SRX

 View Only
last person joined: 3 days ago 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.
Back to discussions
Expand all | Collapse all

SRX does not send router advertisement on reth interface

  • 1.  SRX does not send router advertisement on reth interface

    Posted 08-28-2017 09:14

    Hello, we have srx210he2 operating in chassis cluster and would like to provide ipv6 access for our local network.
    Here is configuration:

    Spoiler
    admin@GW0# run show version 
node0:
--------------------------------------------------------------------------
Hostname: GW0
Model: srx210he2
JUNOS Software Release [12.1X46-D65.4]

node1:
--------------------------------------------------------------------------
Hostname: GW1
Model: srx210he2
JUNOS Software Release [12.1X46-D65.4]
    Local network interface:
    admin@GW0> show configuration interfaces reth0 unit 10 
vlan-id 10;
family inet {
    address 10.200.0.1/24;
}
family inet6 {
    /* some prefix here */
    address 2fff:ffff:0003:0001::1/64;
}
    RA config:
    admin@GW0# show protocols router-advertisement
traceoptions {
    file ra_trace size 10m files 2;
    flag all;
}
interface reth0.10 {
    /* some prefix here */
    prefix 2fff:ffff:3:1::/64 {
        on-link;
        autonomous;
    }
}
/* for demonstration */
interface gr-0/0/0.3 {
    /* some prefix here */
    prefix 2fff:ffff::/126 {
        on-link;
        autonomous;
    }
}

    Security zone with local net interface:

    admin@GW0# show security zones security-zone ADMIN-NET 
interfaces {
    reth0.10 {
        host-inbound-traffic {
            system-services {
                dhcp;
                ping;
                ssh;
                dns;
                traceroute;
                snmp;
                /* allowed all for troubleshooting */
                all;
            }
            protocols {
                all;
            }
        }
    }
}

    IPv6 forwarding enabled:

    admin@GW0# run show security flow status 
node0:
--------------------------------------------------------------------------
Flow forwarding mode:
Inet forwarding mode: flow based
Inet6 forwarding mode: flow based
MPLS forwarding mode: drop
ISO forwarding mode: drop
Flow trace status
Flow tracing status: off
Flow session distribution
Distribution mode: RR-based
Flow ipsec performance acceleration: off
Flow packet ordering
Ordering mode: Hardware
node1:
--------------------------------------------------------------------------
Flow forwarding mode:
Inet forwarding mode: flow based
Inet6 forwarding mode: flow based
MPLS forwarding mode: drop
ISO forwarding mode: drop
Flow trace status
Flow tracing status: off
Flow session distribution
Distribution mode: RR-based
Flow ipsec performance acceleration: off
Flow packet ordering
Ordering mode: Hardware

    Problem:

    However we encountered this problem:

