[AusNOG] AWS Direct Connect & Juniper

Andrew Cowan andycowan at gmail.com
Sat Jan 24 13:02:05 EST 2015


Hi all,

Thanks to every one who has helped out on this, I happy to say that it has
been resolved.

The issues we faced were:

    VLAN tagging (facepalm) - I was sending tagged traffic from our router
to the switch that was configured as an access port.
    BGP authentication - The router config files normally generated in the
AWS portal weren't generated, so we didn't have the BGP key.  We ended up
finding it in Megaport's service info page for the VXC.
    
Cheers,
Andy

ANDY COWAN
+61 430 034 642 

From:  Simon Dixon <simon at dicko.net.au>
Date:  Friday, 23 January 2015 5:42 pm
To:  Geordie Guy <elomis at gmail.com>
Cc:  Andrew Cowan <andycowan at gmail.com>, "ausnog at lists.ausnog.net"
<ausnog at lists.ausnog.net>
Subject:  Re: [AusNOG] AWS Direct Connect & Juniper

Andrew, 

Is it a SRX cluster your using?

If so check that your allowing BGP to the RE in the zone config

A default config change would look like this.

set security zone security-zone untrust host-inbound-traffic protocols bgp

Regards

Simon.

On 23 January 2015 at 13:26, Geordie Guy <elomis at gmail.com> wrote:
> Just to confirm, you can see traffic coming from AWS but not going back? Or is
> it the other way around?  Are you connecting to a VPC or using a public IPs
> for Internet facing resources like S3?  Also, if you're using it for public
> accessibility over the DxC, are you using your own assigned IPs or are you
> part of the beta program where AWS assign you a /31 in 54.239.0.0?
> 
> On Fri, Jan 23, 2015 at 3:49 PM, Andrew Cowan <andycowan at gmail.com> wrote:
>> Hi Chris,
>> 
>> Thanks for your suggestion.  I checked the firewall and got the output below,
>> I think this just means the firewall is disabled, so no problem there.
>> 
>>> > show configuration firewall
>> 
>> filter filter-jflow {
>> 
>>     term 1 {
>> 
>>         then {
>> 
>>             sample;
>> 
>>             accept;
>> 
>>         }
>> 
>>     }
>> 
>> }
>> 
>> 
>>> > show configuration firewall family inet
>> 
>> 
>> 
>> {primary:node0}
>> 
>> 
>> 
 <http://lists.ausnog.net/mailman/listinfo/ausnog>


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20150124/6ad56ebe/attachment.html>


More information about the AusNOG mailing list