SRX

 View Only
last person joined: yesterday 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.

  • 1.  Knowledge issue..

    Posted 02-23-2024 06:20

    Hi all,
    I'm struggling with the following setup. Purpose is to create a management segment for our datcenter equipment.

    JSC can ping all hosts on MGMT switch through st0.0
    Office location can only ping reth7 (ge-0/0/5 / ge-5/0/5) through st0.1
     
    Zones / policies exsist imho to pass all traffic
     
    What I have diagnosed this far is that traffic that originates on hosts in MGMT switch (also replies from these hosts) fail with some routing related issue:
     
    Feb 22 22:41:11 22:41:11.847310:CID-1:RT:flow_process_pkt_exception: Freeing lpak 0x22c8c10 associated with mbuf 0x61024580
    Feb 22 22:41:11 22:41:11.847310:CID-1:RT: ---- flow_process_pkt rc 0x0 (fp rc 0)
    (Hope I interpret this right)
     
    I have set up:
     
    system management-instance
     
    routing-instances {
        mgmt_junos {
            description MANAGEMENT-INSTANCE;
            routing-options {
                static {
                    route -Juniper Secure Client Subnet- next-hop st0.0;
                }
            }
        }
    }
    routing-options {
        static {
            route 0.0.0.0/0 next-hop -gateway-;
            route -Juniper Secure Client Subnet- next-hop st0.0;
            route -office location subnet- next-hop st0.1;
        }
    }
     
    -node0-srx> show route table inet.0
     
    inet.0: 11 destinations, 11 routes (11 active, 0 holddown, 0 hidden)
    + = Active Route, - = Last Active, * = Both
     
    0.0.0.0/0                                         *[Static/5] 3d 01:13:17
                                                                  >  to a.b.c.d. via reth5.0
     
    management/24                        *[Direct/0] 3d 01:13:17
                                                                  >  via reth7.0
    management (zone)/32         *[Local/0] 3d 01:13:17
                                                                    Local via reth7.0
    secure-client/24                       *[Static/5] 3d 01:13:13
                                                                 >  via st0.0
    host in secure-client/32       *[Static/5] 01:11:06
                                                                 >  via st0.0
    office-location/24                    *[Static/5] 2d 21:12:43
                                                                 >  via st0.1
    untrust gateway/28                *[Direct/0] 3d 01:13:17
                                                                 >  via reth5.0
    we-untrust/32                           *[Local/0] 3d 01:13:17
                                                                    Local via reth5.0
     
    {primary:node0}
    -node0-srx> show route table mgmt_junos.inet.0
     
    mgmt_junos.inet.0: 2 destinations, 2 routes (2 active, 0 holddown, 0 hidden)
    + = Active Route, - = Last Active, * = Both
     
    management/24                  *[Direct/0] 3d 01:13:36
                                                              >  via fxp0.0
    management (self)/32      *[Local/0] 3d 01:13:36
                                                               Local via fxp0.0
       
       
    I hope someone this makes sense to someone..
    I'm afraid i'm short on (routing) knowledge here.. 
    Thanks in advance,
    Regards,
    Meindert.


    ------------------------------
    MEINDERT UITMAN
    ------------------------------