Routing

Hi All,

I am struggling being able to configure the irb on my MX104 to be able to ping across to my reth on my SRX240H2.
See the following configurations, but do note that since I am building this out in my lab, there is only one uplink in the reth and irb at this time.
MX Config

root> show configuration bridge-domains
srx240 {
domain-type bridge;
vlan-id 100;
interface ge-0/1/0.0;
routing-interface irb.0;
}
irb {
mtu 1500;
unit 0 {
family inet {
address 10.38.38.1/24;
}
}
}
ge-0/1/0 {
encapsulation ethernet-bridge;
unit 0 {
family bridge;
}
}

SRX Configuration

redundancy-group 2 {
node 0 priority 100;
node 1 priority 1;
}
root@lab-srx-01-a> show configuration interfaces reth2
redundant-ether-options {
redundancy-group 2;
}
unit 0 {
family inet {
mtu 1500;
sampling {
input;
output;
}
address 10.38.38.65/24;
}
}

root@lab-srx-01-a> show configuration security zones security-zone trust
host-inbound-traffic {
system-services {
all;
}
protocols {
all;
}
}
interfaces {
reth2.0 {
host-inbound-traffic {
system-services {
all;
}
protocols {
all;
}
}
}
ge-1/0/0 {
gigether-options {
redundant-parent reth2;
}
}

I am unable to get the reth to show as up, showing interfaces terse shows the reth as down. When I configure each interface as a layer 3 interface, it works fine, I seem to be missing something.

 

Thanks in advance for any help you can provide. 

Hello,

RETH is not supported on standalone SRX. You have to have a SRX cluster built first.

HTH

Thx
Alex

Hi Alex,

 

Thanks for the response.

 

 

The reth is indeed configured on an SRX cluster. I was under the impression I could deploy a reth on a cluster with a single physical interface in the reth. Is this not the case?

 

Thomas 

In case this is needed: 

 

MX version: 

root> show version
Model: mx104
Junos: 13.3R1.8
JUNOS Base OS boot [13.3R1.8]
JUNOS Base OS Software Suite [13.3R1.8]
JUNOS Kernel Software Suite [13.3R1.8]
JUNOS Packet Forwarding Engine Support (MX104) [13.3R1.8]
JUNOS Online Documentation [13.3R1.8]
JUNOS Services Application Level Gateways [13.3R1.8]
JUNOS Services Jflow Container package [13.3R1.8]
JUNOS Services Stateful Firewall [13.3R1.8]
JUNOS Services NAT [13.3R1.8]
JUNOS Services RPM [13.3R1.8]
JUNOS Routing Software Suite [13.3R1.8]

 

 

SRX version:

 

root@lab-srx-01-a> show version
node0:
--------------------------------------------------------------------------
Model: srx240h
JUNOS Software Release [12.1X46-D67]

node1:
--------------------------------------------------------------------------
Model: srx240h
JUNOS Software Release [12.1X46-D67]

Have you configured reth-count using command,
"set chassis cluster reth-count 15"..

Also, if you configure and still it is not working, you add following command..

"set interfaces reth2 redundant-ether-options minimum-links 1"..

However, i do suggest to share the full configuration to troubleshoot further..

Hi,

I have my reth-count set and the minimum links set, reth2 interface is still down.

 

See the rest of my configuration:

 

MX

chassis {
    redundancy {
        routing-engine 0 master;
        routing-engine 1 backup;
        graceful-switchover;
    }
    aggregated-devices {
        ethernet {
            device-count 2;
        }
    }
    network-services enhanced-ip;
}
interfaces {
    ge-0/0/0 {
        gigether-options {
            802.3ad ae0;
        }
    }
    ge-0/1/0 {
        encapsulation ethernet-bridge;
        unit 0 {
            family bridge;
        }
    }
    ge-1/0/1 {
        encapsulation ethernet-bridge;
        unit 0 {
            family bridge;
        }
    }
    ae0 {
        aggregated-ether-options {
            minimum-links 1;
        }
        unit 0 {
            family inet {
                address 169.254.254.6/30;
            }
        }
    }
    irb {
        mtu 1500;
        unit 0 {
            family inet {
                address 10.38.38.1/24;
            }
        }
    }
}
forwarding-options {
    sampling {
        input {
            rate 1024;
        }
        family inet {
            output {
                flow-server 10.3.8.7 {
                    port 2055;
                    source-address 10.1.3.1;
                    version 5;
                }
            }
        }
    }
}
routing-options {
    nonstop-routing;
    autonomous-system 40692;
}
bridge-domains {
    srx345 {
        domain-type bridge;
        vlan-id 100;
        interface ge-0/1/0.0;
        interface ge-1/0/1.0;
        routing-interface irb.0;
        bridge-options {
            interface ge-1/0/1.0;
        }
    }
}

SRX:

chassis {
    cluster {
        reth-count 5;
        redundancy-group 0 {
            node 0 priority 100;
            node 1 priority 1;
        }
        redundancy-group 1 {
            node 0 priority 100;
            node 1 priority 1;
        }
        redundancy-group 2 {
            node 0 priority 100;
            node 1 priority 1;
        }
        redundancy-group 3 {
            node 0 priority 100;
            node 1 priority 1;
            interface-monitor {
                ge-0/0/5 weight 255;
                ge-5/0/5 weight 255;
            }
        }
    }
}
interfaces {
    ge-1/0/0 {
        gigether-options {
            redundant-parent reth2;
        }
    }
    fab1 {
        fabric-options {
            member-interfaces {
                ge-5/0/2;
            }
        }
    }
    lo0 {
        unit 1 {
            family inet {
                address 172.16.0.65/32;
            }
        }
    }
    reth2 {
        redundant-ether-options {
            redundancy-group 2;
            minimum-links 1;
        }
        unit 0 {
            family inet {
                address 10.38.38.65/24;
            }
        }
    }
}
routing-options {
    static {
        route 0.0.0.0/0 {
            next-hop 96.120.27.5;
            preference 1;
        }
    }
    router-id 172.16.0.65;
}
    policies {
        from-zone trust to-zone trust {
            policy any {
                match {
                    source-address any;
                    destination-address any;
                    application any;
                }
                then {
                    permit;
                }
            }
            policy trust-to-trust {
                match {
                    source-address any;
                    destination-address any;
                    application any;
                }
                then {
                    permit;
                }
            }
        }
        from-zone trust to-zone untrust {
            policy trust-to-internet {
                match {
                    source-address any;
                    destination-address any;
                    application any;
                }
                then {
                    permit {
                        application-services {
                            idp;
                            utm-policy junos-av-policy;
                        }
                    }
                    log {
                        session-init;
                        session-close;
                    }
                }
            }
        }
        security-zone trust {
            host-inbound-traffic {
                system-services {
                    all;
                }
                protocols {
                    all;
                }
            }
            interfaces {
                reth2.0;
            }
        }

Thomas

how many member interfaces are in reth?

 

Can use one interface from each of the node (even if from the other node in down state).?

Only have one interface in the reth. 

 

My lab resources are limited ( I only have one PIM) so I can't configure it for another node. I can move the PIM to the other node.

I am able to ping across this link from both sides by configuring a vlan on the SRX side. Perhaps this is indeed an issue with the single interface in a reth on the SRX.