Quantcast
Channel: All Routing posts
Viewing all 8688 articles
Browse latest View live

error message after typing "commit check" in MX

November 16, 2016, 4:46 pm
$
0
0

Hi After typing command "commit check" i got the below error message. and the bottom are its config. Anyone can explain it? Thank you

 

AC0# commit check
re0:
[edit routing-instances WSN]
'protocols'
Protocol bgp not allowed under non-forwarding (0x8) instance WN
error: configuration check-out failed

{master}[edit]

 

set routing-instances WN protocols bgp group VV6 type external
set routing-instances WN protocols bgp group VV6 neighbor 2081:4828:f08f:482:f80:11:0:2 description "eBGP peer NY IPV6"
set routing-instances WN protocols bgp group VV6 local-address 2081:4828:f08f:482:f80:11:0:1
set routing-instances WN protocols bgp group VV6 import RG_IMPORT_POLICY_VCE_V6
set routing-instances WN protocols bgp group VV6 family inet6 unicast
set routing-instances WN protocols bgp group VV6 export RG_EXPORT_POLICY_VCE_V6
set routing-instances WN protocols bgp group VV6 remove-private
set routing-instances WN protocols bgp group VV6 peer-as 255
set routing-instances WN interface ge-1/0/1.6

Search

Re: error message after typing "commit check" in MX

November 16, 2016, 4:53 pm
$
0
0

Hi eesunj,

 

Please try "instance-type virtual-router" instead of "instance-type forwarding" to be able to support routing protocols.

Then the commit should work.

Re: error message after typing "commit check" in MX

November 17, 2016, 12:55 am

Re: MX route table size

November 17, 2016, 12:39 pm
$
0
0

Hello mueller,

 

Can you share where you found this information?

 

Regards.

Re: MX route table size

November 17, 2016, 6:45 pm
$
0
0

Hi , this depends on configuration , and linecards you are using.

MPC 1, MPC2  - 5M 

MPC2-NG, MPC3-NG, MPC5 - 10M 

 

Fib size for small MXs was in previous messages. 

 

Also , fib size depends on your configuration. (indirect-nexthop, composite-nexthop, what is set in network-services) and other ....

Re: Using EX3400 as a Router

November 17, 2016, 11:29 pm
$
0
0

Based on the specs of the 3400 and your requirements, it seems like this is the right switch. if you are not looking for advanced security features such as zonebased firewalling, UTM etc, then the switch is perfect for yoru environment. I have not heard any complaints about this switch yet so it seems pretty rock solid and stable so far.

Re: Source Based - Routing

November 18, 2016, 9:19 am
$
0
0

unit 125 {
vlan-id 125;
family inet {
filter {
    input Content_Filter;
  }
    address 10.154.25.1/24;
  }
}

 

routing-options {
interface-routes {
rib-group inet Content_Filter;
}
static {

route 0.0.0.0/0 next-hop 10.154.0.74;

}

}
rib-groups {
Content_Filter {
import-rib [ inet.0 Content_Filter.inet.0 ];
}
}
}

 

firewall {
    family inet {
       filter Content_Filter {
         term 0 {
            from {
              source-address {
                 10.154.25.0/24;
              }
          }
then {
           routing-instance Content_Filter_Instance;
         }
}
   term 1 {
     then accept;
   }
  }
  }
 }

 

routing-instances {
  Content_Filter_Instance {
    instance-type forwarding;
     routing-options {
  static {
     route 0.0.0.0/0 next-hop 10.154.2.19;
   }
}
}
}

 

After made that change PC is not able to reach the gateway or any server

eBGP policy and ACL in interface

November 18, 2016, 12:35 pm
$
0
0

Hi Anyone can answer the question? Two routers (RouterA and B) have eBGP connection. RouterA sends the routes 10.0.0.0 and 20.0.0.0 to routerB. The routerB’ interface allow 10.0.0.0 in and routerB’ eBGP allow 20.0.0.0 in. My question is which route can come into the routerB? Thank you

Search

Re: Source Based - Routing

November 18, 2016, 11:14 am
$
0
0

import-rib [ inet.0 Content_Filter.inet.0]

You need the correct routing instance name. Modify the import-rib statement like this

[inet.0 Content_Filter_Instance. inet.0]

DHCP Relay Not Working for Subscriber Management- MX80 BRAS/BNG !

November 18, 2016, 7:13 pm
$
0
0

I am trying to configure on MX80 BNG DHCP Relay for IPoE Subscribers ( transported via MPLS L2 VPN to the BNG).

 

Psuedowire Subscriber Interface Solution is being used for MPLS Access ( "ps" interfaces ps113.0). Subscriber Management with Service VLAN Model is being used.

 

The DHCP Relay is stuck in "Selecting" State and the IP Address released by the DHCP Server is not being passed to the Client from MX80.

