Junos
Highlighted
Junos

Possible Bug JunOS 13.3R6.5

‎07-13-2015 11:07 AM
We have a logical system called gre-ddos-router.

In this logical system are three routing instances:
inet.0 - default
cleaned-traffic
tunneled-traffic

This is used to facilitate dual-ads site traffic.
inet.0 bgp traffic tagged with community <ASN>:1234 should be imported into cleaned-traffic.
Without this, the default action is to route traffic to the other city over a gre tunnel.

A policy facilitates this:

mx480> show configuration logical-systems gre-ddos-router routing-options rib-groups
import-physical {
    import-rib [ inet.0 cleaned-traffic.inet.0 tunneled-traffic.inet.0 ];
}
gre-ddos-to-clean {
    import-rib [ inet.0 cleaned-traffic.inet.0 ];
    import-policy gre-customers;
}

###Import-physical is interface routes

mx480> show configuration logical-systems gre-ddos-router routing-options interface-routes
rib-group inet import-physical;

gre-ddos-to-clean is BGP customer routes into the clean routing-instance (that routing instance defaults to the other city, unless it knows about a local route via inet.0)

mx480> show configuration logical-systems gre-ddos-router protocols bgp
family inet {
    unicast {
        rib-group gre-ddos-to-clean;
    }
}
### <SNIP>###

This is the policy that imports from inet.0 BGP to the routing instance cleaned-traffic:


mx480> ...ystems gre-ddos-router policy-options policy-statement gre-customers

term gre-ddos {
    from {
        protocol bgp;
        community gre-ddos;

    }
    then accept;
}
term reject {
    then reject;

mx480> ...al-systems gre-ddos-router routing-instances cleaned-traffic
instance-type forwarding;
routing-options {
    static {
        route 0.0.0.0/0 next-hop 192.168.76.6;
    }
}


The cleaned traffic instance default routes to 192.168.76.6, which is the other city.
Thats all it has minus it's imported interface routes and bgp routes.

Every now and then, a customer advertises a new bgp route that has the community set of <ASN>:1234.
This usually works, but sometimes it doesnt.  The gre-ddos-to-clean should import that route into cleaned-traffic.  It does not.

Essentially:
show route logical-system gre-ddos-router table cleaned-traffic.inet.0 community <ASN>:1234 protocol bgp
show route logical-system gre-ddos-router table inet.0 community <ASN>:1234 protocol bgp
 
^ the output of this command *should* be identical.  The rib groups take care of that.

This gets out of sync for some reason, and the rib group doesn't appear to do it's job.  The inet.0 <ASN>:1234 routes are *not* imported into cleaned-traffic like they should be.

The fix:
deactivate the routing instance cleaned traffic
commit
reactive

^ then, it imports.

That fixes it every time.  This maybe a bug.
 
5 REPLIES 5
Highlighted
Junos

Re: Possible Bug JunOS 13.3R6.5

‎07-13-2015 11:22 AM

Wat this working on another version of Junos ? or is this e new depoyment on that code ? 

Please Mark My Solution Accepted if it Helped, Kudos are Appreciated Too
Highlighted
Junos

Re: Possible Bug JunOS 13.3R6.5

‎07-13-2015 02:18 PM

We were using 12.3 junos and it worked perfectly. We just recently upgraded the code to add specific features and this is what broke in the process.

 

Thus we're seeing if this is a bug or do we need to change something?

Highlighted
Junos

Re: Possible Bug JunOS 13.3R6.5

‎07-15-2015 10:20 AM

Hi.

I found the next PR PR1093317. I think, it is related with your issue.

The workaround is use commit full. The final solution use Junos 15.1R2.

 

Best regards.

Mario Perez
JNCIE-SP, JNCIP-ENT, JNCIP-SEC
Sales Advisor.
Technical Master.
Champions Ingenius.
Highlighted
Junos

Re: Possible Bug JunOS 13.3R6.5

‎07-15-2015 11:23 AM

What is - PR PR1093317. how do I review the PR?

Highlighted
Junos

Re: Possible Bug JunOS 13.3R6.5

‎07-15-2015 01:13 PM

Hi,

 

PR is meaning a problem report. You can find the details about the specific PR in the below url

 

https://prsearch.juniper.net/InfoCenter/index?page=prcontent&id=PR1093317

Marc



-----------------------------------------------------------------
Please Mark My Solution Accepted if it Helped, Kudos are Appreciated Too
-----------------------------------------------------------------
Feedback