------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ *From:* [mailto:adamv0...@netconsultings.com] *Sent:* Tue, Sep 11, 2018 9:52 AM CEST *To:* 'Karl Gerhard'; juniper-nsp@puck.nether.net *Subject:* [j-nsp] "set routing-options protect core" breaks local-preference
>> -----Original Message----- >> From: juniper-nsp [mailto:juniper-nsp-boun...@puck.nether.net] On Behalf >> Of Karl Gerhard >> >> Hello >> >> I am experimenting with BGP PIC before deploying it to production and I >> have found an oddity: >> With "set routing-options protect core" local-preference stops working the >> way I would expect it to work. >> >> If I configure "local-preference 120" on import from my IBGP neighbor the >> router will send traffic for some prefixes to my IBGP neighbor (where they >> will egress through EBGP) and for other prefixes directly to my EBGP >> neighbor. It seems like they're getting load-balanced per destination subnet. >> This is how it looks in the routing table: >> >> root@router1# run show route 1.0.143.0/24 table inet.0 >> inet.0: 705394 destinations, 2116034 routes (705393 active, 0 holddown, 2 >> hidden) @ = Routing Use Only, # = Forwarding Use Only >> + = Active Route, - = Last Active, * = Both >> >> 1.0.143.0/24 @[BGP/170] 00:08:21, localpref 120 >> AS path: 174 38040 23969 ?, validation-state: >> unverified >> > to 123.123.123.1 via ae1.0 >> to 55.55.55.2 via ae3.0 >> [BGP/170] 00:07:37, localpref 100 >> AS path: 174 38040 23969 ?, validation-state: >> unverified >> > to 55.55.55.2 via ae3.0 >> #[Multipath/255] 00:07:37, metric2 0 >> to 123.123.123.1 via ae1.0 >> > to 55.55.55.2 via ae3.0 >> to 55.55.55.2 via ae3.0 >> >> 123.123.123.1 is my IBGP neighbor where I would like traffic to go >> 55.55.55.2 is my EBGP neighbor >> >> This is the part that is causing issues: >> #[Multipath/255] 00:07:37, metric2 0 >> to 123.123.123.1 via ae1.0 >> > to 55.55.55.2 via ae3.0 >> to 55.55.55.2 via ae3.0 >> >> With "local-preference 120" configured on my IBGP session I would expect all >> packets to go to my IBGP neighbor (123.123.123.1) - at least that's how it >> used to work. But for this specific subnet (and many others) the traffic >> will go >> directly to my EBGP neighbor. >> >> How do I make all traffic go to my IBGP neighbor? >> Is that "by design" or is it a bug in Junos 18.2R1? >> > There seem to be two next hops for the entry with localpref120 and AS path: > 174 38040 23969, if everything else is equal then eBGP path wins. > > 1.0.143.0/24 @[BGP/170] 00:08:21, localpref 120 > AS path: 174 38040 23969 ?, validation-state: unverified > > to 123.123.123.1 via ae1.0 > to 55.55.55.2 via ae3.0 > > adam > > netconsultings.com > ::carrier-class solutions for the telecommunications industry:: > Hello Adam 1. There is only one next-hop with local-preference 120, that's the IBGP one. Junos is just displaying weird things. That's probably part of the problem. 2. I have found even more brokenness with "protect core" on Junos 18.2R1 and rolled back to Junos 17.3. With this Junos version "protect core" and local-preference work as expected. Thank you Adam and and thank you Ivan for confirming that I am not crazy. One of the worst things about running Juniper hardware is the software updates. I feel like every time I upgrade Junos bits and pieces of previously working stuff break in miraculous ways and it steals you hours or days of your time. Regards Karl _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp