SRX

 View Only
last person joined: yesterday 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.
  • 1.  Route Leaking using Instance Import - not able to ping static routes and switchport vlan host

    This message was posted by a user wishing to remain anonymous
    Posted 03-21-2022 05:30
    This message was posted by a user wishing to remain anonymous

    Hi Team, 

    I am having some issue route leaking between 2 VRFs. 
    All directly connected devices are showing on both routing table of the 2 VRF but not the switchport/vlan20 host and static routes. 
    I have used RIB at the beginning but no success so decided to use instance import.
    Here is my config below. Thanks in advance. 



    SRX 1500 config:
    set interfaces ge-0/0/1 unit 0 family inet address 192.168.10.1/24
    set interfaces ge-0/0/2 unit 0 family ethernet-switching interface-mode access
    set interfaces ge-0/0/2 unit 0 family ethernet-switching vlan members VLAN20
    set interfaces ge-0/0/3 unit 0 family ethernet-switching interface-mode access
    set interfaces ge-0/0/3 unit 0 family ethernet-switching vlan members VLAN20
    set interfaces irb unit 20 description "Switchport VLAN20"
    set interfaces irb unit 20 family inet address 192.168.50.1/24
    set vlans VLAN20 description "Switchport VLAN20"
    set vlans VLAN20 vlan-id 20
    set vlans VLAN20 l3-interface irb.20
    set vlans vlan-trust vlan-id 3
    set vlans vlan-trust l3-interface irb.0
    set security zones security-zone SOC01-TRUST interfaces ge-0/0/1.0 host-inbound-traffic system-services all
    set security zones security-zone SOC01-TRUST interfaces ge-0/0/1.0 host-inbound-traffic system-services ping
    set security zones security-zone SOC02-TRUST interfaces irb.20 host-inbound-traffic system-services all
    set security zones security-zone SOC02-TRUST interfaces irb.20 host-inbound-traffic system-services ping
    set routing-options instance-import SOC01-to-SOC02
    set policy-options policy-statement SOC01-to-SOC02 term 1 from protocol static
    set policy-options policy-statement SOC01-to-SOC02 term 1 from route-filter 172.0.0.0/24 orlonger 
    set policy-options policy-statement SOC01-to-SOC02 term 1 then accept
    set policy-options policy-statement SOC01-to-SOC02 from instance SOC01
    set policy-options policy-statement SOC01-to-SOC02 then accept
    set policy-options policy-statement SOC02-to-SOC01 term t1 from instance SOC02
    set policy-options policy-statement SOC02-to-SOC01 term t1 from route-filter 192.168.50.1/24 orlonger
    set policy-options policy-statement SOC02-to-SOC01 term t1 then accept
    set policy-options policy-statement SOC02-to-SOC01 term t2 then reject
    set policy-options policy-statement SOC02-to-SOC01 from instance SOC02
    set policy-options policy-statement SOC02-to-SOC01 then accept
    set routing-instances SOC01 instance-type virtual-router
    set routing-instances SOC01 interface ge-0/0/1.0
    set routing-instances SOC01 routing-options static route 172.31.139.0/24 next-hop 172.31.131.17
    set routing-instances SOC01 routing-options static route 172.31.135.0/24 next-hop 172.31.131.17
    set routing-instances SOC01 routing-options instance-import SOC02-to-SOC01
    set routing-instances SOC02 instance-type virtual-router
    set routing-instances SOC02 interface irb.20
    set routing-instances SOC02 routing-options instance-import SOC01-to-SOC02

    ==== Ping ====
    c4iadmin> ping routing-instance SOC01 192.168.50.1
    PING 192.168.50.1 (192.168.50.1): 56 data bytes
    64 bytes from 192.168.50.1: icmp_seq=0 ttl=64 time=0.195 ms
    64 bytes from 192.168.50.1: icmp_seq=1 ttl=64 time=0.558 ms
    64 bytes from 192.168.50.1: icmp_seq=2 ttl=64 time=0.142 ms
    ^C
    --- 192.168.50.1 ping statistics ---
    3 packets transmitted, 3 packets received, 0% packet loss
    round-trip min/avg/max/stddev = 0.142/0.298/0.558/0.185 ms

    c4iadmin> ping routing-instance SOC01 192.168.10.1
    PING 192.168.10.1 (192.168.10.1): 56 data bytes
    64 bytes from 192.168.10.1: icmp_seq=0 ttl=64 time=0.189 ms
    64 bytes from 192.168.10.1: icmp_seq=1 ttl=64 time=0.142 ms
    64 bytes from 192.168.10.1: icmp_seq=2 ttl=64 time=0.171 ms
    ^C
    --- 192.168.10.1 ping statistics ---
    3 packets transmitted, 3 packets received, 0% packet loss
    round-trip min/avg/max/stddev = 0.142/0.167/0.189/0.019 ms

