SRX

 View Only

IMPORTANT MODERATION NOTICE

This community is currently under full moderation, meaning  all posts will be reviewed before appearing in the community. Please expect a brief delay—there is no need to post multiple times. If your post is rejected, you'll receive an email outlining the reason(s). We've implemented full moderation to control spam. Thank you for your patience and participation.



  • 1.  Route Leaking using Instance Import - not able to ping static routes and switchport vlan host

    This message was posted by a user wishing to remain anonymous
    Posted 03-21-2022 05:30
    This message was posted by a user wishing to remain anonymous

    Hi Team, 

    I am having some issue route leaking between 2 VRFs. 
    All directly connected devices are showing on both routing table of the 2 VRF but not the switchport/vlan20 host and static routes. 
    I have used RIB at the beginning but no success so decided to use instance import.
    Here is my config below. Thanks in advance. 



    SRX 1500 config:
    set interfaces ge-0/0/1 unit 0 family inet address 192.168.10.1/24
    set interfaces ge-0/0/2 unit 0 family ethernet-switching interface-mode access
    set interfaces ge-0/0/2 unit 0 family ethernet-switching vlan members VLAN20
    set interfaces ge-0/0/3 unit 0 family ethernet-switching interface-mode access
    set interfaces ge-0/0/3 unit 0 family ethernet-switching vlan members VLAN20
    set interfaces irb unit 20 description "Switchport VLAN20"
    set interfaces irb unit 20 family inet address 192.168.50.1/24
    set vlans VLAN20 description "Switchport VLAN20"
    set vlans VLAN20 vlan-id 20
    set vlans VLAN20 l3-interface irb.20
    set vlans vlan-trust vlan-id 3
    set vlans vlan-trust l3-interface irb.0
    set security zones security-zone SOC01-TRUST interfaces ge-0/0/1.0 host-inbound-traffic system-services all
    set security zones security-zone SOC01-TRUST interfaces ge-0/0/1.0 host-inbound-traffic system-services ping
    set security zones security-zone SOC02-TRUST interfaces irb.20 host-inbound-traffic system-services all
    set security zones security-zone SOC02-TRUST interfaces irb.20 host-inbound-traffic system-services ping
    set routing-options instance-import SOC01-to-SOC02
    set policy-options policy-statement SOC01-to-SOC02 term 1 from protocol static
    set policy-options policy-statement SOC01-to-SOC02 term 1 from route-filter 172.0.0.0/24 orlonger 
    set policy-options policy-statement SOC01-to-SOC02 term 1 then accept
    set policy-options policy-statement SOC01-to-SOC02 from instance SOC01
    set policy-options policy-statement SOC01-to-SOC02 then accept
    set policy-options policy-statement SOC02-to-SOC01 term t1 from instance SOC02
    set policy-options policy-statement SOC02-to-SOC01 term t1 from route-filter 192.168.50.1/24 orlonger
    set policy-options policy-statement SOC02-to-SOC01 term t1 then accept
    set policy-options policy-statement SOC02-to-SOC01 term t2 then reject
    set policy-options policy-statement SOC02-to-SOC01 from instance SOC02
    set policy-options policy-statement SOC02-to-SOC01 then accept
    set routing-instances SOC01 instance-type virtual-router
    set routing-instances SOC01 interface ge-0/0/1.0
    set routing-instances SOC01 routing-options static route 172.31.139.0/24 next-hop 172.31.131.17
    set routing-instances SOC01 routing-options static route 172.31.135.0/24 next-hop 172.31.131.17
    set routing-instances SOC01 routing-options instance-import SOC02-to-SOC01
    set routing-instances SOC02 instance-type virtual-router
    set routing-instances SOC02 interface irb.20
    set routing-instances SOC02 routing-options instance-import SOC01-to-SOC02

    ==== Ping ====
    c4iadmin> ping routing-instance SOC01 192.168.50.1
    PING 192.168.50.1 (192.168.50.1): 56 data bytes
    64 bytes from 192.168.50.1: icmp_seq=0 ttl=64 time=0.195 ms
    64 bytes from 192.168.50.1: icmp_seq=1 ttl=64 time=0.558 ms
    64 bytes from 192.168.50.1: icmp_seq=2 ttl=64 time=0.142 ms
    ^C
    --- 192.168.50.1 ping statistics ---
    3 packets transmitted, 3 packets received, 0% packet loss
    round-trip min/avg/max/stddev = 0.142/0.298/0.558/0.185 ms

    c4iadmin> ping routing-instance SOC01 192.168.10.1
    PING 192.168.10.1 (192.168.10.1): 56 data bytes
    64 bytes from 192.168.10.1: icmp_seq=0 ttl=64 time=0.189 ms
    64 bytes from 192.168.10.1: icmp_seq=1 ttl=64 time=0.142 ms
    64 bytes from 192.168.10.1: icmp_seq=2 ttl=64 time=0.171 ms
    ^C
    --- 192.168.10.1 ping statistics ---
    3 packets transmitted, 3 packets received, 0% packet loss
    round-trip min/avg/max/stddev = 0.142/0.167/0.189/0.019 ms

