Hi Chris, Just a hunch but I suspect the FIB on your EX4200 is full (I seem to recall the EX can only hold 16K routes), which is probably causing all kinds of weirdness: > inet.0: 16384 destinations, 16384 routes (16384 active, 0 holddown, 0
You probably want to filter your routes down to what you receive from WAIX and a default route. -Shane On 13/07/2011, at 2:27 PM, Chris wrote: > Hi all, > > I have a pair of EX4200's which are running iBGP to a pair of J6350's. > > I am seeing some strange behaviour with the routing on them. The > EX4200's have a few different VLANs setup: > > vlan 50 - Used to connect to a J6350 > vlan 100 - The VLAN the devices I am trying to reach are on > > The devices on vlan 100 are on the 10.10.10.0/24 range, with the > EX4200's being the gateway for that network (it has been assigned > 10.10.10.254). The problem I am seeing is from the EX4200's I can reach > any device in that network fine. From the J6350's I can reach SOME > devices but not others. I have not been able to find a pattern for this > - an example device I have plugged in is a Dell blade chassis. It has a > management controller that sits on 10.10.10.100 which I can get to from > both the EX4200's and the J6350's. Each blade in the chassis is also > assigned an IP for management through the same controller, in this case > 10.10.10.101-117. I can't reach the individual blade management IP's > from the J6350's yet from the EX4200's I can reach them fine. It has me > a bit confused as it uses the same port on the EX4200's. > > For the below examples, here is the IP addressing (these are obviously > not real): > 99.99.99.240/30 - acc-core vlan50 (99.99.99.241) and acc-bdr1 ge-0/0/0 > (99.99.99.242) > 99.99.99.253 - acc-core lo0 > > On the J6350's the route for 10.10.10.0/24 is learnt via iBGP: > > root@acc-bdr1> show route 10.10.10.0 > > inet.0: 363930 destinations, 363932 routes (170427 active, 0 holddown, > 193504 hidden) > + = Active Route, - = Last Active, * = Both > > 10.10.10.0/24 *[BGP/170] 00:49:35, localpref 100, from 99.99.99.253 > AS path: I >> to 99.99.99.241 via ge-0/0/0.0 > > That route does seem to work, if I ping any IP in 10.10.10.0/24 (even > the 'non-working' IPs) and run a tcpdump on the J6350 I can see the > traffic heading out to the EX4200's. > > As a test, I added a static route for 10.10.10.101/32 with a next hop of > 10.10.10.254 on the J6350. This doesn't show in the routing table on the > J6350: > > root@acc-bdr1> show configuration routing-options static route > 10.10.10.101/32 > next-hop 10.10.10.254; > > root@acc-bdr1> show route 10.10.10.101 > > inet.0: 363933 destinations, 363935 routes (170429 active, 0 holddown, > 193505 hidden) > + = Active Route, - = Last Active, * = Both > > 10.10.10.0/24 *[BGP/170] 00:54:12, localpref 100, from 99.99.99.253 > AS path: I >> to 99.99.99.241 via ge-0/0/0.0 > > On the EX4200 the route is there correctly: > root@acc-core> show route 10.10.10.101 > > inet.0: 16384 destinations, 16384 routes (16384 active, 0 holddown, 0 > hidden) > Restart Complete > + = Active Route, - = Last Active, * = Both > > 10.10.10.0/24 *[Direct/0] 00:55:58 >> via vlan.100 > > After the route was added, the EX4200 had the power cut and restored and > I could magically ping 10.10.10.101 from the J6350 with no other config > changes. The power was cut again, and I then lost the ability to ping it > from the J6350, but I could still ping it from the EX4200. I have no > idea why this is so I am a bit confused. > > The J6350 has no filters in place currently, it is running the router > config too with the security features disabled. > > Is there anything obvious I'm missing? > > Thanks > _______________________________________________ > juniper-nsp mailing list [email protected] > https://puck.nether.net/mailman/listinfo/juniper-nsp _______________________________________________ juniper-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/juniper-nsp
