Direct routes always take precedence over BGP unless it's configured otherwise so hopefully this address is in your IGP or next hop self is configured. Also, if you talking only about the directly connected route used for your peer, wouldn't the return traffic be your fault for advertising 123.0.0/30 to AS321 and vice versa?
From: Tore Anderson <t...@linpro.no> To: "Justin M. Streiner" <strei...@cluebyfour.org> Cc: juniper-nsp <juniper-nsp@puck.nether.net> Date: 02/06/2009 11:43 AM Subject: Re: [j-nsp] network engineering Sent by: juniper-nsp-boun...@puck.nether.net * Justin M. Streiner > There is a common misconception that asymmetric routing is somehow bad. > Yes, it can make troubleshooting connectivity problems a bit more > involved, but asymmetry is a perfectly normal condition. Also, even if > you were to enforce symmetry within your network, there is no guarantee > that the path will remain symmetric once it leaves your network. There's one case where I believe asymmetric routing is bad, and where I'd very much like to avoid it - I want packets with a source from the interface address of my transit ports to be sent out to the provider's router on that interface. Consider the following network: [Transit provider AS123]-123.0.0.1------123.0.0.2-[ My ] [ Juniper ] [Transit provider AS321]-321.0.0.1------321.0.0.2-[ router ] 123.0.0.x is part of AS123's PA space, 321.0.0.x is part of AS321's. Routes received from AS123 has a higher localpref than those from AS321, for whatever reason - like simply being cheaper. If someone on the other side of the internet now sends an ICMP ping or whatever to 321.0.0.2 I'll end up routing the reply packet out through AS123, since the route to that particular other side of the internet has a higher localpref through AS123. However from AS123's point of view I'm now spoofing traffic from AS321's PA space, so they might feel free to drop the packet due to a failing uRPF check or whatever. So what I'd want is to always route packets with a source of 321.0.0.2 via 321.0.0.1, if the destination isn't found in my IGP. Likewise for 123.0.0.2. I suspect it has to be done by using a separate forwarding-type routing-instance with a static route to 0/0 via 321.0.0.1 combined with an output filter on lo0 that jumps to that routing instance if the source address matches, but I was unable to figure out exactly how to make it work when I played around with it earlier today. If someone has an example config to share that accomplishes it, I'd be very grateful. Regards, -- Tore Anderson Redpill Linpro AS - http://www.redpill-linpro.com/ _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp