Routing

Hi

I'm prestaging some config ready for a change 

disable;
family inet {
    address 10.64.123.253/24;
}

run show interfaces irb.123 terse 
Interface               Admin Link Proto    Local                 Remote
irb.123                  down  up   inet     10.64.123.253/24 

{master:0}[edit interfaces irb unit 123]
 run show route 10.64.123.253/24 

LEGACY.inet.0: 12313 destinations, 6396 routes (12313 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

10.64.123.253/32    *[Local/0] 00:0
4:33
                       Reject

and this actually causes traffic to be blackholed  !! 

why is the IRB not down down if I have disabled and why is the route in the table at all ?

  

Hi,

• The interface is admin down and link up. If you want the status of the interface to be link down as well, it will need to be removed from the vlan configuration where it is associated as the l3-interface.
• The reject route is for the /32 interface IP of the irb, which is expected for an interface that is in down status. The route will not exist for the /24 subnet though. This can be verified by using the command "run show route 10.64.123.0/24 exact"

Regards

Hi

I'm prestaging some config ready for a change 

disable;
family inet {
    address 10.64.123.253/24;
}

run show interfaces irb.123 terse 
Interface               Admin Link Proto    Local                 Remote
irb.123                  down  up   inet     10.64.123.253/24 

{master:0}[edit interfaces irb unit 123]
 run show route 10.64.123.253/24 

LEGACY.inet.0: 12313 destinations, 6396 routes (12313 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

10.64.123.253/32    *[Local/0] 00:0
4:33
                       Reject

and this actually causes traffic to be blackholed  !! 

why is the IRB not down down if I have disabled and why is the route in the table at all ?

  

Thanks . to me this is counter intuitive if I disable a interface it should be down down  . 
I can achieve what I want with de-active family inet.
Thanks for your response

Hi,

• The interface is admin down and link up. If you want the status of the interface to be link down as well, it will need to be removed from the vlan configuration where it is associated as the l3-interface.
• The reject route is for the /32 interface IP of the irb, which is expected for an interface that is in down status. The route will not exist for the /24 subnet though. This can be verified by using the command "run show route 10.64.123.0/24 exact"

Regards

Hi

I'm prestaging some config ready for a change 

disable;
family inet {
    address 10.64.123.253/24;
}

run show interfaces irb.123 terse 
Interface               Admin Link Proto    Local                 Remote
irb.123                  down  up   inet     10.64.123.253/24 

{master:0}[edit interfaces irb unit 123]
 run show route 10.64.123.253/24 

LEGACY.inet.0: 12313 destinations, 6396 routes (12313 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

10.64.123.253/32    *[Local/0] 00:0
4:33
                       Reject

and this actually causes traffic to be blackholed  !! 

why is the IRB not down down if I have disabled and why is the route in the table at all ?

  

yes, this is so strange to me also.  i remember dealing with this a while back.  I think other vendors truly down the interface if you disable it.  not juniper.  it does something weird, as you are seeing, where it can create problems if left like that. (or desire result is blackholing, then you have an interesting solution)  other responder said remove from other location in config, or you might try "deactivate interface irb.123" and see what that does too.

Thanks . to me this is counter intuitive if I disable a interface it should be down down  . 
I can achieve what I want with de-active family inet.
Thanks for your response

Hi,

• The interface is admin down and link up. If you want the status of the interface to be link down as well, it will need to be removed from the vlan configuration where it is associated as the l3-interface.
• The reject route is for the /32 interface IP of the irb, which is expected for an interface that is in down status. The route will not exist for the /24 subnet though. This can be verified by using the command "run show route 10.64.123.0/24 exact"

Regards

Hi

I'm prestaging some config ready for a change 

disable;
family inet {
    address 10.64.123.253/24;
}

run show interfaces irb.123 terse 
Interface               Admin Link Proto    Local                 Remote
irb.123                  down  up   inet     10.64.123.253/24 

{master:0}[edit interfaces irb unit 123]
 run show route 10.64.123.253/24 

LEGACY.inet.0: 12313 destinations, 6396 routes (12313 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

10.64.123.253/32    *[Local/0] 00:0
4:33
                       Reject

and this actually causes traffic to be blackholed  !! 

why is the IRB not down down if I have disabled and why is the route in the table at all ?

