Routing

 View Only

IMPORTANT MODERATION NOTICE

This community is currently under full moderation, meaning  all posts will be reviewed before appearing in the community. Please expect a brief delay—there is no need to post multiple times. If your post is rejected, you'll receive an email outlining the reason(s). We've implemented full moderation to control spam. Thank you for your patience and participation.



  • 1.  SRX cluster and QFX VPC inter-vlan routing

    Posted 07-13-2022 20:59
      |   view attached

    Hello,

    I'm fairly new to Juniper, so if this is obvious.

    I have two SRX320  setup in a cluster, and two QFX3500 setup in a VPC.

    There is a single reth on the SRX cluster, with multiple VLANs associated.

    On the QFX VPC I have setup IRB interfaces for each VLAN.

    Traffic will flow appropriately across the VLAN, but not between VLANs.

    On the QFX VPC, all VLANs excluding one are in a routing instance. On the SRX cluster, all VLANs excluding one are in the same routing instance.

    The idea is that my `trusted` VLANs should be able to route freely between each other, but my `untrusted` VLAN has to route via my SRX cluster before it can route to another VLAN.

    Please find a logical topology attached. Its fairly rough.

    And paste bin links for my switch (qfx - Pastebin.com ) and firewall (SRX paste - Pastebin.com ) configurations.

    Hosts attached to the switch are able to get DHCP leases fine, and can ping both the QFX IRB interface and the SRX reth interface for their specific VLAN/subnets, but can't ping anything outside their subnet/VLAN.



    ------------------------------
    ALEXANDER HUSSEY
    ------------------------------

    Attachment(s)



  • 2.  RE: SRX cluster and QFX VPC inter-vlan routing

    Posted 07-13-2022 22:43

    Some additional information

    Routing table: lan-trusted.inet
    Internet:
    Destination        Type RtRef Next hop           Type Index    NhRef Netif
    default            perm     0                    rjct     1728     1
    0.0.0.0/32         perm     0                    dscd     1726     1
    10.10.0.0/16       intf     0                    rslv     1785     1 irb.300
    10.10.0.0/32       dest     0 10.10.0.0          recv     1783     1 irb.300
    10.10.255.254/32   intf     0 10.10.255.254      locl     1784     2
    10.10.255.254/32   dest     0 10.10.255.254      locl     1784     2
    10.10.255.255/32   dest     0 10.10.255.255      bcst     1782     1 irb.300
    172.18.0.0/16      intf     0                    rslv     1773     1 irb.350
    172.18.0.0/32      dest     0 172.18.0.0         recv     1771     1 irb.350
    172.18.255.254/32  intf     0 172.18.255.254     locl     1772     2
    172.18.255.254/32  dest     0 172.18.255.254     locl     1772     2
    172.18.255.255/32  dest     0 172.18.255.255     bcst     1770     1 irb.350
    192.168.1.0/24     intf     0                    rslv     1801     1 irb.1
    192.168.1.0/32     dest     0 192.168.1.0        recv     1799     1 irb.1
    192.168.1.1/32     dest     0 0:10:db:ff:10:0    ucst     1830     1 ae1.0
    192.168.1.10/32    dest     0 c:f5:a4:d3:f3:18   ucst     1825     1 ge-0/0/38.0
    192.168.1.254/32   intf     0 192.168.1.254      locl     1800     2
    192.168.1.254/32   dest     0 192.168.1.254      locl     1800     2
    192.168.1.255/32   dest     0 192.168.1.255      bcst     1798     1 irb.1
    192.168.100.0/24   intf     0                    rslv     1797     1 irb.100
    192.168.100.0/32   dest     0 192.168.100.0      recv     1795     1 irb.100
    192.168.100.1/32   dest     0 0:10:db:ff:10:0    ucst     1824     1 ae1.0
    192.168.100.254/32 intf     0 192.168.100.254    locl     1796     2
    192.168.100.254/32 dest     0 192.168.100.254    locl     1796     2
    192.168.100.255/32 dest     0 192.168.100.255    bcst     1794     1 irb.100
    192.168.101.0/24   intf     0                    rslv     1793     1 irb.101
    192.168.101.0/32   dest     0 192.168.101.0      recv     1791     1 irb.101
    192.168.101.254/32 intf     0 192.168.101.254    locl     1792     2
    192.168.101.254/32 dest     0 192.168.101.254    locl     1792     2
    192.168.101.255/32 dest     0 192.168.101.255    bcst     1790     1 irb.101
    192.168.103.0/24   intf     0                    rslv     1789     1 irb.103
    192.168.103.0/32   dest     0 192.168.103.0      recv     1787     1 irb.103
    192.168.103.1/32   dest     0 0:10:db:ff:10:0    ucst     1827     1 ae1.0
    192.168.103.10/32  dest     0 80:fa:5b:1a:e7:82  ucst     1829     1 ge-0/0/38.0
    192.168.103.11/32  dest     0 0:9:b0:4b:1e:f     ucst     1832     1 ge-0/0/38.0
    192.168.103.254/32 intf     0 192.168.103.254    locl     1788     2
    192.168.103.254/32 dest     0 192.168.103.254    locl     1788     2
    192.168.103.255/32 dest     0 192.168.103.255    bcst     1786     1 irb.103
    224.0.0.0/4        perm     0                    mdsc     1727     1
    224.0.0.1/32       perm     0 224.0.0.1          mcst     1730     1
    255.255.255.255/32 perm     0                    bcst     1731     1
    
    show route instance 
    Instance             Type
             Primary RIB                                     Active/holddown/hidden
    
    lan-trusted          virtual-router 
             lan-trusted.inet.0                              15/0/0





    ------------------------------
    ALEXANDER HUSSEY
    ------------------------------



  • 3.  RE: SRX cluster and QFX VPC inter-vlan routing

    Posted 07-13-2022 23:42

    I thought it might be a reflective relay issue, as the clients are connected to one physical interface at the moment.

    unfortunately `set interfaces ge-0/0/38 unit 0 family ethernet-switching reflective-relay` isn't an option on my QFX3500 :(



    ------------------------------
    ALEXANDER HUSSEY
    ------------------------------



  • 4.  RE: SRX cluster and QFX VPC inter-vlan routing

    Posted 07-16-2022 21:24
    I've had no further success with my my inter-vlan routing isn't working

    ------------------------------
    ALEXANDER HUSSEY
    ------------------------------