Routing

 View Only
last person joined: 9 hours ago 

Ask questions and share experiences about ACX Series, CTP Series, MX Series, PTX Series, SSR Series, JRR Series, and all things routing, including portfolios and protocols.
  • 1.  Can't access Internet, but traceroute to google dns completes

    Posted 10-27-2022 13:23
    Hi ,

    I have two Juniper router. From router 1 I can go to internet perfectly fine, but cannot reach the Internet via second Juniper router.

    Troubleshooting  I performed : 
    1. Show security flow status : Flow based
    2. Traceroute to google DNS : Completes
    3. Can ping 8.8.8.8

    But when I open any site it says , page cannot be reached.

    From the another Juniper router, the internet works perfectly fine. From the second one , Internet doesn't work.
    Both the router has the same exact configuration. Both are same model and same version.



    ------------------------------
    Arun kumar R
    ------------------------------


  • 2.  RE: Can't access Internet, but traceroute to google dns completes

    Posted 10-28-2022 12:12
    Hi,

    Look like incoming traffic issue. Do u use SRX or MX?

    Thanks


  • 3.  RE: Can't access Internet, but traceroute to google dns completes

    Posted 10-28-2022 12:16
    SRX 320

        






  • 4.  RE: Can't access Internet, but traceroute to google dns completes

    Posted 10-28-2022 13:25
    Are you able to do some tests on the computer that won't get internet access.
    trace route from there
    nslookup to confirm dns is responding
    ip configuration to see if the dhcp is fully functional and getting a gateway and dns servers

    On the SRX side are the security policy and nat policy for the computer zone to the internet zone confirmed
    Is a session created when the computer tries internet access and nat happening as expected
    show security flow session

    ------------------------------
    Steve Puluka BSEET - Juniper Ambassador
    IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP - Retired)
    http://puluka.com/home
    ------------------------------



  • 5.  RE: Can't access Internet, but traceroute to google dns completes

    Posted 10-28-2022 13:48

    The topology is as below

    PE1 ---CE1 ---layer2 switch -firewall-core switch ---Laptop
    PE2---CE2  ----layer2 switch(same as above)--firewall ---core switch  --Laptop

    The CE1 router has no issue..when the google dns is tracerouted it completes and webpages are accessible
    The problem is with CE2 , the webpages doesn't load , if CE2 is bypassed , the internet works,

    To check connectivity , I connected CE2 --laptop --doesn't work
    PE2- layer2(a) -Laptop --works 
    Suspect , there is some issue with the CE2 Juniper device.. The CE2 Juniper has very basic 
    config with Lan as trust Zone







  • 6.  RE: Can't access Internet, but traceroute to google dns completes

    Posted 10-30-2022 07:46
    I agree it seems likely the configuration on ce2 is at issue if the laptop works on ce1 and not on ce2.

    Do you have the carrier setup information to confirm whether the hand off to the firewall is dhcp or static and what the information is to confirm?

    ------------------------------
    Steve Puluka BSEET - Juniper Ambassador
    IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP - Retired)
    http://puluka.com/home
    ------------------------------



  • 7.  RE: Can't access Internet, but traceroute to google dns completes

    Posted 10-31-2022 04:23
    on the CE1 and CE2 Vrrp is enabled. CE 1 is active and the Internet doesn't work.
    When the CE1 Lan is shut,the traffic goes via CE2 and the Internet works fine.
    CE1 and CE 2 has the same exact configuration. 
    The public ip is assigned to the customer firewall. Looks like the incoming traffic is 
    an issue. 







  • 8.  RE: Can't access Internet, but traceroute to google dns completes

    Posted 10-31-2022 07:14
    Do you have access to the carrier side devices for troubleshooting?  I assume these would be ACX/SRX/MX devices running MPLS.

    Maybe running wire shark on a laptop connected to the layer 2 switch with the SRX public ip address would give the service provider the data needed for troubleshooting if you don't have access to test there.

    ------------------------------
    Steve Puluka BSEET - Juniper Ambassador
    IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP - Retired)
    http://puluka.com/home
    ------------------------------



  • 9.  RE: Can't access Internet, but traceroute to google dns completes

    Posted 10-31-2022 08:49
    Yes, I have access to the CE Juniper router.
    This is SRX 320 device dedicated for Internet.