 

192.168.1.37 IP is being released from DHCP Server but stuck in Selecting State on MX80.

 

*********************************************************************************************************************************************

Nov 19 05:18:40.852554 Auth request reply SUCCESS
Nov 19 05:18:40.855717 rc_entry_sus_find_ipaddr: TYPE 0 for IP ADDR 192.168.1.1 in routing context LR default/RI default
Nov 19 05:18:40.855764 Entry w/ ref_count 2 found when searching 'subunit by ip-addr' for IP ADDR 192.168.1.1 in routing context LR default/RI default
Nov 19 05:18:40.858997 Updated SDB with client IP addr 192.168.1.37, in state RELAY_STATE_SELECTING
Nov 19 05:18:40.927905 Demux IFL has session ID 1828
Nov 19 05:18:40.927974 jdhcpd_iflm_handler - demux0.1073742903 (ifindx 349) has underlying interface of ps113.1073742902 (ifindx 347)
Nov 19 05:18:40.928086 iff-event demux0.1073742903, oper add, state up, ifl_index 349, dev_index 128, af 2(INET)
Nov 19 05:18:40.928137 jdhcpd_iffm_handler_idl: RtrCtx: LS:default, RI:default, BD:, AF:INET; IS configured
Nov 19 05:18:40.928174 jdhcpd_ip_demux_get_cfg: demux0.1073742903 successfully inherited its INET dhcp_type(0) from its underlying ps113.1073742902 INET safd in LSRI default:default
Nov 19 05:18:40.928211 jdhcpd_iffm_handler_idl: (Status=2) Could not find bd index tlv - wait for IFBD iff(demux0) msg for ifl(demux0)
Nov 19 05:18:40.928249 Composing intf name: full_ifname = demux0.0, sizeof(full_ifname) = 60, underlying_ifd->dev_name = ps113, su_stack->ifd_ptr->dev_name = demux0, found AUTOCONF
Nov 19 05:18:40.928282 jdhcpd_interface_config_find_in_rc: if_name demux0.0, rc default:default: (0x1c11000), flags 0xa0040d
Nov 19 05:18:40.928315 jdhcpd_interface_config_find_in_rc: grp_name GPON
Nov 19 05:18:40.928348 Interface 'demux0.0' not found
Nov 19 05:18:40.928380 inteface demux0.0 DID NOT find cfg
Nov 19 05:18:41.001023 Got profile instantiate reply 0 in RELAY_STATE_WAIT_PROF_INST, updating SDB with client session state 1, session Id 1828
Nov 19 05:18:41.001062 jdhcpd_session_db_client_session_state_set: setting session state 1
Nov 19 05:18:41.001129 jdhcpd_session_db_client_session_state_set: setting action bits to 3, config-bits:0x3 0 0 0 0 0
Nov 19 05:18:41.004559 profile instantiate reply SUCCESS
Nov 19 05:18:41.004606 Relay Client got new interface demux0.1073742903, unit stack 0x1f6d200 INET safd 0x1f6d400
Nov 19 05:18:41.004640 Relay Client gonna go wait for the interface
Nov 19 05:18:43.580195 unexpected event received 2 from state RELAY_STATE_WAIT_INTERFACE
Nov 19 05:18:46.581353 unexpected event received 2 from state RELAY_STATE_WAIT_INTERFACE
Nov 19 05:18:49.580972 unexpected event received 2 from state RELAY_STATE_WAIT_INTERFACE
Nov 19 05:19:03.146792 unexpected event received 1 from state RELAY_STATE_WAIT_INTERFACE

 

***********************************************************************************************************************************************

 

Note- The same Client is able to successfully obtain the IP Address via MX 80 DHCP Relay in normal MPLS L2 VPN setup without using Subscriber Managerment Solution.

 

Attached are the configuration and DHCP traceoptions logs. If anyone has any pointers. Got stuck now and could not find much information anywhere.

Re: eBGP policy and ACL in interface

November 19, 2016, 5:59 am
$
0
0

I'm not sure that I understand the question.  I think you are asking that if we have an ACL on an interface for blocking traffic, will that ACL have any affect on the ability of the eBGP peer to receive a route prefix of the same subnet from a neighbor.

 

This answer would be the ACL will NOT block the advertisement but would block the actual traffic.

 

to block the advertisement you would need to change the import policy on the recieving peer or the export policy on the sending peer.

Re: Does adding node-link protection cause LSP to flap?

November 20, 2016, 11:12 am
$
0
0

Hi,

 

To be precise, the flap can be avoided if the LSP is configured as 'adaptive' :

set protocols mpls label-switched-path xxx adaptive

Although a new rsvp session is created, this happens in a make-before-break mode, hence the LSP does not flap.

 

Cheers,

Ashvin

Problem with CBF

November 21, 2016, 1:22 am
$
0
0

Hello!

I’m having problem with CBF and multipath.

