Switching

 View Only
last person joined: 2 days ago 

Ask questions and share experiences about EX and QFX portfolios and all switching solutions across your data center, campus, and branch locations.
  • 1.  Configuration archival using host n routing-instance

    Posted 10-05-2020 11:07

    Hi.

    I have two ex4600 that are running 18.4R3-S3 and I have activated the management routing-instance mgmt_junos.

    I have got it to work with RADIUS and SNMP without any issues, but when I'm trying to add archival of configuration using "transfer-on-commit" I draw a blank.

     

    There is a command that seemd to be promising:

    set system archival configuration routing-instance mgmt_junos

    But this seems to have no affect.

     

    When ever I try to add the archival site the following command:

    set system archival configuration archive-sites scp://networkEQ@172.xxx.xxx.xxx/ password "xxxx" 

    I get the following error message: "ssh: connect to host 172.xxx.xxx.xxx port 22: No route to host".

     

    I'm able to ping the SCP server using "ping 172.xxx.xxx.xxx routing-instance mgmt_junos", so the routing is working as expected.

     

    Have someone managed to get this to work?

     

    Best regards,

    Johan Christensson



  • 2.  Re: Configuration archival using host n routing-instance
    Best Answer

    Posted 10-05-2020 11:18

    The archival feature has (sadly) not been ported to support routing-instances.

     

    Only way to make this work is to have the route leaked into inet.0 so a lookup for the destination can be done.

    Alternately you need an external system which can connect to the IP in mgmt_junos and extract the configuration at regular intervals.



  • 3.  Re: Configuration archival using host n routing-instance

    Posted 10-07-2020 01:57

    Thanks for the quick reply.
    So, the setting "system archive configuration routing-instance" basically doesn’t so anything then?

    So what would be my best strategy here? The reason I activated the "management-instance" was because I have these two switches setup in a MC-LAG using the vlan approach, and I wanted to separate the management from the ICL/ICCP traffic.
    Should I have gone the other way around instead? Put the ICL/ICCP in a separate routing-instance, or maybe better yet, put each of them in their own routing-instance?

     

    Best regards,
    Johan Christensson

     



  • 4.  RE: Re: Configuration archival using host n routing-instance

    Posted 03-25-2021 08:44
    Edited by ROGER WIKLUND 06-04-2021 05:40
    Hi

    Actually, archival in mgmt_junos works using SCP but there's a quirk you need to work around.
    There's no need to leak em0 from mgmt_junos to inet.0.

    Config:
    set system archival configuration transfer-on-commit
    set system archival configuration routing-instance mgmt_junos
    set system archival configuration archive-sites scp://user@172.30.101.12:/home/user password <password>

    When you add the last line, Junos will try and connect to the host to accept the SSH key, this will fail with no route to host.

    If you manually add the ssh host key it will work just fine.
    set security ssh-known-hosts host 172.30.101.12 <host-key-type> <host-key>

    One comment as you're running MC-LAG, backup-liveness-detection via OOB doesn't work with mgmt_junos, for that use case you need to leak interface-routes from mgmt_junos to inet.0 for it to work.

    Regards
    Roger

    ------------------------------
    ROGER WIKLUND
    ------------------------------