Junos OS

 View Only
last person joined: 7 days ago 

Ask questions and share experiences about Junos OS.
  • 1.  Knowledge issue..

    Posted 02-23-2024 06:20

    Hi all,
    I'm struggling with the following setup. Purpose is to create a management segment for our datcenter equipment.

    JSC can ping all hosts on MGMT switch through st0.0
    Office location can only ping reth7 (ge-0/0/5 / ge-5/0/5) through st0.1
    Zones / policies exsist imho to pass all traffic
    What I have diagnosed this far is that traffic that originates on hosts in MGMT switch (also replies from these hosts) fail with some routing related issue:
    Feb 22 22:41:11 22:41:11.847310:CID-1:RT:flow_process_pkt_exception: Freeing lpak 0x22c8c10 associated with mbuf 0x61024580
    Feb 22 22:41:11 22:41:11.847310:CID-1:RT: ---- flow_process_pkt rc 0x0 (fp rc 0)
    (Hope I interpret this right)
    I have set up:
    system management-instance
    routing-instances {
        mgmt_junos {
            description MANAGEMENT-INSTANCE;
            routing-options {
                static {
                    route -Juniper Secure Client Subnet- next-hop st0.0;
    routing-options {
        static {
            route next-hop -gateway-;
            route -Juniper Secure Client Subnet- next-hop st0.0;
            route -office location subnet- next-hop st0.1;
    -node0-srx> show route table inet.0
    inet.0: 11 destinations, 11 routes (11 active, 0 holddown, 0 hidden)
    + = Active Route, - = Last Active, * = Both
                                         *[Static/5] 3d 01:13:17
                                                                  >  to a.b.c.d. via reth5.0
    management/24                        *[Direct/0] 3d 01:13:17
                                                                  >  via reth7.0
    management (zone)/32         *[Local/0] 3d 01:13:17
                                                                    Local via reth7.0
    secure-client/24                       *[Static/5] 3d 01:13:13
                                                                 >  via st0.0
    host in secure-client/32       *[Static/5] 01:11:06
                                                                 >  via st0.0
    office-location/24                    *[Static/5] 2d 21:12:43
                                                                 >  via st0.1
    untrust gateway/28                *[Direct/0] 3d 01:13:17
                                                                 >  via reth5.0
    we-untrust/32                           *[Local/0] 3d 01:13:17
                                                                    Local via reth5.0
    -node0-srx> show route table mgmt_junos.inet.0
    mgmt_junos.inet.0: 2 destinations, 2 routes (2 active, 0 holddown, 0 hidden)
    + = Active Route, - = Last Active, * = Both
    management/24                  *[Direct/0] 3d 01:13:36
                                                              >  via fxp0.0
    management (self)/32      *[Local/0] 3d 01:13:36
                                                               Local via fxp0.0
    I hope someone this makes sense to someone..
    I'm afraid i'm short on (routing) knowledge here.. 
    Thanks in advance,