    • no RA on reth0.10
      Spoiler
      admin@GW0> show ipv6 router-advertisement 
Interface: gr-0/0/0.3
  Advertisements sent: 3, last sent 00:02:55 ago
  Solicits received: 0
  Advertisements received: 0
    • tracing shows this:
      Spoiler
      Aug 23 08:50:06 trace_on: Tracing to "/var/log/ra_trace" started
Aug 23 08:50:07.038105 background dispatch running job ipv6_ra_delete_interface_config_job for task Router-Advertisement
Aug 23 08:50:07.039123 task_job_delete: delete background job ipv6_ra_delete_interface_config_job for task Router-Advertisement
Aug 23 08:50:07.039283 background dispatch completed job ipv6_ra_delete_interface_config_job for task Router-Advertisement
Aug 23 08:50:07.132345 ipv6_ra_ifachange(Router-Advertisement): ifa 0x159d324 (null) ifl st0.0 101 change 0, intf 0x0
Aug 23 08:50:07.132643 -- nochange/add
Aug 23 08:50:07.136214 ipv6_ra_ifachange(Router-Advertisement): ifa 0x17326d4 fe80::120e:7e0f:fcd6:56c0 ifl st0.0 101 change 0, intf 0x0
Aug 23 08:50:07.136357 -- nochange/add
Aug 23 08:50:07.139257 ipv6_ra_ifachange(Router-Advertisement): ifa 0x159d3b0 2fff:ffff::e ifl st0.0 101 change 0, intf 0x0
Aug 23 08:50:07.139392 -- nochange/add
Aug 23 08:50:07.161105 ipv6_ra_ifachange(Router-Advertisement): ifa 0x159d4c8 (null) ifl gr-0/0/0.1 106 change 0, intf 0x0
Aug 23 08:50:07.161278 -- nochange/add
Aug 23 08:50:07.171788 ipv6_ra_ifachange(Router-Advertisement): ifa 0x159d5e0 fe80::120e:7e00:d6:56c0 ifl gr-0/0/0.1 106 change 0, intf 0x0
Aug 23 08:50:07.172010 -- nochange/add
Aug 23 08:50:07.174639 ipv6_ra_ifachange(Router-Advertisement): ifa 0x159d554 2fff:ffff::6 ifl gr-0/0/0.1 106 change 0, intf 0x0
Aug 23 08:50:07.175023 -- nochange/add
Aug 23 08:50:07.177596 ipv6_ra_ifachange(Router-Advertisement): ifa 0x159d66c (null) ifl gr-0/0/0.2 107 change 0, intf 0x0
Aug 23 08:50:07.177782 -- nochange/add
Aug 23 08:50:07.180520 ipv6_ra_ifachange(Router-Advertisement): ifa 0x159d784 fe80::120e:7e00:d6:56c0 ifl gr-0/0/0.2 107 change 0, intf 0x0
Aug 23 08:50:07.180656 -- nochange/add
Aug 23 08:50:07.183738 ipv6_ra_ifachange(Router-Advertisement): ifa 0x159d6f8 2fff:ffff::a ifl gr-0/0/0.2 107 change 0, intf 0x0
Aug 23 08:50:07.184153 -- nochange/add
Aug 23 08:50:07.187611 ipv6_ra_ifachange(Router-Advertisement): ifa 0x159d810 (null) ifl gr-0/0/0.3 108 change 0, intf 0x0
Aug 23 08:50:07.187781 -- nochange/add
Aug 23 08:50:07.190524 ipv6_ra_ifachange(Router-Advertisement): ifa 0x159d928 fe80::120e:7e00:d6:56c0 ifl gr-0/0/0.3 108 change 0, intf 0x0
Aug 23 08:50:07.190659 -- nochange/add
Aug 23 08:50:07.190792 ipv6_ra_ifachange: tracking new interface 108
Aug 23 08:50:07.190903 Create intf 0x15b8174 idx 108
Aug 23 08:50:07.191080 task_timer_ucreate: created timer Router-Advertisement_ipv6ra  flags <>
Aug 23 08:50:07.191244 task_timer_reset: reset Router-Advertisement_ipv6ra
Aug 23 08:50:07.191385 task_timer_set_oneshot_latest: timer Router-Advertisement_ipv6ra interval set to 16
Aug 23 08:50:07.199142 ipv6_ra_ifachange(Router-Advertisement): ifa 0x159d89c 2fff:ffff::2 ifl gr-0/0/0.3 108 change 0, intf 0x15b8174
Aug 23 08:50:07.199336 -- nochange/add