  

To deactivate the interface, you would need to delete it from the vlan configuration as well, otherwise, there will be a commit error. We have four scenarios summarized as below: -

• If the irb.123 is disabled, but not removed from the vlan configuration -----> The interface status will be Admin down/Link Up, and the interface IP will appear as a /32 reject route.
• If the irb.123 is diabled and removed from the vlan configuration ------------> The interface status will be Admin down/Link down; the interface IP will still appear as a /32 reject route.
• If the family inet is disabled on irb.123 -------------> The interface status will be Admin up/Link up with no IP address; the IP will obviously not be available in the routing table.
• If the interface irb.123 is deactivated, it would need to be deactivated/deleted from the vlan configuration as well -------> It is similar to deleting the irb interface from the configuration, so the interface status and the route will not appear.

Regards

yes, this is so strange to me also.  i remember dealing with this a while back.  I think other vendors truly down the interface if you disable it.  not juniper.  it does something weird, as you are seeing, where it can create problems if left like that. (or desire result is blackholing, then you have an interesting solution)  other responder said remove from other location in config, or you might try "deactivate interface irb.123" and see what that does too.

Thanks . to me this is counter intuitive if I disable a interface it should be down down  . 
I can achieve what I want with de-active family inet.
Thanks for your response

Hi,

• The interface is admin down and link up. If you want the status of the interface to be link down as well, it will need to be removed from the vlan configuration where it is associated as the l3-interface.
• The reject route is for the /32 interface IP of the irb, which is expected for an interface that is in down status. The route will not exist for the /24 subnet though. This can be verified by using the command "run show route 10.64.123.0/24 exact"

Regards

Hi

I'm prestaging some config ready for a change 

disable;
family inet {
    address 10.64.123.253/24;
}

run show interfaces irb.123 terse 
Interface               Admin Link Proto    Local                 Remote
irb.123                  down  up   inet     10.64.123.253/24 

{master:0}[edit interfaces irb unit 123]
 run show route 10.64.123.253/24 

LEGACY.inet.0: 12313 destinations, 6396 routes (12313 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

10.64.123.253/32    *[Local/0] 00:0
4:33
                       Reject

and this actually causes traffic to be blackholed  !! 

why is the IRB not down down if I have disabled and why is the route in the table at all ?

  

Thanks for such a comprehensive response. 

As part of a change its really useful to pre-stage config ( just one less thing to do on the night ) with just one thing disabled/or deactivated. 
then the change  can simply be disable the old, enable the new and troubleshoot if needed. 
Seems this might not be possible on Juniper. 

To deactivate the interface, you would need to delete it from the vlan configuration as well, otherwise, there will be a commit error. We have four scenarios summarized as below: -

• If the irb.123 is disabled, but not removed from the vlan configuration -----> The interface status will be Admin down/Link Up, and the interface IP will appear as a /32 reject route.
• If the irb.123 is diabled and removed from the vlan configuration ------------> The interface status will be Admin down/Link down; the interface IP will still appear as a /32 reject route.
• If the family inet is disabled on irb.123 -------------> The interface status will be Admin up/Link up with no IP address; the IP will obviously not be available in the routing table.
• If the interface irb.123 is deactivated, it would need to be deactivated/deleted from the vlan configuration as well -------> It is similar to deleting the irb interface from the configuration, so the interface status and the route will not appear.

Regards

yes, this is so strange to me also.  i remember dealing with this a while back.  I think other vendors truly down the interface if you disable it.  not juniper.  it does something weird, as you are seeing, where it can create problems if left like that. (or desire result is blackholing, then you have an interesting solution)  other responder said remove from other location in config, or you might try "deactivate interface irb.123" and see what that does too.

