Bgp – Juniper SR300 maximum BGP routes

bgpjuniperjuniper-srx

I've got a Juniper SRX300 which i'm using to connect to 2 BGP peers. The documentation i've read says this SRX only supports 300,000 BGP routes, so for each peer I created an import policy (based on communities) to only accept my peers customer routes and not the full table. These are roughly 2k routes for peer 1 and 3k routes for peer 2.

It all works fine, however it seems that although only the filtered routes are used the entire table is being stored. For example if I do this I get details of any route from the full table(s)

show route 1.1.1.1 hidden detail

inet.0: 726648 destinations, 726650 routes (3915 active, 0 holddown, 722735 hidden)

1.1.1.0/24 (1 entry, 0 announced)
 BGP                 /-101
        Next hop type: Router, Next hop index: 1333
        Address: 0x1990fe0
        Next-hop reference count: 728538
        Source: X.X.X.X
        Next hop: X.X.X.X via ge-0/0/6.0, selected
        Session Id: 0x0
        State: <Hidden Ext>
        Local AS: XXXXX Peer AS: XXXXX
        Age: 4:40:08
        Validation State: unverified
        Task: BGP_XXXXX.X.X.X.X
        AS path: XXXXX 13335 I
        Aggregator: XXXXX X.X.X.X
        Communities: XXXXX:XX XXXXX:XXX XXXXX:XXXX XXXXX:XXXX
        Localpref: 100
        Router ID: X.X.X.X
        Hidden reason: rejected by import policy

So my question was, is the 300k limit only on active routes? Or stored but hidden routes as well?

Thanks

Best Answer

The route table stores all received routes (from your peer). The forwarding table only stores those routes accepted by policy.

The maximum size (256K routes) applies to each.

You may want to ask your ISP to filter for you.

Related Solutions

Juniper – Troubleshooting Unstable Uplink on SRX240 with VPN

With help from our service provider we've been able to localise the problem. The idea I had in my last comment proved correct: the difference between fast ethernet and gigabit ethernet was the source of the problem.

The reason for dropping connections, undeliverable packets and segmented packets was a mismatch in link mode between the fiber switch and the SRX - they hardcoded their port to 100m full duplex, but the SRX had automatic negotiation, which resolved to 100m half duplex.

The problem was further complicated by Juniper's odd configuration of speed and link mode. Just setting these configuration options wasn't enough:

speed 100m;
link-mode full-duplex;

This configuration was accepted, but when running show interfaces ge-0/0/0, it still showed:

Link-level type: Ethernet, MTU: 1514, Link-mode: Half-duplex, Speed: 100mbps,

Apparently, you have to explicitly disable auto-negotiation:

speed 100m;
link-mode full-duplex;
gigether-options {
    no-auto-negotiation;
}

In the end, I found that this guy had the exact same problem (and the solution!)

Thanks for all your help.

Routing – Quagga not announcing external routes over ibgp session

The update-source isn't used for eBGP unless you use eBGP multihop (which you aren't), and it's unnecessary for your iBGP since you are not sourcing from a different interface from the one which you are using to connect the neighbors. You should remove those lines.

You don't seem to be using communities, so you can lose the lines with send-community both. Normally you would have consistent communities on prefixes within your AS, and you would only use that when you need to send your communities to a different AS.

Your iBGP routers should be sharing their BGP routing tables already, so the soft-reconfiguration inbound shouldn't be used within your AS, but it is often used between ASes.

I'm not sure why you are prepending the same number of ASes to both the external routers. Normally you use prepending to have the external AS to prefer one of your routers over the other; you would prepend on one external link but not the other. The way you are doing doesn't seem like it accomplishes anything.

Since you want to advertise aggregate prefixes, use the aggregate-address command. This will advertise the summary routes, and based on what you commented, I think this is your goal. The aggregate addresses will be advertised as long as there is at least one route within the summary in your routing table. the summary-only means that it will not advertise the individual routes that are within the aggregate address.

I think your BGP configurations should look something like:

R101:

router bgp 1
 no synchronization
 bgp router-id 0.0.0.1
 bgp log-neighbor-changes
! network 1.0.0.0
! network 2.0.0.0
 aggregate-address 1.1.1.0 255.255.255.0 summary-only
 aggregate-address 2.2.2.0 255.255.255.0 summary-only
 neighbor 4.4.4.1 remote-as 2
 neighbor 4.4.4.1 description "R101 uplink"
 neighbor 4.4.4.1 update-source 4.4.4.2
 neighbor 4.4.4.1 route-map R1-MAP out
 neighbor 4.4.4.1 soft-reconfiguration inbound
 neighbor 1.1.1.2 remote-as 1
 neighbor 1.1.1.2 description "R101 BGP interconnect"
 neighbor 1.1.1.2 next-hop-self
 maximum-paths 2
 no auto-summary
!

R102:

router bgp 1
 no synchronization
 bgp router-id 0.0.0.2
 bgp log-neighbor-changes
! network 1.0.0.0
! network 2.0.0.0
 aggregate-address 1.1.1.0 255.255.255.0 summary-only
 aggregate-address 2.2.2.0 255.255.255.0 summary-only
 neighbor 3.3.3.1 remote-as 2
 neighbor 3.3.3.1 description "R102 uplink"
 neighbor 3.3.3.1 update-source 3.3.3.2
 neighbor 3.3.3.1 route-map R102-MAP out
 neighbor 3.3.3.1 soft-reconfiguration inbound
 neighbor 1.1.1.1 remote-as 1
 neighbor 1.1.1.1 description "R102 BGP interconnect"
 neighbor 1.1.1.1 next-hop-self
 no auto-summary
!

Best Answer

Related Solutions

Juniper – Troubleshooting Unstable Uplink on SRX240 with VPN

Routing – Quagga not announcing external routes over ibgp session

Related Topic