On Junos devices you can use a firewall filter to count packets that match criteria on any interface.
firewall {
family inet {
filter Peer_Count_Out {
interface-specific;
term traffic {
from {
source-prefix-list {
Inside_Addresses;
}
destination-prefix-list {
Outside_Addresses;
}
}
then count Peer_Out;
}
term allow {
then accept;
}
}
filter Peer_Count_In {
interface-specific;
term traffic {
from {
source-prefix-list {
Outside_Addresses;
}
destination-prefix-list {
Inside_Addresses;
}
}
then count Peer_In;
}
term allow {
then accept;
}
}
In the prefix list you put the addresses you expect to see in the conversation inside the VR and outside client.
Then apply these to the interfaces you want to verify the traffic.
family inet {
filter {
input Peer_Count_In;
output Peer_Count_Out;
}
Then display the results per interface using operation command
show firewall
------------------------------
Steve Puluka BSEET - Juniper Ambassador
IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)
http://puluka.com/home------------------------------
Original Message:
Sent: 10-04-2021 12:56
From: Unknown User
Subject: Routing between 2 bridge domains through IRBs issues... :(
Yes, I've verified their default route. After some packet captures, I realized that traffic was exiting the MX properly and being routed correctly! Unfortunately it seems that traffic doesn't return, or dies in transit somewhere. I haven't been able to verify yet if traffic is returning to the MX and stopping there, or if it ever returns at all. Because I can ping the 172.16.0.1 address from the rest of the network, I'm assuming that other IPs in the /26 are also routing properly to the MX. I'm guessing that they make it back to the MX, which has a direct route to the /26 and a next-hop of the IRB, and then stop there?
Original Message:
Sent: 10-04-2021 05:41
From: STEVE PULUKA
Subject: Routing between 2 bridge domains through IRBs issues... :(
Can you verify the clients in grebd have 172.16.0.1 as their gateway or default route?
------------------------------
Steve Puluka BSEET - Juniper Ambassador
IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)
http://puluka.com/home
Original Message:
Sent: 10-02-2021 19:25
From: Unknown User
Subject: Routing between 2 bridge domains through IRBs issues... :(
I have an MX104 that I'm trying to route between two bridge domains through the IRB:
bridge-domains { QBypass { domain-type bridge; vlan-id 200; routing-interface irb.200; } grebd { domain-type bridge; vlan-id 624; routing-interface irb.624; }}interfaces { irb { unit 200 { family inet { mtu 1500; address 10.0.10.52/28; } } unit 624 { proxy-arp unrestricted; family inet { address 172.16.0.1/26; } } }}
IRB.200's address participates in OSPF and can be pinged by any other router in that area. Outside routers can also ping IRB.624's address.
Clients in the grebd bridge domain (who also have 172.16.0.0/26 addresses) can ping the irb.624 address: 17.16.0.1, and even the irb.200 address: 10.0.10.52, but are unable to ping anything beyond that. No outside routers can ping 172.16.0.0/26 clients.
I get the feeling that something is wrong with my routing, though the routes seem complete....
admin@mxr> show route protocol directinet.0: 382 destinations, 384 routes (382 active, 0 holddown, 0 hidden)+ = Active Route, - = Last Active, * = Both10.0.10.48/28 *[Direct/0] 01:42:57 > via irb.200172.16.0.0/26 *[Direct/0] 05:52:39 > via irb.624
Anything else I can try?