Problem Statement...
I am trying to take an PPPoE connection from my ISP in on interface pp0.0 interface unnumbered. I then want to configure my ISP issued subnet "192.0.2.8/29" and set this up on ge-0/0/1. However the default route entry does not apear; its in the config but not in the routing table.
This is a fairly good example of what I am trying to achieve.
https://supportportal.juniper.net/s/article/SRX-How-to-configure-unnumbered-IP-address-against-WAN-interface-PPPoE?language=en_US
Journey so far...
Step0: I did this using an old Cisco router, IPv4 and IPv6 without issue and it works fine. The issue is the router I have cant meet my gigabit requirement.
Step1: On the Juniper SRX240 I have configured the PPPoE interface using "negotiated" and a default route pointing to the PPPoE Interface.
set interfaces pp0 unit 0 family inet negotiate-address
set routing-options static route 0.0.0.0/0 next-hop pp0.0
PPPoE comes up nicely, the route goes into the routing table and I can ping out to the internet. Annoying that does not meet the unnumbered requirement to get the public ip range on the 'LAN' side of the Juniper.
[edit]
root@nagnai0mbpbri01# show interfaces pp0
unit 0 {
ppp-options {
chap {
default-chap-secret "$9$FoO736ABIhv8x-VJDjiPfAp0BES"; ## SECRET-DATA
local-name "user@isp";
passive;
}
}
pppoe-options {
underlying-interface ge-0/0/0.0;
auto-reconnect 10;
client;
}
family inet {
negotiate-address;
}
}
[edit]
root@nagnai0mbpbri01# show routing-options static
route 0.0.0.0/0 next-hop pp0.0;
[edit]
root@nagnai0mbpbri01#
[edit]
root@nagnai0mbpbri01# run show ppp interface extensive pp0.0
Session pp0.0, Type: PPP, Phase: Network
LCP
State: Opened
Last started: 2022-11-15 19:00:19 UTC
Last completed: 2022-11-15 19:00:19 UTC
Negotiated options:
Authentication protocol: CHAP, Authentication algorithm: MD5,
Magic number: 1668572450, Local MRU: 1492
Authentication: CHAP
State: Success
Last completed: 2022-11-15 19:00:19 UTC
IPCP
State: Opened
Last started: 2022-11-15 19:00:22 UTC
Last completed: 2022-11-15 19:00:22 UTC
Negotiated options:
Local address: 192.0.2.14, Remote address: 51.148.77.136,
Primary DNS: 212.23.3.100, Secondary DNS: 212.23.6.100
[edit]
root@nagnai0mbpbri01# run show route
inet.0: 3 destinations, 3 routes (3 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
0.0.0.0/0 *[Static/5] 00:01:55
> via pp0.0
51.148.77.136/32 *[Direct/0] 00:03:02
> via pp0.0
192.0.2.14/32 *[Local/0] 00:03:02
Local via pp0.0
Step2: Inline with the above article I remove the negotiate-address command. I can see:
-
pp0.0 interface is up and happy with no IP; expected
-
Interface vlan.666 is up and has its ip address 192.0.2.14/29; expected
-
The route entry for 0.0.0.0/0 does not appear in the routing table; unexpected.
root@nagnai0mbpbri01# show interfaces pp0
unit 0 {
ppp-options {
chap {
default-chap-secret "$9$FoO736ABIhv8x-VJDjiPfAp0BES"; ## SECRET-DATA
local-name "user@isp";
passive;
}
}
pppoe-options {
underlying-interface ge-0/0/0.0;
auto-reconnect 10;
client;
}
family inet;
}
[edit]
root@nagnai0mbpbri01#
[edit]
root@nagnai0mbpbri01# run show ppp interface extensive pp0.0
Session pp0.0, Type: PPP, Phase: Network
LCP
State: Opened
Last started: 2022-11-15 18:49:55 UTC
Last completed: 2022-11-15 18:49:58 UTC
Negotiated options:
Authentication protocol: CHAP, Authentication algorithm: MD5,
Magic number: 1668572450, Local MRU: 1492
Authentication: CHAP
State: Success
Last completed: 2022-11-15 18:49:58 UTC
IPCP
State: Ack-sent
Last started: 2022-11-15 18:50:25 UTC
Last completed: 2022-11-15 18:49:34 UTC
Negotiated options:
Primary DNS: 212.23.3.100, Secondary DNS: 212.23.6.100
[edit]
root@nagnai0mbpbri01# run show route
inet.0: 2 destinations, 2 routes (2 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
192.0.2.8/29 *[Direct/0] 00:05:36
> via ge-0/0/1.0
192.0.2.9/32 *[Local/0] 00:05:36
Local via ge-0/0/1.0
[edit]
root@nagnai0mbpbri01#
Step3:
To me the lack of the association between the pp0.0 and ge-0/0/1.0 interface feels strange so I add the unnumbered statement. But this makes no difference.
