Support Support Downloads Knowledge Base Apex Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[SRX] When multiple routes have the same hop count, the route chosen is random in RIP

0

0

Article ID: KB31829 KB Last Updated: 27 Jun 2017Version: 1.0
Summary:

This article describes the behavior of the Routing Information Protocol (RIP) when there are multiple routes with the same hop count. When a RIP route has the same hop count as another, the outgoing interface will be randomly chosen.

Symptoms:

Topology:

                        ge-0/0/0(192.168.4.30) --- (192.168.4.23) Router1 --+
 PC(10.10.10.20) -- SRX                                                     |--- Destination(1.1.1.0 and 2.2.2.0)
                        ge-0/0/1(192.168.7.30) --- (192.168.7.23) Router2 --+
 

RIP configuration on SRX:

 set protocols rip group test1 export local
 set protocols rip group test1 neighbor ge-0/0/0.0
 set protocols rip group test2 export local
 set protocols rip group test2 neighbor ge-0/0/1.0                                                                                                                                

RIP route information on SRX:

root> show route ‚Äč
 inet.0: 15 destinations, 16 routes (15 active, 0 holddown, 0 hidden)
 + = Active Route, - = Last Active, * = Both
  
 1.1.1.0/24         *[RIP/100] 00:16:47, metric 2, tag 0
                       to 192.168.4.23 via ge-0/0/0.0
                     > to 192.168.7.23 via ge-0/0/1.0
 2.2.2.0/24         *[RIP/100] 00:12:39, metric 2, tag 0
                     > to 192.168.4.23 via ge-0/0/0.0
                       to 192.168.7.23 via ge-0/0/1.0


 root>show route forwarding-table destination 2.2.2.0/24 
 Routing table: default.inet
 Internet:
 Destination        Type RtRef Next hop           Type Index    NhRef Netif
 2.2.2.0/24         user     0 192.168.4.23       ucst     1360     4 ge-0/0/0.0


 root>show route forwarding-table destination 1.1.1.0/24 
 Routing table: default.inet
 Internet:
 Destination        Type RtRef Next hop           Type Index    NhRef Netif
 1.1.1.0/24         user     0 192.168.7.23       ucst     1361     4 ge-0/0/1.0
 

When an ICMP echo request is sent, the SRX forwarded packet is based on the forwarding table.

Ping destined for 1.1.1.1

 root> show security flow session protocol 
 Session ID: 31, Policy name: default-policy-logical-system-00/2, Timeout: 2, Valid
   In: 10.10.10.20/4 --> 1.1.1.1/25564;icmp, Conn Tag: 0x0, If: ge-0/0/7.0, Pkts: 1, Bytes: 84, 
   Out: 1.1.1.1/25564 --> 10.10.10.20/4;icmp, Conn Tag: 0x0, If: ge-0/0/1.0, Pkts: 1, Bytes: 84,  

Ping destined for 2.2.2.2

 root> show security flow session protocol 
 Session ID: 83, Policy name: default-policy-logical-system-00/2, Timeout: 2, Valid
   In: 10.10.10.20/7 --> 2.2.2.2/25852;icmp, Conn Tag: 0x0, If: ge-0/0/7.0, Pkts: 1, Bytes: 84, 
   Out: 2.2.2.2/25852 --> 10.10.10.20/7;icmp, Conn Tag: 0x0, If: ge-0/0/0.0, Pkts: 1, Bytes: 84,  
Solution:
When a RIP route has the same hop count as another, the outgoing interface will be randomly chosen. Even during the same session, when RIP is rebuilt, the outgoing interface is sometimes changed. 

To load-balance the second route, ECMP can be configured.

   set policy-options policy-statement load-balancing-policy then load-balance per-packet
   set routing-options forwarding-table export load-balancing-policy

  root> show route 1.1.1.0/24 
  1.1.1.0/24         *[RIP/100] 00:16:47, metric 2, tag 0
                        to 192.168.4.23 via ge-0/0/0.0
                      > to 192.168.7.23 via ge-0/0/1.0

  root> show route forwarding-table destination 1.1.1.0/24 
  Destination        Type RtRef Next hop           Type Index    NhRef Netif
  1.1.1.0/24             user     0
                         192.168.7.23       ucst     1361     4 ge-0/0/1.0 
                         192.168.4.23       ucst     1320     4 ge-0/0/0.0 >>>>>>>>>ge-0/0/0 is added

  SRX uses two routes based on 5 tuple.

  Ping destined for 1.1.1.1

   root> show security flow session protocol icmp
   Session ID: 31, Policy name: default-policy-logical-system-00/2, Timeout: 2, Valid
    In: 10.10.10.20/4 --> 1.1.1.1/25564;icmp, Conn Tag: 0x0, If: ge-0/0/7.0, Pkts: 1, Bytes: 84, 
    Out: 1.1.1.1/25564 --> 10.10.10.20/4;icmp, Conn Tag: 0x0, If: ge-0/0/1.0, Pkts: 1, Bytes: 84,  >>>>>>Outgoing interface ge-0/0/1

  Ping destined for 1.1.1.1

   root> show security flow session protocol icmp
    Session ID: 55, Policy name: default-policy-logical-system-00/2, Timeout: 2, Valid
     In: 10.10.10.20/4 --> 1.1.1.1/25564;icmp, Conn Tag: 0x0, If: ge-0/0/7.0, Pkts: 1, Bytes: 84, 
     Out: 1.1.1.1/25564 --> 10.10.10.20/4;icmp, Conn Tag: 0x0, If: ge-0/0/0.0, Pkts: 1, Bytes: 84,  >>>>>>>Outgoing interface ge-0/0/0
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search