Traffic with destination to 10.10.10.0/24 and dscp af need must use LSP  r1-to-r3-af for forwarding

Traffic with destination to 20.20.20.0/24 and dscp be need must use LSP  r1-to-r3-be for forwarding

All other traffic should be balanced between LSP’s

 

With disabled multipath all work correctly

show route 10.10.10.10/24

10.10.10.0/24      *[BGP/170] 01:26:03, localpref 100, from 2.2.2.2

                      AS path: 65002 I, validation-state: unverified

                  > to 10.0.12.2 via lt-0/0/0.102, label-switched-path r1-to-r3

                     to 10.0.12.2 via lt-0/0/0.102, label-switched-path r1-to-r3-af

                      to 10.0.12.2 via lt-0/0/0.102, label-switched-path r1-to-r3-be

ping logical-system C1-1 10.10.10.10 count 10 rapid tos 40

show mpls lsp statistics

Ingress LSP: 5 sessions

To              From            State     Packets            Bytes LSPname

2.2.2.2         1.1.1.1         Up              0                0 r1-to-r2

3.3.3.3         1.1.1.1         Up             0               0 r1-to-r3

3.3.3.3         1.1.1.1         Up             10              840 r1-to-r3-af

3.3.3.3         1.1.1.1         Up             0                0 r1-to-r3-be

4.4.4.4         1.1.1.1         Up              0                0 r1-to-r4

 

 

With multipath active, all traffic is transmitted through LSP r1-to-r4

show route 10.10.10.10

10.10.10.0/24      *[BGP/170] 01:59:15, localpref 100, from 2.2.2.2

                      AS path: 65002 I, validation-state: unverified

                      to 10.0.12.2 via lt-0/0/0.102, label-switched-path r1-to-r3

                      to 10.0.12.2 via lt-0/0/0.102, label-switched-path r1-to-r3-af

                      to 10.0.12.2 via lt-0/0/0.102, label-switched-path r1-to-r3-be

                    > to 10.0.13.3 via lt-0/0/0.103, label-switched-path r1-to-r4

ping logical-system C1-1 10.10.10.10 count 10 rapid tos 40

show mpls lsp statistics

Ingress LSP: 5 sessions

To              From            State     Packets            Bytes LSPname

2.2.2.2         1.1.1.1         Up              0                0 r1-to-r2

3.3.3.3         1.1.1.1         Up             0                 0 r1-to-r3

3.3.3.3         1.1.1.1         Up             0                 0 r1-to-r3-af

3.3.3.3         1.1.1.1         Up             0                 0 r1-to-r3-be

4.4.4.4         1.1.1.1         Up              10              840 r1-to-r4

 

Why in case with multipath all traffic forwarded via LSP r1-to-r4?

And CBF not work correctly?

 

I’m tested this scheme on single MX router with logical-systems.

I’m also tested this scheme on vMX with same result

Scheme and configuration in attached

Export OSPF route in type-1

November 22, 2016, 12:40 am
$
0
0

Hello,

I have a QFX-1 which is learning route and 0.0.0.0/0 from OSPF 

I have connected a QFX-2 which is learning the route from QFX-1and 0.0.0.0/0 from OSPF too. 

The route are in OSPF TYPE-2

How can we export route from QFX-1 to QFX-2 in OSPF type-1 ? 

I want to change the COST.

Best regards, 

Re: Export OSPF route in type-1

November 22, 2016, 12:51 am
$
0
0

policy-options {
policy-statement my-ospf-export-policy {
term static-and-direct-as-type-1 {
from protocol [ static direct ];
then {
external {
type 1;
}
accept;
}
}
}
}

regards

 

alexander

Search

Re: Export OSPF route in type-1

November 22, 2016, 12:54 am
$
0
0

Hi,

I always try this solution but it doesn't work:

show policy-options policy-statement ospfbgp
term default-gw {
from {
route-filter 0.0.0.0/0 exact;
}
then {
metric 200;
external {
type 1;
}
}
}

 

export ospfbgp;

 

regards, 

Re: Export OSPF route in type-1

November 22, 2016, 1:30 am
$
0
0

Hello,

 

maxx wrote:

Hello,

I have a QFX-1 which is learning route and 0.0.0.0/0 from OSPF 

I have connected a QFX-2 which is learning the route from QFX-1and 0.0.0.0/0 from OSPF too. 

The route are in OSPF TYPE-2

How can we export route from QFX-1 to QFX-2 in OSPF type-1 ? 

I want to change the COST.

Best regards, 

If QFX-1 is learning 0/0 FROM OSPF as External Type-2 and You want to change it to External Type-1, You have to do it on ASBR that originates this route. Not on the QFX-1 that receives this route from OSPF.

OR

Use separate OSPF processes A.K.A "no-forwarding" instances in JUNOS.

HTH

Thx

Alex 

Re: Export OSPF route in type-1

November 22, 2016, 1:53 am
$
0
0

Yes !

I don't why i don't think about it before ...

 

Re: eBGP policy and ACL in interface

November 23, 2016, 8:45 am

Re: Source Based - Routing

November 23, 2016, 10:20 am
$
0
0

After the change suggested I was able to add the PC to the DC. But now I'm not able to navigate to any website.

 

I created a rule that the segment where the PC is located pointed to the Security Appliance (websense) IP Address

 

Is there any other change thatI need to perform?

 

Also the Security Appliance has wide open internet access

Viewing all 8688 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>