root@nagnai0mbpbri01# show interfaces pp0
unit 0 {
ppp-options {
chap {
default-chap-secret "$9$FoO736ABIhv8x-VJDjiPfAp0BES"; ## SECRET-DATA
local-name "user@isp";
passive;
}
}
pppoe-options {
underlying-interface ge-0/0/0.0;
auto-reconnect 10;
client;
}
family inet {
unnumbered-address ge-0/0/1.0;
}
}
[edit]
root@nagnai0mbpbri01# run show ppp interface extensive pp0.0
Session pp0.0, Type: PPP, Phase: Network
LCP
State: Opened
Last started: 2022-11-15 18:54:09 UTC
Last completed: 2022-11-15 18:54:12 UTC
Negotiated options:
Authentication protocol: CHAP, Authentication algorithm: MD5,
Magic number: 1668572450, Local MRU: 1492
Authentication: CHAP
State: Success
Last completed: 2022-11-15 18:54:12 UTC
IPCP
State: Ack-sent
Last started: 2022-11-15 18:54:12 UTC
Last completed: 2022-11-15 18:53:49 UTC
Negotiated options:
Primary DNS: 212.23.3.100, Secondary DNS: 212.23.6.100
[edit]
root@nagnai0mbpbri01#
[edit]
root@nagnai0mbpbri01# run show route
inet.0: 2 destinations, 2 routes (2 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
192.0.2.8/29 *[Direct/0] 00:08:59
> via ge-0/0/1.0
192.0.2.9/32 *[Local/0] 00:08:59
Local
SRX240 Version:
root@nagnai0mbpbri01> show version
Hostname: hostname
Model: srx240h2
JUNOS Software Release [12.1X46-D35.1]
SRX240 IPv4 Config (Default route in config does not go into the routing table):
## Last changed: 2022-11-15 19:20:44 UTC
version 12.1X46-D35.1;
system {
root-authentication {
encrypted-password "$1$WcTbJ0q6$Tl2qPYYKUPSOgoBTR2s5Q/"; ## SECRET-DATA
}
name-server {
208.67.222.222;
208.67.220.220;
}
services {
ssh;
web-management {
https {
system-generated-certificate;
interface vlan.0;
}
}
}
syslog {
archive size 100k files 3;
user * {
any emergency;
}
file messages {
any critical;
authorization info;
}
file interactive-commands {
interactive-commands error;
}
}
max-configurations-on-flash 5;
max-configuration-rollbacks 5;
license {
autoupdate {
url https://ae1.juniper.net/junos/key_retrieval;
}
}
}
interfaces {
ge-0/0/0 {
unit 0 {
encapsulation ppp-over-ether;
}
}
ge-0/0/1 {
unit 0 {
family inet {
address 62.3.66.9/29;
}
}
}
ge-0/0/2 {
unit 0;
}
ge-0/0/3 {
unit 0;
}
ge-0/0/4 {
unit 0;
}
ge-0/0/5 {
unit 0;
}
ge-0/0/6 {
unit 0;
}
ge-0/0/7 {
unit 0;
}
ge-0/0/8 {
unit 0;
}
ge-0/0/9 {
unit 0;
}
ge-0/0/10 {
unit 0;
}
ge-0/0/11 {
unit 0;
}
ge-0/0/12 {
unit 0;
}
ge-0/0/13 {
unit 0;
}
ge-0/0/14 {
unit 0;
}
ge-0/0/15 {
unit 0;
}
pp0 {
unit 0 {
ppp-options {
chap {
default-chap-secret "$9$FoO736ABIhv8x-VJDjiPfAp0BES"; ## SECRET-DATA
local-name "zen333814@zen";
passive;
}
}
pppoe-options {
underlying-interface ge-0/0/0.0;
auto-reconnect 10;
client;
}
family inet;
}
}
}
routing-options {
static {
route 0.0.0.0/0 next-hop pp0.0;
}
}
protocols {
stp;
}
security {
policies {
from-zone trust to-zone untrust {
policy tr-un {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
from-zone untrust to-zone trust {
policy un-tr {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
}
zones {
security-zone trust {
interfaces {
ge-0/0/1.0 {
host-inbound-traffic {
system-services {
all;
}
}
}
}
}
security-zone untrust {
interfaces {
pp0.0 {
host-inbound-traffic {
system-services {
all;
}
}
}
}
}
}
}