Re: [j-nsp] Odd issue with logical-system

2017-09-18 Thread Eric Van Tol 
> Is the correct interface and unit number specified inside the logical-system
> on both sides?  

Yes - the issue isn't basic connectivity. I can see the inbound tcp syn on LS1, 
but it doesn't respond back. I have even deleted every lo0 filter on the router 
because that's the most obvious reason for dropping packets.

> Have you tried deleting the config, commit full, rollback?

I haven't done a commit full, but I've deleted the LS and added it back in, 
changed the loopback unit number and changed the BGP source address in LS1, all 
to no avail.
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] Odd issue with logical-system

2017-09-18 Thread Chuck Anderson 
On Mon, Sep 18, 2017 at 01:12:36PM +, Eric Van Tol wrote:
> > Have you tried enabling BGP traceoptions to see if that logs more useful
> > diagnostics?
> 
> Yes, per my first message:
> 
> >I also see absolutely nothing when I enable traceoptions on the 
> >peer in LS1 and with MX2 attempting to contact LS1
> 
> Nothing helpful in those, with all flags enabled, both sides show the same 
> thing:
> 
> bgp_connect_complete: error connecting to x.x.x.x (Internal AS x): Socket 
> is not connected
> 
> Again, I don't even see a TCP SYN being sent in the 'monitor traffic 
> interface' output on the only active interface in LS1, as though it's being 
> dropped before it even hits the wire.

Is the correct interface and unit number specified inside the logical-system on 
both sides?  Have you tried deleting the config, commit full, rollback?
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] Odd issue with logical-system

2017-09-18 Thread Eric Van Tol 
> Have you tried enabling BGP traceoptions to see if that logs more useful
> diagnostics?

Yes, per my first message:

>I also see absolutely nothing when I enable traceoptions on the 
>peer in LS1 and with MX2 attempting to contact LS1

Nothing helpful in those, with all flags enabled, both sides show the same 
thing:

bgp_connect_complete: error connecting to x.x.x.x (Internal AS x): Socket 
is not connected

Again, I don't even see a TCP SYN being sent in the 'monitor traffic interface' 
output on the only active interface in LS1, as though it's being dropped before 
it even hits the wire.

-evt
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] Odd issue with logical-system

2017-09-17 Thread Chuck Anderson 
On Sun, Sep 17, 2017 at 01:43:31PM +, Eric Van Tol wrote:
> Thanks, I did check all this and re-entered MD5 keys by pasting in on all 4 
> routers. The fact that only one session out of the bunch isn't coming up 
> indicates that it's not an MD5 or ASN issue, though, as they are all defined 
> within groups and not individual definitions within the neigbhor statements. 
> Traceoptions simply show that the attempts timed out. LS1 is not responding 
> at all to the incoming request from MX2, nor is it even *sending* a TCP SYN 
> to MX2 in its own supposed session request (LS1 is not in passive mode). 
> 
> IPv6 peering between all four nodes is working, too.
> 
> I feel like this is going to end up a JTAC ticket, but wanted to know if 
> anyone else had ever seen this behavior. I may end up rebooting MX1 to see if 
> that fixes it, but I'd prefer not to do the Roy and Moss Method if I can help 
> it.

Have you tried enabling BGP traceoptions to see if that logs more useful 
diagnostics?
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] Odd issue with logical-system

2017-09-17 Thread Eric Van Tol 
Hi all,
To Aaron - Yes, that map is correct.

> I have 40+ logical systems in a 4 chassis lab, all speaking 
> BGP withloads of families negotiated.

I've never had this problem with logical systems before except with this one 
router (MX1). It happened a couple years ago - the exact same thing - and I 
ended up moving the logical system off this router because I didn't have time 
to troubleshoot it, nor was it that important that the LS exist on this router.

> Start with the easy stuff.  Did you fat finger an ASN or an MD5 key?
> Did you set type internal?  Your trace options and show bgp neighbor
> output should help you determine the failure if it's an application
> layer issue.

