Support Support Downloads Knowledge Base Service Request Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[SRX] BOOTSTRAP (BSR) implementation on router with VRRP enabled

0

0

Article ID: KB35322 KB Last Updated: 24 Dec 2019Version: 1.0
Summary:

SRX A’s lookpback (10.10.10.1/32) is configured as RP and this router is enabled as Bootstrap router (BSR).
SRX A and C have VRRP enabled with VIP as 172.16.2.22/24.
SRX B has a static route for RP address (10.10.10.1) pointing to VIP (172.16.2.22)
 

Symptoms:

In this setup, SRX B is unable to learn the RP address.

When the boot strap message is received by SRXB from SRXA, it will be sourced from SRX A’s physical interface IP ( 172.16.2.1) and not from the virtual IP 172.16.2.22.

root@SRXB> monitor traffic interface ge-0/0/3.0
 --------
 --------
15:43:15.638275 Out IP 172.16.2.2 > 224.0.0.13: 172.16.2.2 > 224.0.0.13:PIMv2, Hello, length 34
15:43:18.238826  In IP 172.16.2.1 > 224.0.0.13: 172.16.2.1 > 224.0.0.13:PIMv2, Bootstrap, length 36
15:43:20.698780  In IP 172.16.2.1 > 224.0.0.13: 172.16.2.1 > 224.0.0.13:PIMv2, Hello, length 34

You can see it in the PIM traceoption.
Dec 10 16:44:57.790848          rp address 10.10.10.1 holdtime 150 priority 1
Dec 10 16:44:57.790930 PIM Bootstrap dropping BSM from 172.16.2.1: BSM not from upstream neighbor towards BSR 172.16.2.22 
Dec 10 16:45:00.419042 PPMD-PIM hello from 172.16.2.1 IFL 71 absorbed
Cause:

When SRXB receives BSM, it will checks if the RP address (10.10.10.1) is reachable via BSR and finds out the route is towards Virtual IP 172.16.2.22. However, the BSM is from physical IP 172.16.2.1.

root@SRXB>  show pim rps extensive instance TEST
Instance: PIM.TEST
 
address-family INET
 
address-family INET6
Solution:

We need to add the route for RP (10.10.10.1) towards the physical interface of SRXA.

root@SRXB# show | compare
[edit routing-instances TEST routing-options static]
     route 192.168.38.0/24 { ... }
+    route 10.10.10.1/32 next-hop 172.16.2.1; <-- Added route toward Physical IP.

++ RP is learnt via bootstrap and from the address 172.16.2.1

root@SRXB> show pim rps extensive instance TEST
Instance: PIM.TEST
 
address-family INET
 
RP: 10.10.10.1
Learned from 172.16.2.1 via: bootstrap 
Mode: Sparse
Time Active: 00:00:37
Holdtime: 150
Device Index: 132
Subunit: 32769
Interface: ppe0.32769
Group Ranges:
        224.0.0.0/4, 113s remaining
 
address-family INET6
 
root@SRXB> show pim bootstrap detail instance TEST
Instance: PIM.TEST
 
BSR                     Pri Local address           Pri State      Timeout
10.10.10.1              3 (null)                    0 InEligible     108
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Security Alerts and Vulnerabilities

Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search