Aug 23 08:50:23.192374 task_job_create_foreground: create job ipv6 ra for task Router-Advertisement
Aug 23 08:50:23.193003 foreground dispatch running job ipv6 ra for task Router-Advertisement
Aug 23 08:50:23.193122 ipv6_ra_send_advertisement: sending advertisement for ifl 108 to ff02::1
Aug 23 08:50:23.193380 (1611550) sending advertisement for ifl 108
Aug 23 08:50:23.193684 	ifa 0x159d89c 2fff:ffff::2/126
Aug 23 08:50:23.194239 	--> sent 72 bytes
Aug 23 08:50:23.194401 task_timer_reset: reset Router-Advertisement_ipv6ra
Aug 23 08:50:23.194524 task_timer_set_oneshot_latest: timer Router-Advertisement_ipv6ra interval set to 16
Aug 23 08:50:23.194628 foreground dispatch completed job ipv6 ra for task Router-Advertisement
Aug 23 08:50:39.193754 task_job_create_foreground: create job ipv6 ra for task Router-Advertisement
Aug 23 08:50:39.194377 foreground dispatch running job ipv6 ra for task Router-Advertisement
Aug 23 08:50:39.194491 ipv6_ra_send_advertisement: sending advertisement for ifl 108 to ff02::1
Aug 23 08:50:39.194616 (1611566) sending advertisement for ifl 108
Aug 23 08:50:39.194893 	ifa 0x159d89c 2fff:ffff::2/126
Aug 23 08:50:39.196789 	--> sent 72 bytes
Aug 23 08:50:39.197009 task_timer_reset: reset Router-Advertisement_ipv6ra
Aug 23 08:50:39.197139 task_timer_set_oneshot_latest: timer Router-Advertisement_ipv6ra interval set to 16
Aug 23 08:50:39.197220 foreground dispatch completed job ipv6 ra for task Router-Advertisement
Aug 23 08:50:55.195969 task_job_create_foreground: create job ipv6 ra for task Router-Advertisement
Aug 23 08:50:55.196596 foreground dispatch running job ipv6 ra for task Router-Advertisement
Aug 23 08:50:55.196707 ipv6_ra_send_advertisement: sending advertisement for ifl 108 to ff02::1
Aug 23 08:50:55.196993 (1611582) sending advertisement for ifl 108
Aug 23 08:50:55.197288 	ifa 0x159d89c 2fff:ffff::2/126
Aug 23 08:50:55.197866 	--> sent 72 bytes
Aug 23 08:50:55.198073 task_timer_reset: reset Router-Advertisement_ipv6ra
Aug 23 08:50:55.198220 task_timer_set_oneshot_latest: timer Router-Advertisement_ipv6ra interval set to 4:46
Aug 23 08:50:55.198425 foreground dispatch completed job ipv6 ra for task Router-Advertisement
    • tcpdump from local net shows that host tries to resolve default gateway address to mac address but it doesn't receive responces from router
      Spoiler
      12:03:11.071818 IP6 2fff:ffff:3:1::121 > ff02::1:ff00:1: ICMP6, neighbor solicitation, who has 2fff:ffff:3:1::1, length 32
12:03:12.106194 IP6 2fff:ffff:3:1::121 > ff02::1:ff00:1: ICMP6, neighbor solicitation, who has 2fff:ffff:3:1::1, length 32
12:03:13.126298 IP6 2fff:ffff:3:1::121 > ff02::1:ff00:1: ICMP6, neighbor solicitation, who has 2fff:ffff:3:1::1, length 32
12:03:14.150339 IP6 2fff:ffff:3:1::121 > ff02::1:ff00:1: ICMP6, neighbor solicitation, who has 2fff:ffff:3:1::1, length 32
    • At the same time another srx chassis cluster with lower junos version works properly:
      Spoiler
      admin@GW11# run show version
node0:
--------------------------------------------------------------------------
Hostname: GW11
Model: srx210he2
JUNOS Software Release [12.1X44-D40.2]

