Would it no be advisae to either teace it or a tcpdump from the OS you can > see what packets are being sent and received on the interface?
Generally yes, but. Though this doesn't seem to be the case for Jeroen since he uses eBGP with direct interface address peering, you must keep in mind that in case a packet comes to SRX though interface A having dst-ip set to address bound to interface B, it will first threat it as a transit packet and pass through the flow engine (policy, ect). You won't be able to catch the packet with 'monitor traffic', even though it than goes to the control plane. Don't know if there are tricks to overcome this. In case of tracing, you have to use [edit security flow] traceoptions, not the BGP trace. As a quick check I'd propose to use a firewall filter, excluding the BGP packets out of flow processing with selective packet-mode option, or even temporarily turn the SRX into router context, and see if something changes. _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp