Routing
Highlighted
Routing

IRB on a logical-system MX960

‎09-17-2020 10:20 AM

Hello, I am having some trouble setting up the vlan part of a BGP setup on a MX960 in a logical-systems. 

Overview of what I'm trying to do.  I am passing an external BGP connection through a EX switch via a vlan which is handed off to a Cisco router for testing.  So the BGP peers are the MX960 and the Cisco router.  I am trying to pass only the /29 IP assigned to the interface facing the Cisco to the Cisco as a route and only import the /24 route on the Cisco into the MX960.  When I set this up outside a logical system all the communication worked but the Cisco router was getting alot of routes.  So I decided to try and build its setup in a logical system to limit the routes.  But now I'm having a hard time getting the vlan and IP setup on the interface. 

Here is the logical system i have setup.  I have removed all the public IPs and put in fake internal ones since this is a public forum.

set groups 000001-BGP-TEST1 logical-systems BGP-TEST interfaces xe-0/0/3 unit 0 family inet address 172.16.20.1/29  **removed in the below**
set groups 000001-BGP-TEST1 logical-systems BGP-TEST interfaces xe-0/0/3 unit 0 family bridge interface-mode trunk
set groups 000001-BGP-TEST1 logical-systems BGP-TEST interfaces xe-0/0/3 unit 0 family bridge vlan-id-list 300
set groups 000001-BGP-TEST1 logical-systems BGP-TEST protocols bgp group Customer-BGP type external
set groups 000001-BGP-TEST1 logical-systems BGP-TEST protocols bgp group Customer-BGP local-address 172.16.20.1
set groups 000001-BGP-TEST1 logical-systems BGP-TEST protocols bgp group Customer-BGP import BGP-CUSTOMER-PUBLICIPs
set groups 000001-BGP-TEST1 logical-systems BGP-TEST protocols bgp group Customer-BGP peer-as 65536
set groups 000001-BGP-TEST1 logical-systems BGP-TEST protocols bgp group Customer-BGP neighbor 172.16.20.2
set groups 000001-BGP-TEST1 logical-systems BGP-TEST policy-options policy-statement BGP-CUSTOMER-PUBLICIPs term CUSTOMER-PREFIXES from route-filter 244.10.10.0/24 upto /24
set groups 000001-BGP-TEST1 logical-systems BGP-TEST policy-options policy-statement BGP-CUSTOMER-PUBLICIPs term CUSTOMER-PREFIXES then local-preference add 100
set groups 000001-BGP-TEST1 logical-systems BGP-TEST policy-options policy-statement BGP-CUSTOMER-PUBLICIPs term CUSTOMER-PREFIXES then community add CUSTOMER
set groups 000001-BGP-TEST1 logical-systems BGP-TEST policy-options policy-statement BGP-CUSTOMER-PUBLICIPs term CUSTOMER-PREFIXES then next-hop self
set groups 000001-BGP-TEST1 logical-systems BGP-TEST policy-options policy-statement BGP-CUSTOMER-PUBLICIPs term CUSTOMER-PREFIXES then accept
set groups 000001-BGP-TEST1 logical-systems BGP-TEST policy-options policy-statement BGP-CUSTOMER-PUBLICIPs term BLACKHOLE from community blackhole
set groups 000001-BGP-TEST1 logical-systems BGP-TEST policy-options policy-statement BGP-CUSTOMER-PUBLICIPs term BLACKHOLE from route-filter 244.10.10.0/24 prefix-length-range /32-/32
set groups 000001-BGP-TEST1 logical-systems BGP-TEST policy-options policy-statement BGP-CUSTOMER-PUBLICIPs term BLACKHOLE then community add CUSTOMER
set groups 000001-BGP-TEST1 logical-systems BGP-TEST policy-options policy-statement BGP-CUSTOMER-PUBLICIPs term BLACKHOLE then next-hop self
set groups 000001-BGP-TEST1 logical-systems BGP-TEST policy-options policy-statement BGP-CUSTOMER-PUBLICIPs term BLACKHOLE then accept
set groups 000001-BGP-TEST1 logical-systems BGP-TEST policy-options policy-statement BGP-CUSTOMER-PUBLICIPs term reject-all then reject
set groups 000001-BGP-TEST1 logical-systems BGP-TEST policy-options community CUSTOMER members origin:65536L:1

The above complained about family issues between inet and bridge so I've tried building this

 

[edit groups 000001-BGP-TEST1 logical-systems BGP-TEST interfaces xe-0/0/3 unit 0]
- family inet {
- address172.16.20.1/29;
- }
[edit groups 000001-BGP-TEST1 logical-systems BGP-TEST interfaces]
+ irb {
+ unit 0 {
+ family inet {
+ address 172.16.20.1/29;
+ }
+ }
+ }
[edit groups 000001-BGP-TEST1 logical-systems BGP-TEST]
+ bridge-domains {
+ test {
+ vlan-id-list 300;
+ }
+ }
[edit]
+ apply-groups 000001-BGP-TEST1;

[edit groups 000001-BGP-TEST1 logical-systems BGP-TEST]
+ routing-options {
+ router-id 172.16.20.1;
+ autonomous-system 33666;
+ }
+ bridge-domains {
+ test {
+ vlan-id-list 300;
+ }
+ }

 

Anything I'm missing or issues I'll run into? 

1 REPLY 1
Highlighted
Routing

Re: IRB on a logical-system MX960

a month ago

Several pieces of critical information is missing from this description of your setup. So I'm going with the following layout:
(Cisco router) == (Juniper EX switch) == (MX960)

 

Your description of a vlan gives the impression that you have a tagged vlan passing through that needs to be used on the MX960. In order to accomplish this you simply need to configure the physical port in your main instance, then create a sub-interface (unit) within your logical-system:

 

 

set interfaces xe-0/0/3 flexible-vlan-tagging
set interfaces xe-0/0/3 mtu 9192
set interfaces xe-0/0/3 encapsulation flexible-ethernet-services

 


I would recommend not building your config via a bunch of group commands. This is unnecessarily cumbersome and bad practice; as such my examples will not include any type of group configs where unnecessary.

 

set logical-systems BGP-TEST interfaces xe-0/0/3 unit 300 vlan-id 300
set logical-systems BGP-TEST interfaces xe-0/0/3 unit 300 family inet address 172.16.20.1/29

 

 

For logical systems, you simply need to insert the term "logical-systems <LS Name>" after the set keyword. Just about everything else is identical to working with the native system.

 

My last piece of advice when it comes to BGP. Don't use assigned ASNs for your testing; instead use one of the reserved private ranges. Get your BGP connection up fi, then worry about creating policy-statements. When it comes to your description of your bgp goal, you described one setup, but are showing a more complicated configuration involving communities as part of both your set and matching criteria. In regards to what ranges to use, please stick to normal ranges, the 244.10.10.0/24 range is part of a reserved for future use restricted block, which will often cause problems. If you're not sure what ranges to consider using, stick to RFC 1918 when doing lab work. Furthermore, if the block you are trying to restrict to is a /24 and only as a /24, then use the keyword "exact" instead of "upto". Next, don't use a "next-hop self" on an import policy; this should only be used on an export policy.

Feedback