Switching

Hi! We have two VLANs (10.16.11.1/24 and 10.16.12.1/24), and we are doing inter vlan routing. The inter vlan works as expected.

The problem is the gateway, which is at 10.16.11.3, and this is an external device, with only the 10.16.11.1/24 network configured. Now, if we set the default route to 10.16.11.3, only the 10.16.11.1/24 network will have access to it.

How can we reach that gateway from the network 10.16.12.1/24?

So, 10.16.11.3 is some other router.  Does it know how to reach 10.16.12.0?  10.16.12.0 knows how to reach rest of the world via default static route pointing to 10.16.11.3, but 10.16.11.3 also needs to know how to get back to 10.16.12.0.  Your internal VLAN routing of the switch allows 10.16.11.1 to know how to reach 10.16.12.0 (via 10.16.12.1) but that does not mean 10.16.11.3 (external router) knows the same.

I assume 10.16.12.0 or 10.16.20.1 knows how to reach 10.16.11.3, but not the other way around.  It is the replies that are lost.

YES?

Hi,

10.16.11.3 (yes, some other router) does not know how to reach 10.16.12.0.

Is it possible to use 10.16.11.1 on our switch as a proxy or something, or do we just have to reconfigure the external router so it can find 10.16.12.0?

The feature that would allow this to work without changing the routes on the 10.16.11.3 upstream router is NAT (network address translation).  But this is only supported on the SRX and MX not on the EX series.

And even then the best solution is to add the route to 10.16.11.3.

I would think Proxy ARP should do the trick.  You would enable it within the IRB associated with 10.16.11.1, and support should be there for EX4300.  See:

https://www.juniper.net/documentation/en_US/junos/topics/concept/port-security-qfx-series-proxy-arp-understanding.html

Good luck!

No, proxy arp allows an ip address inside a given subnet to respond to layer 2 arp requests on behalf of other ip addresses INSIDE THAT SAME SUBNET.  It will not allow you to respond to requests for another subnet.

Further the upstream router would still have no idea that the unknow subnet exists here and needs a route back to support that connection.

And finally proxy-arp is also not supported on the ex platform anyway.

Hi,

we actually have another route now that we can use (10.16.12.2). Can we use two different static routes, does this require virtual routing instances? We can only ping 10.16.12.2 from our 10.16.12.0 netowork, and 10.16.11.3 from our 10.16.11.0 network.

I am not sure what the topology is based on the posts here.  I think you have an upstream router with at least the default gateway for one subnet.

And now you have added a second to that upstream router? 

Plus you have RVI on the ex to allow the 3? subnets here to communicate with each other?

So from a routing view the upstream router has direct routes for those two networks and would need a route added to reach the 3rd via a route to the RVI on the ex for one of these configured subnets. Then potentially then share that route wiht other upstream devices on the nework so that subnet has reachability.

On the ex you would create the RVI for all three subnets to communicate.  And add a default route to one of the upstream router addresses to reach the rest of the network.