node1:
--------------------------------------------------------------------------
Hostname: GW12
Model: srx210he2
JUNOS Software Release [12.1X44-D40.2]

admin@GW11# show interfaces reth0 unit 10 
vlan-id 10;
family inet {
    address 10.201.10.1/24;
}
family inet6 {
    address 2fff:ffff:33:11::1/64;
}

admin@GW11# run show ipv6 router-advertisement 
Interface: reth0.10
  Advertisements sent: 1, last sent 00:00:06 ago
  Solicits received: 0
  Advertisements received: 0

admin@GW11# run show log ra_trace 
Aug 23 09:10:36 trace_on: Tracing to "/var/log/ra_trace" started
Aug 23 09:10:36.670047 background dispatch running job ipv6_ra_delete_interface_config_job for task Router-Advertisement
Aug 23 09:10:36.670254 task_job_delete: delete background job ipv6_ra_delete_interface_config_job for task Router-Advertisement
Aug 23 09:10:36.670389 background dispatch completed job ipv6_ra_delete_interface_config_job for task Router-Advertisement
Aug 23 09:10:37.778802 ipv6_ra_ifachange(Router-Advertisement): ifa 0x168520c 2fff:ffff:33:11::1 ifl reth0.10 70 change 2, intf 0x0
Aug 23 09:10:37.779455 -- nochange/add
Aug 23 09:10:37.779572 ipv6_ra_ifachange: tracking new interface 70
Aug 23 09:10:37.779672 Create intf 0x166806c idx 70
Aug 23 09:10:37.779830 task_timer_ucreate: created timer Router-Advertisement_ipv6ra  flags <>
Aug 23 09:10:37.779960 task_timer_reset: reset Router-Advertisement_ipv6ra
Aug 23 09:10:37.780115 task_timer_set_oneshot_latest: timer Router-Advertisement_ipv6ra interval set to 16
Aug 23 09:10:37.856127 ipv6_ra_ifachange(Router-Advertisement): ifa 0x1685180 fe80::210:db00:aff:1000 ifl reth0.10 70 change 2, intf 0x166806c
Aug 23 09:10:37.856323 -- nochange/add
Aug 23 09:10:53.779946 task_job_create_foreground: create job ipv6 ra for task Router-Advertisement
Aug 23 09:10:53.780688 foreground dispatch running job ipv6 ra for task Router-Advertisement
Aug 23 09:10:53.780971 ipv6_ra_send_advertisement: sending advertisement for ifl 70 to ff02::1
Aug 23 09:10:53.781123 (17712540) sending advertisement for ifl 70
Aug 23 09:10:53.781422 	ifa 0x168520c 2fff:ffff:33:11::1/64
Aug 23 09:10:53.781967 	--> sent 56 bytes
Aug 23 09:10:53.782126 task_timer_reset: reset Router-Advertisement_ipv6ra
Aug 23 09:10:53.782242 task_timer_set_oneshot_latest: timer Router-Advertisement_ipv6ra interval set to 16
Aug 23 09:10:53.782347 foreground dispatch completed job ipv6 ra for task Router-Advertisement
Aug 23 09:11:09.782707 task_job_create_foreground: create job ipv6 ra for task Router-Advertisement
Aug 23 09:11:09.783494 foreground dispatch running job ipv6 ra for task Router-Advertisement
Aug 23 09:11:09.783740 ipv6_ra_send_advertisement: sending advertisement for ifl 70 to ff02::1
Aug 23 09:11:09.783931 (17712556) sending advertisement for ifl 70
Aug 23 09:11:09.784355 	ifa 0x168520c 2fff:ffff:33:11::1/64
Aug 23 09:11:09.785127 	--> sent 56 bytes
Aug 23 09:11:09.785284 task_timer_reset: reset Router-Advertisement_ipv6ra
Aug 23 09:11:09.785404 task_timer_set_oneshot_latest: timer Router-Advertisement_ipv6ra interval set to 16
Aug 23 09:11:09.785812 foreground dispatch completed job ipv6 ra for task Router-Advertisement
Aug 23 09:11:25.785646 task_job_create_foreground: create job ipv6 ra for task Router-Advertisement
Aug 23 09:11:25.786335 foreground dispatch running job ipv6 ra for task Router-Advertisement
Aug 23 09:11:25.786787 ipv6_ra_send_advertisement: sending advertisement for ifl 70 to ff02::1
Aug 23 09:11:25.786991 (17712572) sending advertisement for ifl 70
Aug 23 09:11:25.787337 	ifa 0x168520c 2fff:ffff:33:11::1/64
Aug 23 09:11:25.788355 	--> sent 56 bytes
Aug 23 09:11:25.788624 task_timer_reset: reset Router-Advertisement_ipv6ra
Aug 23 09:11:25.788782 task_timer_set_oneshot_latest: timer Router-Advertisement_ipv6ra interval set to 6:17
Aug 23 09:11:25.788962 foreground dispatch completed job ipv6 ra for task Router-Advertisement
    • However it does not even have ipv6 forwarding enabled:
      Spoiler
      admin@GW11# run show security flow status 
node0:
--------------------------------------------------------------------------
  Flow forwarding mode:
    Inet forwarding mode: flow based
    Inet6 forwarding mode: drop
    MPLS forwarding mode: drop
    ISO forwarding mode: drop
  Flow trace status
    Flow tracing status: off
  Flow session distribution
    Distribution mode: RR-based

node1:
--------------------------------------------------------------------------
  Flow forwarding mode:
    Inet forwarding mode: flow based
    Inet6 forwarding mode: drop
    MPLS forwarding mode: drop
    ISO forwarding mode: drop
  Flow trace status
    Flow tracing status: off
  Flow session distribution
    Distribution mode: RR-based


  • 2.  RE: SRX does not send router advertisement on reth interface
    Best Answer

    Posted 09-01-2017 05:22

    Upgrade to 12.3X48-D50.6 solved the issue.