Hello Forum members!
I've been reading up on routing protocols and trying to learn BGP. Right now the setup described is my own private network and devices across the states (kind relatives that let me experiment with thier internet sprinkled across the US)
The BGP configuration in question has an issue that seems more complex that my newbie skills allow me to resolve, but my gut tells me its somethign sinple and silly - likely a face->palm oversight, so I'll start by explaining the topology to the best that I can.
There are two Juniper SRX 220's, at remote sites, with IPSEC tunnels configured and working between the two - lets call them A and B sites.
(A)-(DSL/PPPoE - over GE-0/0/0 interface to a bonded DSL concentrator provided by the service provider)
(B)-(Cable, bridging mode, again over GE-0/0/0)
(LocalNets: 192.168.0.0/16)(A)->st0.1(10.0.0.10/32) <--INTERNET--> st0.0(10.0.0.11/32)<-(B)(LocalNets: 172.16.0.0/16)
BGP is configured in a simple manor with a policy with route prefix's for the local networks:
BGP config for (A):
root@A# show protocols bgp
local-address 172.16.254.1;
local-as 65000;
group ipsec-peers {
type internal;
description "From Here to IPSEC sites";
export localnets_policy;
peer-as 65000;
neighbor 10.0.0.11 {
local-address 10.0.0.10;
}
}
root@A# show policy-options policy-statement localnets_policy
term term1 {
from {
prefix-list localnets;
}
then accept;
}
root@A# show policy-options prefix-list localnets
172.16.0.0/24;
172.16.1.0/24;
172.16.2.0/24;
172.16.3.0/24;
172.16.4.0/24;
172.16.100.0/24;
172.16.110.0/24;
172.16.254.0/30;
BGP Configuration for (B):
root@B# show protocols bgp
local-address 192.168.1.1;
local-as 65000;
group ipsec-peers {
type internal;
description "From Here to IPSEC sites";
export localnets_policy;
peer-as 65000;
neighbor 10.0.0.10 {
local-address 10.0.0.11;
}
}
root@B# show policy-options policy-statement localnets_policy
term term1 {
from {
prefix-list localnets;
}
then accept;
}
root@B# show policy-options prefix-list localnets
192.168.0.0/24;
192.168.1.0/24;
Now to the issue:
BGP seems to advertize routes from B to A just fine(Notice the via st0.1):
root@A# run show route protocol bgp
inet.0: 17 destinations, 17 routes (17 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
192.168.1.0/24 *[BGP/170] 00:28:19, localpref 100, from 10.0.0.11
AS path: I
> via st0.1
The problem is where A advertises to B(look at the same location :/ )
root@B# run show route protocol bgp
inet.0: 15 destinations, 15 routes (15 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
172.16.0.0/24 *[BGP/170] 00:28:05, localpref 100, from 10.0.0.10
AS path: I
> to 73.88.X.X via ge-0/0/0.0
172.16.1.0/24 *[BGP/170] 00:28:05, localpref 100, from 10.0.0.10
AS path: I
> to 73.88.X.X via ge-0/0/0.0
172.16.2.0/24 *[BGP/170] 00:28:05, localpref 100, from 10.0.0.10
AS path: I
> to 73.88.X.X via ge-0/0/0.0
172.16.3.0/24 *[BGP/170] 00:28:05, localpref 100, from 10.0.0.10
AS path: I
> to 73.88.X.X via ge-0/0/0.0
172.16.100.0/24 *[BGP/170] 00:28:05, localpref 100, from 10.0.0.10
AS path: I
> to 73.88.X.X via ge-0/0/0.0
172.16.110.0/24 *[BGP/170] 00:28:05, localpref 100, from 10.0.0.10
AS path: I
> to 73.88.X.X via ge-0/0/0.0
its worth noting of course, that the 73.88.X.X address is the GATEWAY of my external IP on B:
root@B# run show interfaces ge-0/0/0.0
Logical interface ge-0/0/0.0 (Index 72) (SNMP ifIndex 512)
Flags: SNMP-Traps 0x0 Encapsulation: ENET2
Input packets : 55788948
Output packets: 36048776
Security: Zone: untrust
Allowed host-inbound traffic : dhcp tftp https ike ping ssh
Protocol inet, MTU: 1500
Flags: Sendbcast-pkt-to-re
Addresses, Flags: Is-Preferred Is-Primary
Destination: 73.88.X/23, Local: 73.88.X.X,
Broadcast: 73.88.X.255
An un-educated guess would be this has something to do with having a default route being defined on A (because of the ppp interface) and not on B:
root@B# show routing-options static
route 10.0.0.10/32 next-hop st0.0;
route 192.168.0.1/32 next-hop 192.168.1.5;
route 0.0.0.0/32 next-hop ge-0/0/0.0;
root@A# show routing-options static
route 172.16.1.0/24 {
next-hop 172.16.254.2;
install;
}
route 172.16.2.0/24 {
next-hop 172.16.254.2;
install;
}
route 172.16.0.0/24 {
next-hop 172.16.254.2;
install;
}
route 172.16.100.0/24 next-hop 172.16.254.2;
route 172.16.3.0/24 next-hop 172.16.254.2;
route 172.16.4.0/30 next-hop 172.16.254.2;
route 172.16.110.0/24 next-hop 172.16.254.2;
route 10.0.0.11/32 next-hop st0.1;
route 0.0.0.0/0 next-hop pp0.0;
Any hints etc are welcome, as I said this is more or less a lab of my own making and if im making any assumptions here or if you have suggestions please dont be shy.
-Joel