Thanks, I did check all this and re-entered MD5 keys by pasting in on all 4 
routers. The fact that only one session out of the bunch isn't coming up 
indicates that it's not an MD5 or ASN issue, though, as they are all defined 
within groups and not individual definitions within the neigbhor statements. 
Traceoptions simply show that the attempts timed out. LS1 is not responding at 
all to the incoming request from MX2, nor is it even *sending* a TCP SYN to MX2 
in its own supposed session request (LS1 is not in passive mode). 

IPv6 peering between all four nodes is working, too.

I feel like this is going to end up a JTAC ticket, but wanted to know if anyone 
else had ever seen this behavior. I may end up rebooting MX1 to see if that 
fixes it, but I'd prefer not to do the Roy and Moss Method if I can help it.

-evt
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] Odd issue with logical-system

2017-09-16 Thread Jason Iannone 
I have 40+ logical systems in a 4 chassis lab, all speaking BGP with
loads of families negotiated.

Start with the easy stuff.  Did you fat finger an ASN or an MD5 key?
Did you set type internal?  Your trace options and show bgp neighbor
output should help you determine the failure if it's an application
layer issue.

Jason

On Fri, Sep 15, 2017 at 11:29 AM, Eric Van Tol  wrote:
> Hi all,
> Since I've now run into this issue a second time, I figured I'd reach out to 
> the community to see if anyone else has experienced this. I'm working on a 
> pair of MX960s, running 13.3R6.5.
>
> I have a pair of logical systems (LS1, LS2) configured in each MX960 (MX1, 
> MX2) and both MXs are directly attached and in production with no other 
> issues. Each logical system is configured to IBGP peer with each MX, but not 
> each other.
>
> My problem is that LS1 is unable to bring up a BGP session with MX2. I've 
> disabled all lo0 filters to ensure that it's not a filtering problem. Routing 
> is working properly, as I can ping each MX from each LS and vice versa. If I 
> do a 'monitor traffic interface' on MX2 and on LS1, I can see the MX sending 
> a TCP SYN and it's received on LS1, but it's just dropped silently. I can 
> also see an originating TCP session in the 'show system connections' output 
> on LS1, but no packets are being seen leaving LS1. I also see absolutely 
> nothing when I enable traceoptions on the peer in LS1 and with MX2 attempting 
> to contact LS1.
>
> Anyone else seen this? I don't see any PRs related this in 13.3R6, either.
>
> Thanks in advance,
> evt
>
>
> ___
> juniper-nsp mailing list juniper-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] Odd issue with logical-system

2017-09-15 Thread Aaron Gould 
Ugh, word wrap got me again !let me try another ascii drawing

Like this Eric ?

Mx1physical---mx2
|   |  |   |
|   |  |   |
|   |  |   |
|   |  |   |
|   |  |   |
L1 L2  L1  L2

- Aaron 


___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] Odd issue with logical-system

2017-09-15 Thread Aaron Gould 
Like this Eric ? 

ls1logical--mx1---physical--mx2-logical-
---ls1
ls2logical|
|---logicalls2 


- Aaron




___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

[j-nsp] Odd issue with logical-system

2017-09-15 Thread Eric Van Tol 
Hi all,
Since I've now run into this issue a second time, I figured I'd reach out to 
the community to see if anyone else has experienced this. I'm working on a pair 
of MX960s, running 13.3R6.5. 

I have a pair of logical systems (LS1, LS2) configured in each MX960 (MX1, MX2) 
and both MXs are directly attached and in production with no other issues. Each 
logical system is configured to IBGP peer with each MX, but not each other. 

My problem is that LS1 is unable to bring up a BGP session with MX2. I've 
disabled all lo0 filters to ensure that it's not a filtering problem. Routing 
is working properly, as I can ping each MX from each LS and vice versa. If I do 
a 'monitor traffic interface' on MX2 and on LS1, I can see the MX sending a TCP 
SYN and it's received on LS1, but it's just dropped silently. I can also see an 
originating TCP session in the 'show system connections' output on LS1, but no 
packets are being seen leaving LS1. I also see absolutely nothing when I enable 
traceoptions on the peer in LS1 and with MX2 attempting to contact LS1.

Anyone else seen this? I don't see any PRs related this in 13.3R6, either.

Thanks in advance,
evt


___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp