Routing

 View Only
last person joined: 2 days ago 

Ask questions and share experiences about ACX Series, CTP Series, MX Series, PTX Series, SSR Series, JRR Series, and all things routing, including portfolios and protocols.
  • 1.  SRX cluster and QFX VPC inter-vlan routing

    Posted 07-13-2022 20:59
      |   view attached

    Hello,

    I'm fairly new to Juniper, so if this is obvious.

    I have two SRX320  setup in a cluster, and two QFX3500 setup in a VPC.

    There is a single reth on the SRX cluster, with multiple VLANs associated.

    On the QFX VPC I have setup IRB interfaces for each VLAN.

    Traffic will flow appropriately across the VLAN, but not between VLANs.

    On the QFX VPC, all VLANs excluding one are in a routing instance. On the SRX cluster, all VLANs excluding one are in the same routing instance.

    The idea is that my `trusted` VLANs should be able to route freely between each other, but my `untrusted` VLAN has to route via my SRX cluster before it can route to another VLAN.

    Please find a logical topology attached. Its fairly rough.

    And paste bin links for my switch (qfx - Pastebin.com ) and firewall (SRX paste - Pastebin.com ) configurations.

    Hosts attached to the switch are able to get DHCP leases fine, and can ping both the QFX IRB interface and the SRX reth interface for their specific VLAN/subnets, but can't ping anything outside their subnet/VLAN.



    ------------------------------
    ALEXANDER HUSSEY
    ------------------------------

    Attachment(s)



  • 2.  RE: SRX cluster and QFX VPC inter-vlan routing

    Posted 07-13-2022 22:43

    Some additional information

    Routing table: lan-trusted.inet
    Internet:
    Destination        Type RtRef Next hop           Type Index    NhRef Netif
    default            perm     0                    rjct     1728     1
    0.0.0.0/32         perm     0                    dscd     1726     1
    10.10.0.0/16       intf     0                    rslv     1785     1 irb.300
    10.10.0.0/32       dest     0 10.10.0.0          recv     1783     1 irb.300
    10.10.255.254/32   intf     0 10.10.255.254      locl     1784     2
    10.10.255.254/32   dest     0 10.10.255.254      locl     1784     2
    10.10.255.255/32   dest     0 10.10.255.255      bcst     1782     1 irb.300
    172.18.0.0/16      intf     0                    rslv     1773     1 irb.350
    172.18.0.0/32      dest     0 172.18.0.0         recv     1771     1 irb.350
    172.18.255.254/32  intf     0 172.18.255.254     locl     1772     2
    172.18.255.254/32  dest     0 172.18.255.254     locl     1772     2
    172.18.255.255/32  dest     0 172.18.255.255     bcst     1770     1 irb.350
    192.168.1.0/24     intf     0                    rslv     1801     1 irb.1
    192.168.1.0/32     dest     0 192.168.1.0        recv     1799     1 irb.1
    192.168.1.1/32     dest     0 0:10:db:ff:10:0    ucst     1830     1 ae1.0
    192.168.1.10/32    dest     0 c:f5:a4:d3:f3:18   ucst     1825     1 ge-0/0/38.0
    192.168.1.254/32   intf     0 192.168.1.254      locl     1800     2
    192.168.1.254/32   dest     0 192.168.1.254      locl     1800     2
    192.168.1.255/32   dest     0 192.168.1.255      bcst     1798     1 irb.1
    192.168.100.0/24   intf     0                    rslv     1797     1 irb.100
    192.168.100.0/32   dest     0 192.168.100.0      recv     1795     1 irb.100
    192.168.100.1/32   dest     0 0:10:db:ff:10:0    ucst     1824     1 ae1.0
    192.168.100.254/32 intf     0 192.168.100.254    locl     1796     2
    192.168.100.254/32 dest     0 192.168.100.254    locl     1796     2
    192.168.100.255/32 dest     0 192.168.100.255    bcst     1794     1 irb.100
    192.168.101.0/24   intf     0                    rslv     1793     1 irb.101
    192.168.101.0/32   dest     0 192.168.101.0      recv     1791     1 irb.101
    192.168.101.254/32 intf     0 192.168.101.254    locl     1792     2
    192.168.101.254/32 dest     0 192.168.101.254    locl     1792     2
    192.168.101.255/32 dest     0 192.168.101.255    bcst     1790     1 irb.101
    192.168.103.0/24   intf     0                    rslv     1789     1 irb.103
    192.168.103.0/32   dest     0 192.168.103.0      recv     1787     1 irb.103
    192.168.103.1/32   dest     0 0:10:db:ff:10:0    ucst     1827     1 ae1.0
    192.168.103.10/32  dest     0 80:fa:5b:1a:e7:82  ucst     1829     1 ge-0/0/38.0
    192.168.103.11/32  dest     0 0:9:b0:4b:1e:f     ucst     1832     1 ge-0/0/38.0
    192.168.103.254/32 intf     0 192.168.103.254    locl     1788     2
    192.168.103.254/32 dest     0 192.168.103.254    locl     1788     2
    192.168.103.255/32 dest     0 192.168.103.255    bcst     1786     1 irb.103
    224.0.0.0/4        perm     0                    mdsc     1727     1
    224.0.0.1/32       perm     0 224.0.0.1          mcst     1730     1
    255.255.255.255/32 perm     0                    bcst     1731     1
    
    show route instance 
    Instance             Type
             Primary RIB                                     Active/holddown/hidden
    
    lan-trusted          virtual-router 
             lan-trusted.inet.0                              15/0/0





    ------------------------------
    ALEXANDER HUSSEY
    ------------------------------



  • 3.  RE: SRX cluster and QFX VPC inter-vlan routing

    Posted 07-13-2022 23:42

    I thought it might be a reflective relay issue, as the clients are connected to one physical interface at the moment.

    unfortunately `set interfaces ge-0/0/38 unit 0 family ethernet-switching reflective-relay` isn't an option on my QFX3500 :(



    ------------------------------
    ALEXANDER HUSSEY
    ------------------------------



  • 4.  RE: SRX cluster and QFX VPC inter-vlan routing

    Posted 07-16-2022 21:24
    I've had no further success with my my inter-vlan routing isn't working

    ------------------------------
    ALEXANDER HUSSEY
    ------------------------------