vSRX

  • 1.  Unable to ping PC when vsrx is in Cluster mode

    Posted 02-04-2018 04:00

    Hi Team

    I guess am doing something wrong but can someone look at this.

    I have 2 vSRX in cluster mode on eve-ng (simulation tool). I cannot ping the PC connected. Please see config and topology attached. any ideas please?

     


    #vSRX


  • 2.  RE: Unable to ping PC when vsrx is in Cluster mode

    Posted 02-04-2018 04:02

    Please see topologtopology.PNG



  • 3.  RE: Unable to ping PC when vsrx is in Cluster mode

     
    Posted 02-04-2018 21:13

    Hello 

     

    One more thing, to eliminate the switch:

    configure a new port ge-0/0/3 on the vSRX cluster

    no need to put it in a reth

    you can give it an IP and connect a PC directly to ge-0/0/3 and check L2/L3 connectivity

    Regards,

     

    Vikas



  • 4.  RE: Unable to ping PC when vsrx is in Cluster mode

    Posted 02-05-2018 04:50

    yes it looks like a eve-ng issue. I have started from scratch: one vsrx, one pc, one switch and one pc. And I can ping. as soon as I enable chasis cluster and reboot (set chassis cluster cluster-id 1 node 0 reboot), I cannot ping again.



  • 5.  RE: Unable to ping PC when vsrx is in Cluster mode
    Best Answer

    Posted 08-11-2018 05:01

    ge-0/0/2 is actually ge-0/0/1 in eve-ng.

     

    so

    replace pattern ge-0/0/2 with ge-0/0/1

    replace pattern ge-7/0/2 with ge-7/0/1

    pleae check if this resolves your issue. I replicated your topology and from PC I can ping reth0.0 IP on SRX and vice versa.

     

    My Config

    =========

    set chassis cluster control-link-recovery
    set chassis cluster reth-count 2
    set chassis cluster redundancy-group 0 node 0 priority 200
    set chassis cluster redundancy-group 0 node 1 priority 100
    set chassis cluster redundancy-group 1 node 0 priority 200
    set chassis cluster redundancy-group 1 node 1 priority 100

     

    set interfaces ge-0/0/1 gigether-options redundant-parent reth0
    set interfaces ge-7/0/1 gigether-options redundant-parent reth0
    set interfaces fab0 fabric-options member-interfaces ge-0/0/0
    set interfaces fab1 fabric-options member-interfaces ge-7/0/0

    set interfaces reth0 redundant-ether-options redundancy-group 1
    set interfaces reth0 unit 0 family inet address 10.10.10.1/24

     

    =======

    root> show chassis cluster status
    Monitor Failure codes:
        CS  Cold Sync monitoring        FL  Fabric Connection monitoring
        GR  GRES monitoring             HW  Hardware monitoring
        IF  Interface monitoring        IP  IP monitoring
        LB  Loopback monitoring         MB  Mbuf monitoring
        NH  Nexthop monitoring          NP  NPC monitoring              
        SP  SPU monitoring              SM  Schedule monitoring
        CF  Config Sync monitoring
     
    Cluster ID: 1
    Node   Priority Status         Preempt Manual   Monitor-failures

    Redundancy group: 0 , Failover count: 1
    node0  200      primary        no      no       None           
    node1  100      secondary      no      no       None           

    Redundancy group: 1 , Failover count: 1
    node0  200      primary        no      no       None           
    node1  100      secondary      no      no       None           

    {primary:node0}
    root> show chassis cluster interfaces
    Control link status: Up

    Control interfaces:
        Index   Interface   Monitored-Status   Internal-SA   Security
        0       em0         Up                 Disabled      Disabled  

    Fabric link status: Up

    Fabric interfaces:
        Name    Child-interface    Status                    Security
                                   (Physical/Monitored)
        fab0    ge-0/0/0           Up   / Up                 Disabled   
        fab0   
        fab1    ge-7/0/0           Up   / Up                 Disabled   
        fab1   

    Redundant-ethernet Information:     
        Name         Status      Redundancy-group
        reth0        Up          1                
        reth1        Down        Not configured   
       
    Redundant-pseudo-interface Information:
        Name         Status      Redundancy-group
        lo0          Up          0                

    {primary:node0}

    VPC

    ====

    VPCS> ip 10.10.10.10/24 10.10.10.1
    Checking for duplicate address...
    PC1 : 10.10.10.10 255.255.255.0 gateway 10.10.10.1

