Dual J-Routers with Dual ISP Link, issues with traffics but not "Ping"



  • Hi there, I have the setup as per the diagram, been facing some weird issues since I’m trying to do some level of outbound load-sharing via static routing.

    Brief Explanation:

    • Jrouter-A has 1 x ISP with AS-X, while Jrouter-B has 1 x ISP with AS-Y
    • eBGP formed between A/B towards respective ISP, while iBGP formed between Jrouter-A and Jrouter-B
    • SRX firewall has two static default route towards Jrouter-A and Jrouter-B, and load-balance
    • SRX firewall perform the NAT for the user segment towards internet

    Issues face:

    • If the Jrouter has only a single default route, no issue
    • If the Jrouter has two default routes, some websites can’t be loaded, but ping to the website passed through
    • If the Jrouter has two default routes, if one of the ISP link logically brought down, no issues, traffic can pass to between JrouterA and JrouterB at times depending on the destination

    I found it weird and thus would like to have some comments about it, overall the requirement is 2 achieve some level of outbound load-sharing while inbound leave it to the ISP presence in the originated area of external users.

    Comments/feedback would be much appreciated :-), will follow up with the config in 2nd post.

    Cheers



  • JRouter-A
    set protocols bgp group eBGP type external
    set protocols bgp group eBGP description "to ISP-A AS-X"
    set protocols bgp group eBGP peer-as "X"
    set protocols bgp group eBGP multipath
    set protocols bgp group eBGP neighbor x.x.x.x hold-time 90
    set protocols bgp group eBGP neighbor x.x.x.x export bgp-out
    set protocols bgp group eBGP neighbor x.x.x.x peer-as "X"
    set protcols bgp group iBGP type internal
    set protocols bgp group iBGP local-address 10.x.x.x
    set protocols bgp group iBGP export next-hop-self
    set protocols bgp group iBGP peer-as "A"
    set protocols bgp group iBGP neighbor 10.x.x.x
    !
    set policy-options policy-statement bgp-out term 1 from route-filter <own-public-segment>exact
    set policy-options policy-statement bgp-out term 1 then accept
    set policy-options policy-statement bgp-out term 2 then reject

    JRouter-B
    set protocols bgp group eBGP type external
    set protocols bgp group eBGP description "to ISP-B AS-Y"
    set protocols bgp group eBGP peer-as "Y"
    set protocols bgp group eBGP multipath
    set protocols bgp group eBGP neighbor x.x.x.x hold-time 90
    set protocols bgp group eBGP neighbor x.x.x.x export bgp-out
    set protocols bgp group eBGP neighbor x.x.x.x peer-as "Y"
    set protcols bgp group iBGP type internal
    set protocols bgp group iBGP local-address 10.x.x.x
    set protocols bgp group iBGP export next-hop-self
    set protocols bgp group iBGP peer-as "A"
    set protocols bgp group iBGP neighbor 10.x.x.x
    !
    set policy-options policy-statement bgp-out term 1 from route-filter <own-public-segment>exact
    set policy-options policy-statement bgp-out term 1 then accept
    set policy-options policy-statement bgp-out term 2 then reject

    SRX
    set routing-options static route 0.0.0.0/0 next-hop 10.x.x.x (Jrouter-A)
    set routing-options static route 0.0.0.0/0 next-hop 10.x.x.x (Jrouter-B)
    set routing-options forwarding-table export LOAD_BALANCING
    set policy-options policy-statement LOAD_BALANCING term 1 then load-balance per-packet</own-public-segment></own-public-segment>


 

29
Online

38.4k
Users

12.7k
Topics

44.5k
Posts