Thanks . to me this is counter intuitive if I disable a interface it should be down down  . 
I can achieve what I want with de-active family inet.
Thanks for your response

Hi,

• The interface is admin down and link up. If you want the status of the interface to be link down as well, it will need to be removed from the vlan configuration where it is associated as the l3-interface.
• The reject route is for the /32 interface IP of the irb, which is expected for an interface that is in down status. The route will not exist for the /24 subnet though. This can be verified by using the command "run show route 10.64.123.0/24 exact"

Regards

Hi

I'm prestaging some config ready for a change 

disable;
family inet {
    address 10.64.123.253/24;
}

run show interfaces irb.123 terse 
Interface               Admin Link Proto    Local                 Remote
irb.123                  down  up   inet     10.64.123.253/24 

{master:0}[edit interfaces irb unit 123]
 run show route 10.64.123.253/24 

LEGACY.inet.0: 12313 destinations, 6396 routes (12313 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

10.64.123.253/32    *[Local/0] 00:0
4:33
                       Reject

and this actually causes traffic to be blackholed  !! 

why is the IRB not down down if I have disabled and why is the route in the table at all ?

  

yes, this is so strange to me also.  i remember dealing with this a while back.  I think other vendors truly down the interface if you disable it.  not juniper.  it does something weird, as you are seeing, where it can create problems if left like that. (or desire result is blackholing, then you have an interesting solution)  other responder said remove from other location in config, or you might try "deactivate interface irb.123" and see what that does too.

Thanks . to me this is counter intuitive if I disable a interface it should be down down  . 
I can achieve what I want with de-active family inet.
Thanks for your response

Hi,

• The interface is admin down and link up. If you want the status of the interface to be link down as well, it will need to be removed from the vlan configuration where it is associated as the l3-interface.
• The reject route is for the /32 interface IP of the irb, which is expected for an interface that is in down status. The route will not exist for the /24 subnet though. This can be verified by using the command "run show route 10.64.123.0/24 exact"

Regards

Hi

I'm prestaging some config ready for a change 

disable;
family inet {
    address 10.64.123.253/24;
}

run show interfaces irb.123 terse 
Interface               Admin Link Proto    Local                 Remote
irb.123                  down  up   inet     10.64.123.253/24 

{master:0}[edit interfaces irb unit 123]
 run show route 10.64.123.253/24 

LEGACY.inet.0: 12313 destinations, 6396 routes (12313 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

10.64.123.253/32    *[Local/0] 00:0
4:33
                       Reject

and this actually causes traffic to be blackholed  !! 

why is the IRB not down down if I have disabled and why is the route in the table at all ?

  

Thanks Aaron, I will need to lab it up now just to see, but this was service effecting to the network I was configuring !! the IRB was actually a gateway on a LAN if it was responding arp or if the VIP was up ( not shown in my example ) this would have broken things as the legacy gateway would have been up on the same LAN. 
I did not  really have time to investigate. 
 

yes, this is so strange to me also.  i remember dealing with this a while back.  I think other vendors truly down the interface if you disable it.  not juniper.  it does something weird, as you are seeing, where it can create problems if left like that. (or desire result is blackholing, then you have an interesting solution)  other responder said remove from other location in config, or you might try "deactivate interface irb.123" and see what that does too.

Thanks . to me this is counter intuitive if I disable a interface it should be down down  . 
I can achieve what I want with de-active family inet.
Thanks for your response

Hi,

• The interface is admin down and link up. If you want the status of the interface to be link down as well, it will need to be removed from the vlan configuration where it is associated as the l3-interface.
• The reject route is for the /32 interface IP of the irb, which is expected for an interface that is in down status. The route will not exist for the /24 subnet though. This can be verified by using the command "run show route 10.64.123.0/24 exact"

Regards

Hi

I'm prestaging some config ready for a change 

disable;
family inet {
    address 10.64.123.253/24;
}

run show interfaces irb.123 terse 
Interface               Admin Link Proto    Local                 Remote
irb.123                  down  up   inet     10.64.123.253/24 

{master:0}[edit interfaces irb unit 123]
 run show route 10.64.123.253/24 

LEGACY.inet.0: 12313 destinations, 6396 routes (12313 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

10.64.123.253/32    *[Local/0] 00:0
4:33
                       Reject

and this actually causes traffic to be blackholed  !! 

why is the IRB not down down if I have disabled and why is the route in the table at all ?