When I add this to the configuration the acx5448 irb will route traffic: set routing-instances internet routing-options static route 0.0.0.0/1 next-hop 128.0.0.0 resolve no-readvertise
However this does not work: set routing-instances internet routing-options static route 0.0.0.0/0 next-hop 128.0.0.0 resolve no-readvertise I can apparently have a working system by splitting my 0.0.0.0/0 into two halves 0.0.0.0/1 and 128.0.0.0/1. Not very satisfying. There has to be an explanation and fix? Regards, Baldur Den tor. 13. maj 2021 kl. 00.33 skrev Baldur Norddahl <[email protected]>: > Hello > > My evpn with irb on an acx5448 is going ok except for one very strange > problem. The router refuses to use the default route 0.0.0.0/0 when > routing traffic via the irb interface. > > The router itself will ping just fine: > > baldur@formervangen-core3> ping routing-instance internet 8.8.8.8 > PING 8.8.8.8 (8.8.8.8): 56 data bytes > 64 bytes from 8.8.8.8: icmp_seq=0 ttl=122 time=24.574 ms > 64 bytes from 8.8.8.8: icmp_seq=1 ttl=122 time=12.770 ms > ^C > --- 8.8.8.8 ping statistics --- > 2 packets transmitted, 2 packets received, 0% packet loss > round-trip min/avg/max/stddev = 12.770/18.672/24.574/5.902 ms > > baldur@formervangen-core3> show route table internet.inet.0 8.8.8.8 > > internet.inet.0: 16 destinations, 46 routes (16 active, 0 holddown, 0 > hidden) > + = Active Route, - = Last Active, * = Both > > 0.0.0.0/0 *[BGP/170] 00:11:57, localpref 100, from 10.0.0.248 > AS path: I, validation-state: unverified > > to 10.99.0.18 via xe-0/0/0.0, Push 17, Push > 1228(top) > [BGP/170] 1w2d 20:16:40, localpref 100, from 10.0.0.249 > AS path: I, validation-state: unverified > > to 10.99.0.18 via xe-0/0/0.0, Push 17, Push > 1228(top) > [BGP/170] 1w2d 20:30:50, localpref 100, from 10.0.0.249 > AS path: I, validation-state: unverified > > to 10.99.0.18 via xe-0/0/0.0, Push 21, Push > 1223(top) > [BGP/170] 00:11:46, localpref 100, from 10.0.0.248 > AS path: I, validation-state: unverified > > to 10.99.0.18 via xe-0/0/0.0, Push 21, Push > 1223(top) > > But done from a host connected to the evpn nothing happens: > > root@lab2:~# ping 8.8.8.8 > PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data. > ^C > --- 8.8.8.8 ping statistics --- > 3 packets transmitted, 0 received, 100% packet loss, time 2029ms > > However I made a dummy 128.0.0.0/1 route and now I can ping half of the > internet? > > root@lab2:~# ping 185.107.12.60 > PING 185.107.12.60 (185.107.12.60) 56(84) bytes of data. > 64 bytes from 185.107.12.60: icmp_seq=1 ttl=61 time=0.902 ms > 64 bytes from 185.107.12.60: icmp_seq=2 ttl=61 time=0.860 ms > 64 bytes from 185.107.12.60: icmp_seq=3 ttl=61 time=0.898 ms > ^C > --- 185.107.12.60 ping statistics --- > 3 packets transmitted, 3 received, 0% packet loss, time 2003ms > rtt min/avg/max/mdev = 0.860/0.886/0.902/0.018 ms > > This 128.0.0.0/1 route looks just the same as the 0.0.0.0/0 route: > > baldur@formervangen-core3> show route table internet.inet.0 128.0.0.0/1 > exact > > internet.inet.0: 16 destinations, 46 routes (16 active, 0 holddown, 0 > hidden) > + = Active Route, - = Last Active, * = Both > > 128.0.0.0/1 *[BGP/170] 00:15:12, localpref 100, from 10.0.0.248 > AS path: I, validation-state: unverified > > to 10.99.0.18 via xe-0/0/0.0, Push 17, Push > 1228(top) > > The irb interface is simple: > > baldur@formervangen-core3> show configuration interfaces irb.15 > virtual-gateway-accept-data; > family inet { > address 185.24.168.180/26 { > virtual-gateway-address 185.24.168.129; > } > } > family inet6 { > address 2a00:7660:0:24::1044/64 { > virtual-gateway-address 2a00:7660:0:24::1; > } > } > > root@lab2:~# ip route > default via 185.24.168.129 dev v15 > 185.24.168.128/26 dev v15 proto kernel scope link src 185.24.168.181 > root@lab2:~# ip neigh show 185.24.168.129 > 185.24.168.129 dev v15 lladdr 00:00:5e:00:01:01 REACHABLE > > I noticed that the host can access everything that formervangen-core3 has > in the routing table except for 0.0.0.0/0. This includes the 128.0.0.0/1 > static reject route I created on one of the route reflectors. > > The rest of the configuration: > > baldur@formervangen-core3> show configuration routing-instances server15 > instance-type evpn; > protocols { > evpn { > default-gateway no-gateway-community; > } > } > vlan-id 15; > l3-interface irb.15; > interface xe-0/0/10.15; > vrf-target target:60876:15; > > baldur@formervangen-core3> show configuration routing-instances internet > instance-type vrf; > routing-options { > auto-export; > } > interface irb.15; > interface lo0.1; > vrf-target target:60876:0; > inactive: vrf-table-label; > > Thanks, > > Baldur > > > _______________________________________________ juniper-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/juniper-nsp