    VPCS> ping 10.10.10.1

    84 bytes from 10.10.10.1 icmp_seq=1 ttl=64 time=63.270 ms
    84 bytes from 10.10.10.1 icmp_seq=2 ttl=64 time=1.071 ms
    84 bytes from 10.10.10.1 icmp_seq=3 ttl=64 time=1.110 ms
    84 bytes from 10.10.10.1 icmp_seq=4 ttl=64 time=0.842 ms
    84 bytes from 10.10.10.1 icmp_seq=5 ttl=64 time=1.033 ms


    SRX

    ======

    root> ping 10.10.10.10
    PING 10.10.10.10 (10.10.10.10): 56 data bytes
    64 bytes from 10.10.10.10: icmp_seq=0 ttl=64 time=5.059 ms
    64 bytes from 10.10.10.10: icmp_seq=1 ttl=64 time=3.487 ms
    64 bytes from 10.10.10.10: icmp_seq=2 ttl=64 time=3.616 ms
    ^C
    --- 10.10.10.10 ping statistics ---
    3 packets transmitted, 3 packets received, 0% packet loss
    round-trip min/avg/max/stddev = 3.487/4.054/5.059/0.713 ms

    {primary:node0}
    root> show arp no-resolve
    MAC Address       Address         Interface         Flags
    00:50:79:66:68:04 10.10.10.10     reth0.0                  none
    4c:96:14:70:bf:b0 30.17.0.2       fab0.0                   permanent
    4c:96:14:8d:7a:b0 30.18.0.1       fab1.0                   permanent
    50:00:00:01:00:01 129.16.0.16     em0.0                    none
    02:00:00:02:01:04 130.16.0.1      em0.0                    none
    50:00:00:02:00:01 130.16.0.16     em0.0                    none
    aa:bb:cc:dd:ee:ff 192.168.1.1     em1.32768                none

     

     

     



  • 6.  RE: Unable to ping PC when vsrx is in Cluster mode

    Posted 08-30-2019 03:25

    Hi, iam using eve-ng and vSRX release :

    Junos: 15.1X49-D180.2
    JUNOS Software Release [15.1X49-D180.2]

     

    follow the standard configuration, but i cannot ping the reth0.0 form my switch and vice versa, i noticed also thats the is no apr request/reply from/to  Juniper

     

    Any idea ?

     

    Thanks

     

    regards



  • 7.  RE: Unable to ping PC when vsrx is in Cluster mode

     
    Posted 08-30-2019 03:36
    Hello,

    This may happen if the interface reth0.0 is not associated with a security zone. Could you please check this?

    Associating an interface with a security zone and allow ping:
    set security zone security-zone <zone-name> interface reth0.0
    set security zone security-zone <zone-name> host-inbound-traffic system-services ping

    Could you please provide the output of? show configuration | display set | match reth0

    I hope this helps. Best Regards,

    Vikas



    Juniper Business Use Only</zone-name></zone-name>


  • 8.  RE: Unable to ping PC when vsrx is in Cluster mode

    Posted 04-04-2022 05:41
    Hello Erdem,

    Can you please help us to know who did you configure control links? From the configuration snippet you shared , there is no mentioning of control ports. However fabric ports are there. Control link port is by default em0? If so , do we need to have some switch that connects em0 of both vSRXs together?

    Thanks


  • 9.  RE: Unable to ping PC when vsrx is in Cluster mode

    Posted 07-26-2022 09:39
    user below link to know interface naming, it will help to know how you need to assign interface while doing lab in eve-ng.

    https://www.juniper.net/documentation/en_US/vsrx/topics/reference/general/security-vsrx-interface-names.html

    ------------------------------
    NURDIN SHEKIVULI
    ------------------------------



  • 10.  RE: Unable to ping PC when vsrx is in Cluster mode

     
    Posted 02-04-2018 21:10

    Hello 

     

    I am not familiar with the eve-ng virtualization software, but looks like the control and fab L2 connectivity are working fine since the cluster is healthy. Therefore I dont see any reason why the LAN L2 connectivity should have a problem.

     

    Did you get a chance to check the arp table on the srx "show arp no-resolve" on the vSRX and the mac-address table on the switch?

     

    Regards,

     

    Vikas