    c4iadmin> ping routing-instance SOC02 192.168.10.1
    PING 192.168.10.1 (192.168.10.1): 56 data bytes
    64 bytes from 192.168.10.1: icmp_seq=0 ttl=64 time=0.188 ms
    64 bytes from 192.168.10.1: icmp_seq=1 ttl=64 time=0.141 ms
    64 bytes from 192.168.10.1: icmp_se^C
    --- 192.168.10.1 ping statistics ---
    3 packets transmitted, 3 packets received, 0% packet loss
    round-trip min/avg/max/stddev = 0.141/0.170/0.188/0.021 ms
    c4iadmin> ping routing-instance SOC02 192.168.50.1
    PING 192.168.50.1 (192.168.50.1): 56 data bytes
    64 bytes from 192.168.50.1: icmp_seq=0 ttl=64 time=0.190 ms
    64 bytes from 192.168.50.1: icmp_seq=1 ttl=64 time=0.170 ms
    ^C
    --- 192.168.50.1 ping statistics ---
    2 packets transmitted, 2 packets received, 0% packet loss
    round-trip min/avg/max/stddev = 0.170/0.180/0.190/0.010 ms
    ===== route table ======
    admin> show route terse

    inet.0: 9 destinations, 9 routes (9 active, 0 holddown, 0 hidden)
    + = Active Route, - = Last Active, * = Both

    A V Destination        P Prf   Metric 1   Metric 2  Next hop        AS path
    * ? 1.0.0.1/32         L   0                        Reject
    * ? 1.0.0.2/32         L   0                        Reject
    * ? 172.16.251.184/32  L   0                        Reject
    * ? 172.31.131.25/32   L   0                        Reject
    * ? 192.168.1.1/32     L   0                        Reject
    * ? 192.168.10.0/24    D   0                       >ge-0/0/1.0
    * ? 192.168.10.1/32    L   0                        Local
    * ? 192.168.40.1/32    D   0                       >lo0.10
    * ? 192.168.251.1/32   L   0                        Reject

    SOC01.inet.0: 4 destinations, 4 routes (4 active, 0 holddown, 0 hidden)
    + = Active Route, - = Last Active, * = Both

    A V Destination        P Prf   Metric 1   Metric 2  Next hop        AS path
    * ? 192.168.10.0/24    D   0                       >ge-0/0/1.0
    * ? 192.168.10.1/32    L   0                        Local
    * ? 192.168.40.1/32    D   0                       >lo0.10
    * ? 192.168.50.1/32    L   0                        Local

    SOC02.inet.0: 5 destinations, 5 routes (5 active, 0 holddown, 0 hidden)
    + = Active Route, - = Last Active, * = Both

    A V Destination        P Prf   Metric 1   Metric 2  Next hop        AS path
    * ? 192.168.10.0/24    D   0                       >ge-0/0/1.0
    * ? 192.168.10.1/32    L   0                        Local
    * ? 192.168.40.1/32    D   0                       >lo0.10
    * ? 192.168.50.0/24    D   0                       >irb.20
    * ? 192.168.50.1/32    L   0                        Local

    c4iadmin> show arp no-resolve
    MAC Address       Address         Interface         Flags
    3c:52:82:4b:45:87 192.168.10.9    ge-0/0/1.0               none
    cc:52:af:3d:dc:8e 192.168.50.10   irb.20                   none
    Total entries: 2
    Unable to ping the host 192.168.50.10
    admin> ping routing-instance SOC02 192.168.50.10
    PING 192.168.50.10 (192.168.50.10): 56 data bytes
    ^C
    --- 192.168.50.10 ping statistics ---
    4 packets transmitted, 0 packets received, 100% packet loss

    admin> ping routing-instance SOC01 192.168.50.10
    PING 192.168.50.10 (192.168.50.10): 56 data bytes
    ping: sendto: No route to host
    ping: sendto: No route to host
    ^C
    --- 192.168.50.10 ping statistics ---
    2 packets transmitted, 0 packets received, 100% packet loss


  • 2.  RE: Route Leaking using Instance Import - not able to ping static routes and switchport vlan host

     
    Posted 03-21-2022 05:54
    Not sure if this is the cause, but generally Junos requires that subnets be declared from the first address and not any within it.
    So 192.168.50.1/24  should be 192.168.50.0/24 on the filter.

    ------------------------------
    Steve Puluka BSEET - Juniper Ambassador
    IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)
    http://puluka.com/home
    ------------------------------



  • 3.  RE: Route Leaking using Instance Import - not able to ping static routes and switchport vlan host

    Posted 03-23-2022 09:22
    thanks I have tried that prior to posting here but still not working for me.

    ------------------------------
    Allen Amarante
    ------------------------------