.202.254.112/30 *[Direct/0] 04:54:19
> via ge-0/0/1.0
189.202.254.113/32 *[Local/0] 04:54:27
Local via ge-0/0/1.0
189.202.255.136/29 *[Direct/0] 00:39:50
> via fe-0/0/7.0
189.202.255.137/32 *[Local/0] 04:54:27
Local via fe-0/0/7.0

on the las two routes the local must be ge-0/0/0 not fe-0/0/7, i have a computer conected to the fe07 with the ip 189.202.255.138 unable to go out to the internet.
3. RE: SRX with BGP isn´t forwarding traffic.

0 Recommend
Erdem
Posted 04-01-2015 20:51

Reply Reply Privately
Hi,

The interface fe-0/0/7 is configured with a /29 hence the show route is shown as local to fe-0/0/;7.

ge-0/0/0 is configured witha /30.

I am not sure what you mean?

Regards,
C_R
Please Mark My Solution Accepted if it Helped, Kudos are Appreciated Too
4. RE: SRX with BGP isn´t forwarding traffic.
Best Answer

0 Recommend
Erdem
Posted 04-07-2015 22:29

Reply Reply Privately
i find the solution, a policy was bloking my segment in the PE,
thanks

SRX

SRX with BGP isn´t forwarding traffic.

Erdem04-01-2015 16:15

Erdem04-01-2015 16:29

Erdem04-01-2015 20:51

Erdem04-07-2015 22:29Best Answer

1. SRX with BGP isn´t forwarding traffic.

2. RE: SRX with BGP isn´t forwarding traffic.

3. RE: SRX with BGP isn´t forwarding traffic.

4. RE: SRX with BGP isn´t forwarding traffic. Best Answer

4. RE: SRX with BGP isn´t forwarding traffic.
Best Answer