Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

How can I get BGP to advertise a subnet range with gaps in the actual internal subnet range due to an internal split network?

0

0

Article ID: KB12547 KB Last Updated: 08 Apr 2009Version: 1.0
Summary:
How can I get BGP to advertise a subnet range with gaps in the actual internal subnet range due to an internal split network?
Symptoms:
The BGP instance on one virtual router on the firewall needs to send routes to a primary ISP and to a secondary ISP through the BGP instance on the untrust-vr.  The secondary ISP is a backup, should the primary ISP fail.

This is working correctly for all subnets except one, the 1.1.1.0/24 subnet. The problem has two elements. First, neither of the ISP's will accept subnets smaller than /24. Second, the customer needs to subdivide the subnet into two /25 segments, which leaves out two addresses in the /24 range, which keeps the range from being advertised upstream in BGP.

Here is the IP range info for the 1.1.1.0/24 network, with a total of 254 host addresses available:
Address: 1.1.1.0
Netmask: 255.255.255.0 = 24
Wildcard: 0.0.0.255
Network: 1.1.1.0/24 (Class A)
Broadcast: 1.1.1.255
HostMin: 1.1.1.1<========
HostMax: 1.1.1.254<========
Hosts/Net: 254<========

Here is the IP range info for the 1.1.1.0/25 and 1.1.1.129/25 networks, with a total of 252 host addresses available:
Address: 1.1.1.0
Netmask: 255.255.255.129 = 25
Wildcard: 0.0.0.127
Network: 1.1.1.0/25 (Class A)
Broadcast: 1.1.1.127
HostMin: 1.1.1.1<========
HostMax: 1.1.1.126<========
Hosts/Net: 126<========
Address: 1.1.1.128
Netmask: 255.255.255.128 = 25
Wildcard: 0.0.0.127
Network: 1.1.1.128/25 (Class A)
Broadcast: 1.1.1.255
HostMin: 1.1.1.129<========
HostMax: 1.1.1.254<========
Hosts/Net: 126<========
Solution:

1. Enter the virtual router:
set vr trust-vr

2. Enter the BGP instance:
set proto bgp

3. Bypass the reachability check on the interface of the firewall:
set network 1.1.1.0/24 no-check
exit
exit
save

In this example 1.1.1.0/24 is the network you are trying to advertise upstream. With the "set network 1.1.1.0/24 no-check" command in place it will not do a reachability check on the interface of the firewall itself, thus allowing it to be advertised to the network in BGP.

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search