SRX

 View Only
last person joined: yesterday 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.

  • 1.  Static routing options are not Working in SRX-5800 Chassis Cluster FW

    Posted 10-11-2020 23:31

    Hi,

    We deployed SRX-5800 in chassis-cluster mode

    1.Static routing options are not functioning in passive FW.

    2.GW next-hop is reachable.

    3.But in Active FW the static routes are working fine.

    Please find the configuration

    root@KL-CL3-P> show configuration routing-options

    static {

        route XX.XX.83.64/26 next-hop XX.XX.8.129;

        route XX.XX.10.13/32 next-hop XX.XX.8.129;

        route XX.XX.7.0/27 next-hop XX.XX.8.129;

        route XX.XX.10.5/32 next-hop XX.XX.8.129;

        route XX.XX.45.96/27 next-hop XX.XX.8.129;

        route XX.XX.225.0/24 next-hop XX.XX.8.129;

        route XX.XX.76.104/29 next-hop XX.XX.8.129;

        route XX.XX.15.0/24 next-hop XX.XX.8.129;

    }

     

    {secondary:node1}

    root@KL-CL3-P> ping XX.XX.8.129

    PING XX.XX.8.129 (XX.XX.8.129): 56 data bytes

    64 bytes from XX.XX.8.129: icmp_seq=0 ttl=64 time=0.562 ms

    ^C

    --- XX.XX.8.129 ping statistics ---

    1 packets transmitted, 1 packets received, 0% packet loss

    round-trip min/avg/max/stddev = 0.562/0.562/0.562/0.000 ms

     

    {secondary:node1}

    root@KL-CL3-P> traceroute XX.XX.76.105

    traceroute to XX.XX.76.105 (XX.XX.76.105), 30 hops max, 40 byte packets

     1  * * *

     2  * * *

     3  * * *

    ^C

    {secondary:node1}

    root@KL-CL3-P>



  • 2.  Re: Static routing options are not Working in SRX-5800 Chassis Cluster FW

    Posted 10-11-2020 23:55

    This is the expected behavior as the routing subsystem does not run on the passive node.

     

    To have the passive node being able to reach management/NMS systems, you utilize the backup-router statement as described in this techdoc: https://www.juniper.net/documentation/en_US/junos/topics/task/configuration/backup-router-configuring.html

     

    Please be aware that backup-router cannot handle a default route and you have to do something similar to what's described in this KB: https://kb.juniper.net/InfoCenter/index?page=content&id=KB15580

     



  • 3.  Re: Static routing options are not Working in SRX-5800 Chassis Cluster FW

    Posted 10-12-2020 00:56

    Hi Mr.

     

    root@KL-CL1-P> show configuration | match back
    backoff-threshold 2;
    backoff-factor 5;

    {secondary:node1}
    root@KL-CL1-P> show configuration | match Back
    backoff-threshold 2;
    backoff-factor 5;

    {secondary:node1}
    root@KL-CL1-P> ping XX.XX76.105
    PING XX.XX76.105 (XX.XX76.105): 56 data bytes
    64 bytes from XX.XX.76.105: icmp_seq=0 ttl=60 time=4.883 ms
    ^C
    --- XX.XX76.105 ping statistics ---
    1 packets transmitted, 1 packets received, 0% packet loss
    round-trip min/avg/max/stddev = 4.883/4.883/4.883/0.000 ms

    {secondary:node1}
    root@KL-CL1-P> traceroute XX.XX76.105
    traceroute to XX.XX76.105 (XX.XX76.105), 30 hops max, 40 byte packets
    1 XX.XX.8.139 (XX.XX.8.139) 0.621 ms 0.385 ms 0.400 ms
    2 XX.XX.2.45 (XX.XX.2.45) 3.738 ms 5.306 ms 6.133 ms
    3 XX.XX.2.46 (XX.XX.2.46) 4.912 ms 4.704 ms 4.878 ms
    4 XX.XX.76.105 (XX.XX76.105) 7.432 ms 5.546 ms 5.006 ms

    {secondary:node1}
    root@KL-CL1-P>