SRX

Hi, this seems very basic, however, I am needing some clarity on why I cannot peer OSPF between either in the following scenarios:

1. a pair of SRX4100s (one is a Chassis Cluster with reth and one is stand-alone with irb)

According to the diagram, layer 3 in scenario 1 is across a circuit (reth0.700 <--> irb.700)

2. above SRX Cluster and Cisco 6800 switch.

According to the diagram, layer 3 in scenario 2 is between reth0.800 and Vlan800, directly.

All devices show traceoptions/debug sending ospf.

All have matching mtu, and can ping the directly connected interfaces of the other host.

At Layer 2, the link between the SRX firewalls go via the C6800 switch.

Attachment(s)

ospf.txt   6 KB 1 version

Hi,

Which pair cannot establish ospf? It seems the ospf on vlan 800 is up. What is the status of the ospf on reth0.700?

show ospf neighbor

show ospf interface

Thanks

John

Thanks...so I did some digging, actually called JTAC, but they couldn't solve. Shortly after, I did notice mtu slightly off on the reth0 (not subinterface). That actually was it. Funny thing is that no one saw it.

DAL09-SRX-01a> show ospf neighbor instance CORE 
Address          Interface              State     ID               Pri  Dead
10.9.0.1         reth0.700              Full      10.0.0.10        128    30
10.9.0.17        reth0.800              Full      10.0.0.8           1    35

You can grab a pcap and witness the ospf hellos if you need deeper diagnostics but the best bet is to ignore ospf-mtu-mismatch on the cisco or adjust the mtu.

kfelix