I've got a topology where I have 2 chassis clusters of vSRX, separated by a L2 p2P virtual circuit between our two DCs, one cluster in DC A and another in DC B.
I am setting up routing between the two, and want to use a transport vlan that is stretched between the two DCs to leverage dynamic routing.
The problem is, the two vSRXs can't seem to ping each other
Topology looks like this
DC A reth0.660 -----> CORE router with same VLAN tagged -----P2P VC-----CORE router with same VLAN tagged ------DC B reth0.660
I can ping from side A vSRX to side B DC (ie. I can ping 10.66.0.1, the core router on side A from 10.66.0.12, the SRX inside DC B)
But I can't ping from 10.66.0.11 (vSRX A) to 10.66.0.12 (vSRX B)
I first assumed this is just the nature of routers, which makes complete sense as they end broadcast domains, but I AM able to ping the vSRX interfaces from a VM across Datacenters at purely L2.
Ie, windows test VM in DC B on IP 10.66.0.15 can ping 10.66.0.11 in DC A.
Security zone is allowing pings as I can ping each reth0.660 interface @ purely L2 from another VM across the p2P circuit, I just can't talk to each other.
My guess (99% sure) is that you have configured your clusters with the same cluster ID (probably 1). This ID is used to generate virtual mac-addresses for your reth interfaces.
In your case with the same cluster ID and reth, you will have the same mac address in both ends.
You need to change cluster ID on one of your chassis clusters to get this working.
I have indeed.
I didn't know that bit was included in the Mac-address randomization.
I will change and update this.
edit: that did it. Thank you!