Re: [j-nsp] Help: Learning routes from same ASN, cisco vs juniper

2013-09-11 Thread Payam Chychi 
Unless im mistaken... Thats a safety which detects a loop and rejects the 
prefix 

Allowas-in as well as as-override will get you around it but dont mod unless 
you know how its going to affect ur network


-- 
Payam Chychi
Network Engineer / Security Specialist


On Tuesday, 10 September, 2013 at 10:28 AM, OBrien, Will wrote:

> I've found an interesting issue and I wanted to get some thoughts before 
> talking to JTAC about it.
> 
> 
> I have a few of MX480s. In the past, I've advertised a dedicated /24 from my 
> lab to my providers upstream.
> That /24 was never learned by my primary MX.
> 
> The issue comes down to either the MX or the Cisco filtering routes that are 
> from the same ASN. It's been a couple of years since I ran across this and I 
> can't remember who was at fault.
> 
> 
> This behavior is biting my with regard to my DR site.
> 
> 
> At my DR, I have a SRX with say ASN 1234. It's advertising a /24.
> 
> At my primary site, I also use ASN1234. I do not receive the /24 via BGP.
> 
> So, either the Cisco (7600 I think) isn't advertising the route to me because 
> it's from my ASN - OR - The MX is filtering it because it's from my ASN and 
> coming in on a eBGP link.
> 
> 
> If it's the MX, I'm certain I can write an import filter, but I'm having an 
> issue hunting down syntax on that.
> If it's the Cisco, then I can yell at the provider to have them open a TAC 
> case. 
> 
> 
> 
> Like I said, I ran across this a few years ago, but can't remember who was at 
> fault. I could build a multi-hop neighbor relationship to get around this, 
> but surely there's a simpler solution...
> ___
> juniper-nsp mailing list juniper-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
> 
> 


___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] Help: Learning routes from same ASN, cisco vs juniper

2013-09-11 Thread OBrien, Will 
I was too busy yesterday working on this to say thanks.

The loops threshold was exactly what I needed although my upstream was ALSO 
filtering.
I have to admit that it did take me a few minutes to realize that the loops 
limit also applies to external routes learned by an ibgp neighbor!

the internal neighbor adds an additional AS hop to it, so I had to raise my 
threshold one more than I initially assessed.



Thanks again all.


On Sep 10, 2013, at 12:46 PM, Andrew Tutten wrote:

I believe the command you're looking for is:

set routing-options autonomous-system loops <#>

where # is the acceptable number of times your AS# shows up in an eBGP as-path


On Tue, Sep 10, 2013 at 12:28 PM, OBrien, Will 
mailto:obri...@missouri.edu>> wrote:
I've found an interesting issue and I wanted to get some thoughts before 
talking to JTAC about it.


I have a few of MX480s.  In the past, I've advertised a dedicated /24 from my 
lab to my providers upstream.
That /24 was never learned by my primary MX.

The issue comes down to either the MX or the Cisco filtering routes that are 
from the same ASN.  It's been a couple of years since I ran across this and I 
can't remember who was at fault.


This behavior is biting my with regard to my DR site.


At my DR, I have a SRX with say ASN 1234. It's advertising a /24.

At my primary site, I also use ASN1234. I do not receive the /24 via BGP.

So, either the Cisco (7600 I think) isn't advertising the route to me because 
it's from my ASN - OR - The MX is filtering it because it's from my ASN and 
coming in on a eBGP link.


If it's the MX, I'm certain I can write an import filter, but I'm having an 
issue hunting down syntax on that.
If it's the Cisco, then I can yell at the provider to have them open a TAC case.



Like I said, I ran across this a few years ago, but can't remember who was at 
fault. I could build a multi-hop neighbor relationship to get around this, but 
surely there's a simpler solution...
___
juniper-nsp mailing list 
juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp



--
Andrew Tutten
Senior Network Engineer
API Digital Communications Group
[http://www.api-digital.com/mkt/email_logo_200x60.png]

___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] Help: Learning routes from same ASN, cisco vs juniper

2013-09-10 Thread David Miller 


On 9/10/2013 1:28 PM, OBrien, Will wrote:
> I've found an interesting issue and I wanted to get some thoughts before 
> talking to JTAC about it.
> 
> 
> I have a few of MX480s.  In the past, I've advertised a dedicated /24 from my 
> lab to my providers upstream.
> That /24 was never learned by my primary MX.
> 
> The issue comes down to either the MX or the Cisco filtering routes that are 
> from the same ASN.  It's been a couple of years since I ran across this and I 
> can't remember who was at fault.
> 
> 
> This behavior is biting my with regard to my DR site.
> 
> 
> At my DR, I have a SRX with say ASN 1234. It's advertising a /24.
> 
> At my primary site, I also use ASN1234. I do not receive the /24 via BGP.
> 
> So, either the Cisco (7600 I think) isn't advertising the route to me because 
> it's from my ASN - OR - The MX is filtering it because it's from my ASN and 
> coming in on a eBGP link.
> 
> 
> If it's the MX, I'm certain I can write an import filter, but I'm having an 
> issue hunting down syntax on that.
> If it's the Cisco, then I can yell at the provider to have them open a TAC 
> case. 
> 
> 
> 
> Like I said, I ran across this a few years ago, but can't remember who was at 
> fault. I could build a multi-hop neighbor relationship to get around this, 
> but surely there's a simpler solution...

In Juniper:

https://www.juniper.net/techpubs/en_US/junos/topics/reference/configuration-statement/loops-edit-protocols-bgp-family.html

protocols {
bgp {
neighbor 10.2.3.4 {
family inet {
unicast {
loops 1;
}
}
}
}
}

-set-

set protocols bgp neighbor 10.2.3.4 family inet unicast loops 1

^^ Will allow AS in path 1 time (can be set higher).

-DMM



signature.asc
Description: OpenPGP digital signature
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp