Junos OS

 View Only
last person joined: 20 hours ago 

Ask questions and share experiences about Junos OS.

Juniper SRX Unnumbered IP Address on PPPoE Interface

  • 1.  Juniper SRX Unnumbered IP Address on PPPoE Interface

    Posted 22 days ago

    Problem Statement...

    I am trying to take an PPPoE connection from my ISP in on interface pp0.0 interface unnumbered. I then want to configure my ISP issued subnet "192.0.2.8/29" and set this up on ge-0/0/1. However the default route entry does not apear; its in the config but not in the routing table.

    This is a fairly good example of what I am trying to achieve.
    https://supportportal.juniper.net/s/article/SRX-How-to-configure-unnumbered-IP-address-against-WAN-interface-PPPoE?language=en_US

    Journey so far...

    Step0: I did this using an old Cisco router, IPv4 and IPv6 without issue and it works fine. The issue is the router I have cant meet my gigabit requirement.

    Step1: On the Juniper SRX240 I have configured the PPPoE interface using "negotiated" and a default route pointing to the PPPoE Interface.

    set interfaces pp0 unit 0 family inet negotiate-address
    set routing-options static route 0.0.0.0/0 next-hop pp0.0
    

    PPPoE comes up nicely, the route goes into the routing table and I can ping out to the internet. Annoying that does not meet the unnumbered requirement to get the public ip range on the 'LAN' side of the Juniper.


    [edit]
    root@nagnai0mbpbri01# show interfaces pp0
    unit 0 {
    ppp-options {
    chap {
    default-chap-secret "$9$FoO736ABIhv8x-VJDjiPfAp0BES"; ## SECRET-DATA
    local-name "user@isp";
    passive;
    }
    }
    pppoe-options {
    underlying-interface ge-0/0/0.0;
    auto-reconnect 10;
    client;
    }
    family inet {
    negotiate-address;
    }
    }

    [edit]
    root@nagnai0mbpbri01# show routing-options static
    route 0.0.0.0/0 next-hop pp0.0;

    [edit]
    root@nagnai0mbpbri01#


    [edit]
    root@nagnai0mbpbri01# run show ppp interface extensive pp0.0
    Session pp0.0, Type: PPP, Phase: Network
    LCP
    State: Opened
    Last started: 2022-11-15 19:00:19 UTC
    Last completed: 2022-11-15 19:00:19 UTC
    Negotiated options:
    Authentication protocol: CHAP, Authentication algorithm: MD5,
    Magic number: 1668572450, Local MRU: 1492
    Authentication: CHAP
    State: Success
    Last completed: 2022-11-15 19:00:19 UTC
    IPCP
    State: Opened
    Last started: 2022-11-15 19:00:22 UTC
    Last completed: 2022-11-15 19:00:22 UTC
    Negotiated options:
    Local address: 192.0.2.14, Remote address: 51.148.77.136,
    Primary DNS: 212.23.3.100, Secondary DNS: 212.23.6.100

    [edit]
    root@nagnai0mbpbri01# run show route

    inet.0: 3 destinations, 3 routes (3 active, 0 holddown, 0 hidden)
    + = Active Route, - = Last Active, * = Both

    0.0.0.0/0 *[Static/5] 00:01:55
    > via pp0.0
    51.148.77.136/32 *[Direct/0] 00:03:02
    > via pp0.0
    192.0.2.14/32 *[Local/0] 00:03:02
    Local via pp0.0


    Step2
    : Inline with the above article I remove the negotiate-address command. I can see:

    • pp0.0 interface is up and happy with no IP; expected

    • Interface vlan.666 is up and has its ip address 192.0.2.14/29; expected

    • The route entry for 0.0.0.0/0 does not appear in the routing table; unexpected.

    root@nagnai0mbpbri01# show interfaces pp0
    unit 0 {
    ppp-options {
    chap {
    default-chap-secret "$9$FoO736ABIhv8x-VJDjiPfAp0BES"; ## SECRET-DATA
    local-name "user@isp";
    passive;
    }
    }
    pppoe-options {
    underlying-interface ge-0/0/0.0;
    auto-reconnect 10;
    client;
    }
    family inet;
    }

    [edit]
    root@nagnai0mbpbri01#

    [edit]
    root@nagnai0mbpbri01# run show ppp interface extensive pp0.0
    Session pp0.0, Type: PPP, Phase: Network
    LCP
    State: Opened
    Last started: 2022-11-15 18:49:55 UTC
    Last completed: 2022-11-15 18:49:58 UTC
    Negotiated options:
    Authentication protocol: CHAP, Authentication algorithm: MD5,
    Magic number: 1668572450, Local MRU: 1492
    Authentication: CHAP
    State: Success
    Last completed: 2022-11-15 18:49:58 UTC
    IPCP
    State: Ack-sent
    Last started: 2022-11-15 18:50:25 UTC
    Last completed: 2022-11-15 18:49:34 UTC
    Negotiated options:
    Primary DNS: 212.23.3.100, Secondary DNS: 212.23.6.100

    [edit]
    root@nagnai0mbpbri01# run show route

    inet.0: 2 destinations, 2 routes (2 active, 0 holddown, 0 hidden)
    + = Active Route, - = Last Active, * = Both

    192.0.2.8/29 *[Direct/0] 00:05:36
    > via ge-0/0/1.0
    192.0.2.9/32 *[Local/0] 00:05:36
    Local via ge-0/0/1.0

    [edit]
    root@nagnai0mbpbri01#

    
    Step3:
    
     To me the lack of the association between the pp0.0 and ge-0/0/1.0 interface feels strange so I add the unnumbered statement. But this makes no difference.



    root@nagnai0mbpbri01# show interfaces pp0
    unit 0 {
    ppp-options {
    chap {
    default-chap-secret "$9$FoO736ABIhv8x-VJDjiPfAp0BES"; ## SECRET-DATA
    local-name "user@isp";
    passive;
    }
    }
    pppoe-options {
    underlying-interface ge-0/0/0.0;
    auto-reconnect 10;
    client;
    }
    family inet {
    unnumbered-address ge-0/0/1.0;
    }
    }

    [edit]
    root@nagnai0mbpbri01# run show ppp interface extensive pp0.0
    Session pp0.0, Type: PPP, Phase: Network
    LCP
    State: Opened
    Last started: 2022-11-15 18:54:09 UTC
    Last completed: 2022-11-15 18:54:12 UTC
    Negotiated options:
    Authentication protocol: CHAP, Authentication algorithm: MD5,
    Magic number: 1668572450, Local MRU: 1492
    Authentication: CHAP
    State: Success
    Last completed: 2022-11-15 18:54:12 UTC
    IPCP
    State: Ack-sent
    Last started: 2022-11-15 18:54:12 UTC
    Last completed: 2022-11-15 18:53:49 UTC
    Negotiated options:
    Primary DNS: 212.23.3.100, Secondary DNS: 212.23.6.100

    [edit]
    root@nagnai0mbpbri01#

    [edit]
    root@nagnai0mbpbri01# run show route

    inet.0: 2 destinations, 2 routes (2 active, 0 holddown, 0 hidden)
    + = Active Route, - = Last Active, * = Both

    192.0.2.8/29 *[Direct/0] 00:08:59
    > via ge-0/0/1.0
    192.0.2.9/32 *[Local/0] 00:08:59
    Local











    SRX240 Version:

    root@nagnai0mbpbri01> show version
    Hostname: hostname
    Model: srx240h2
    JUNOS Software Release [12.1X46-D35.1]
    



    SRX240 IPv4 Config (Default route in config does not go into the routing table):

    ## Last changed: 2022-11-15 19:20:44 UTC
    version 12.1X46-D35.1;
    system {
    root-authentication {
    encrypted-password "$1$WcTbJ0q6$Tl2qPYYKUPSOgoBTR2s5Q/"; ## SECRET-DATA
    }
    name-server {
    208.67.222.222;
    208.67.220.220;
    }
    services {
    ssh;
    web-management {
    https {
    system-generated-certificate;
    interface vlan.0;
    }
    }
    }
    syslog {
    archive size 100k files 3;
    user * {
    any emergency;
    }
    file messages {
    any critical;
    authorization info;
    }
    file interactive-commands {
    interactive-commands error;
    }
    }
    max-configurations-on-flash 5;
    max-configuration-rollbacks 5;
    license {
    autoupdate {
    url https://ae1.juniper.net/junos/key_retrieval;
    }
    }
    }
    interfaces {
    ge-0/0/0 {
    unit 0 {
    encapsulation ppp-over-ether;
    }
    }
    ge-0/0/1 {
    unit 0 {
    family inet {
    address 62.3.66.9/29;
    }
    }
    }
    ge-0/0/2 {
    unit 0;
    }
    ge-0/0/3 {
    unit 0;
    }
    ge-0/0/4 {
    unit 0;
    }
    ge-0/0/5 {
    unit 0;
    }
    ge-0/0/6 {
    unit 0;
    }
    ge-0/0/7 {
    unit 0;
    }
    ge-0/0/8 {
    unit 0;
    }
    ge-0/0/9 {
    unit 0;
    }
    ge-0/0/10 {
    unit 0;
    }
    ge-0/0/11 {
    unit 0;
    }
    ge-0/0/12 {
    unit 0;
    }
    ge-0/0/13 {
    unit 0;
    }
    ge-0/0/14 {
    unit 0;
    }
    ge-0/0/15 {
    unit 0;
    }
    pp0 {
    unit 0 {
    ppp-options {
    chap {
    default-chap-secret "$9$FoO736ABIhv8x-VJDjiPfAp0BES"; ## SECRET-DATA
    local-name "zen333814@zen";
    passive;
    }
    }
    pppoe-options {
    underlying-interface ge-0/0/0.0;
    auto-reconnect 10;
    client;
    }
    family inet;
    }
    }
    }
    routing-options {
    static {
    route 0.0.0.0/0 next-hop pp0.0;
    }
    }
    protocols {
    stp;
    }
    security {
    policies {
    from-zone trust to-zone untrust {
    policy tr-un {
    match {
    source-address any;
    destination-address any;
    application any;
    }
    then {
    permit;
    }
    }
    }
    from-zone untrust to-zone trust {
    policy un-tr {
    match {
    source-address any;
    destination-address any;
    application any;
    }
    then {
    permit;
    }
    }
    }
    }
    zones {
    security-zone trust {
    interfaces {
    ge-0/0/1.0 {
    host-inbound-traffic {
    system-services {
    all;
    }
    }
    }
    }
    }
    security-zone untrust {
    interfaces {
    pp0.0 {
    host-inbound-traffic {
    system-services {
    all;
    }
    }
    }
    }
    }
    }
    }


    ------------------------------
    Thomas Morgan
    ------------------------------