I would go from a direct "route-leak" between the instances (Virtual-Routers)
Below example should help you, if you make the changes to reflect your environment it should be ready to paste and commit
#IPv4 policy statement to import routes from your Internet instance (Virtual Router) / For you would that be your ziggo zone
set policy-options policy-statement NET-INET-PREFIXES term prefixes from instance INTERNET-EDGE
set policy-options policy-statement NET-INET-PREFIXES term prefixes from protocol direct
set policy-options policy-statement NET-INET-PREFIXES term prefixes from protocol local
set policy-options policy-statement NET-INET-PREFIXES term prefixes from protocol bgp
set policy-options policy-statement NET-INET-PREFIXES term prefixes then accept
# IPV6 policy statement to import routes from your Internet instance (Virtural Router) / For you would that be your ziggo zone
set policy-options policy-statement NET-INET-PREFIXES term prefixes6 from instance INTERNET-EDGE
set policy-options policy-statement NET-INET-PREFIXES term prefixes6 from family inet6
set policy-options policy-statement NET-INET-PREFIXES term prefixes6 from protocol direct
set policy-options policy-statement NET-INET-PREFIXES term prefixes6 from protocol local
set policy-options policy-statement NET-INET-PREFIXES term prefixes6 from protocol bgp
set policy-options policy-statement NET-INET-PREFIXES term prefixes6 then accept
#Import a default route (IPv4/IPv6) from the internet-Edge routing instance / For you is that ziggo
set policy-options policy-statement default-to-routing-instance term default from instance INTERNET-EDGE
set policy-options policy-statement default-to-routing-instance term default from route-filter 0.0.0.0/0 exact
set policy-options policy-statement default-to-routing-instance term default then accept
set policy-options policy-statement default-to-routing-instance term default6 from instance INTERNET-EDGE
set policy-options policy-statement default-to-routing-instance term default6 from family inet6
set policy-options policy-statement default-to-routing-instance term default6 from route-filter ::/0 exact
set policy-options policy-statement default-to-routing-instance term default6 then accept
set policy-options policy-statement default-to-routing-instance term reject then reject
#IPv4 part of the import policy from instance Internal lan / master instance of the SRX
set policy-options policy-statement INTERNAL-LAN term prefixes from instance master
set policy-options policy-statement INTERNAL-LAN term prefixes from protocol direct
set policy-options policy-statement INTERNAL-LAN term prefixes from protocol local
set policy-options policy-statement INTERNAL-LAN term prefixes from route-filter x.x.x.x/x exact
set policy-options policy-statement INTERNAL-LAN term prefixes then accept
#IPv6 part of the import policy from instance Internal lan / master instance of the SRX
set policy-options policy-statement INTERNAL-LAN term prefixes6 from instance master
set policy-options policy-statement INTERNAL-LAN term prefixes6 from family inet6
set policy-options policy-statement INTERNAL-LAN term prefixes6 from protocol direct
set policy-options policy-statement INTERNAL-LAN term prefixes6 from protocol local
set policy-options policy-statement INTERNAL-LAN term prefixes6 from route-filter x:x:x:x::/x exact
set policy-options policy-statement INTERNAL-LAN term prefixes6 then accept
#Routing intstance config Internet Edge (for you that is ziggo)
set routing-instances INTERNET-EDGE interface pp0.0
set routing-instances INTERNET-EDGE description "Internet Edge"
set routing-instances INTERNET-EDGE instance-type virtual-router
set routing-instances INTERNET-EDGE routing-options rib INTERNET-EDGE.inet6.0 static route 0::/0 next-hop pp0.0
set routing-instances INTERNET-EDGE routing-options static route 0.0.0.0/0 next-hop pp0.0
set routing-instances INTERNET-EDGE routing-options static route 0.0.0.0/0 metric 0
set routing-instances INTERNET-EDGE routing-options instance-import INTERNAL-LAN
# Master instance (aka SRX) import the routes from the Internet instance (for you that is ziggo)
set routing-options instance-import default-to-routing-instance
set routing-options instance-import NET-INET-PREFIXES
------------------------------
Marcel ten Berg
Solution Architect
Juniper Networks
------------------------------
Original Message:
Sent: 08-02-2023 21:44
From: Brijil
Subject: cannot get Mist working on SRX340 cluster.
Hello Arno,
Can you try to route the traffic directly from mgmt instance to the qfx / internet rather than sending to inet table?
Regards,
Brijil
------------------------------
Brijil R
Original Message:
Sent: 07-31-2023 07:15
From: Arno Schrijver
Subject: cannot get Mist working on SRX340 cluster.
We have setup a Mist POC for a customer and are trying to add the SRX340 cluster to Mist.
After days of debugging we created the mgmt_junos routing instance with appropriate routes and dns config.
In front of the SRX cluster is a cluster of QFX5100 as a routing core stack.
- The fxp0 interfaces are connected to this QFX Stack.
- 0.0.0.0 next-hop for mgmt_junos routing-instance is the IP of the irb interface on the QFX.
- All traffic from mgmt_junos routing-instance is then routed to the Trust interface zone of the SRX.
If we do a ping from fxp0.0 or routing-instance mgmt_junos to 8.8.8.8 it works,
but a ping to google.nl or any other fqdn it fails.
In logging we see the dns request from 10.31.203.200 but it seems it does not arrive at the fxp0.0 interface.
Any ideas?
------------------------------
Arno Schrijver
------------------------------