    c4iadmin> ping routing-instance SOC02 192.168.10.1
    PING 192.168.10.1 (192.168.10.1): 56 data bytes
    64 bytes from 192.168.10.1: icmp_seq=0 ttl=64 time=0.188 ms
    64 bytes from 192.168.10.1: icmp_seq=1 ttl=64 time=0.141 ms
    64 bytes from 192.168.10.1: icmp_se^C
    --- 192.168.10.1 ping statistics ---
    3 packets transmitted, 3 packets received, 0% packet loss
    round-trip min/avg/max/stddev = 0.141/0.170/0.188/0.021 ms
    c4iadmin> ping routing-instance SOC02 192.168.50.1
    PING 192.168.50.1 (192.168.50.1): 56 data bytes
    64 bytes from 192.168.50.1: icmp_seq=0 ttl=64 time=0.190 ms
    64 bytes from 192.168.50.1: icmp_seq=1 ttl=64 time=0.170 ms
    ^C
    --- 192.168.50.1 ping statistics ---
    2 packets transmitted, 2 packets received, 0% packet loss
    round-trip min/avg/max/stddev = 0.170/0.180/0.190/0.010 ms
    ===== route table ======
    admin> show route terse

    inet.0: 9 destinations, 9 routes (9 active, 0 holddown, 0 hidden)
    + = Active Route, - = Last Active, * = Both

    A V Destination        P Prf   Metric 1   Metric 2  Next hop        AS path
    * ? 1.0.0.1/32         L   0                        Reject
    * ? 1.0.0.2/32         L   0                        Reject
    * ? 172.16.251.184/32  L   0                        Reject
    * ? 172.31.131.25/32   L   0                        Reject
    * ? 192.168.1.1/32     L   0                        Reject
    * ? 192.168.10.0/24    D   0                       >ge-0/0/1.0
    * ? 192.168.10.1/32    L   0                        Local
    * ? 192.168.40.1/32    D   0                       >lo0.10
    * ? 192.168.251.1/32   L   0                        Reject

    SOC01.inet.0: 4 destinations, 4 routes (4 active, 0 holddown, 0 hidden)
    + = Active Route, - = Last Active, * = Both

    A V Destination        P Prf   Metric 1   Metric 2  Next hop        AS path
    * ? 192.168.10.0/24    D   0                       >ge-0/0/1.0
    * ? 192.168.10.1/32    L   0                        Local
    * ? 192.168.40.1/32    D   0                       >lo0.10
    * ? 192.168.50.1/32    L   0                        Local

    SOC02.inet.0: 5 destinations, 5 routes (5 active, 0 holddown, 0 hidden)
    + = Active Route, - = Last Active, * = Both

    A V Destination        P Prf   Metric 1   Metric 2  Next hop        AS path
    * ? 192.168.10.0/24    D   0                       >ge-0/0/1.0
    * ? 192.168.10.1/32    L   0                        Local
    * ? 192.168.40.1/32    D   0                       >lo0.10
    * ? 192.168.50.0/24    D   0                       >irb.20
    * ? 192.168.50.1/32    L   0                        Local

    c4iadmin> show arp no-resolve
    MAC Address       Address         Interface         Flags
    3c:52:82:4b:45:87 192.168.10.9    ge-0/0/1.0               none
    cc:52:af:3d:dc:8e 192.168.50.10   irb.20                   none
    Total entries: 2
    Unable to ping the host 192.168.50.10
    admin> ping routing-instance SOC02 192.168.50.10
    PING 192.168.50.10 (192.168.50.10): 56 data bytes
    ^C
    --- 192.168.50.10 ping statistics ---
    4 packets transmitted, 0 packets received, 100% packet loss

    admin> ping routing-instance SOC01 192.168.50.10
    PING 192.168.50.10 (192.168.50.10): 56 data bytes
    ping: sendto: No route to host
    ping: sendto: No route to host
    ^C
    --- 192.168.50.10 ping statistics ---
    2 packets transmitted, 0 packets received, 100% packet loss


  • 2.  RE: Route Leaking using Instance Import - not able to ping static routes and switchport vlan host

    Posted 03-21-2022 05:54
    Not sure if this is the cause, but generally Junos requires that subnets be declared from the first address and not any within it.
    So 192.168.50.1/24  should be 192.168.50.0/24 on the filter.

    ------------------------------
    Steve Puluka BSEET - Juniper Ambassador
    IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)
    http://puluka.com/home
    ------------------------------



  • 3.  RE: Route Leaking using Instance Import - not able to ping static routes and switchport vlan host

    Posted 03-23-2022 09:22
    thanks I have tried that prior to posting here but still not working for me.

    ------------------------------
    Allen Amarante
    ------------------------------