Routing

## Warning: statement ignored: unsupported platform (ex4200-24t)Hey, 

i have configured two routing-instances of type virtual-router on the ex4200.

i want to route between them for some reason;) 

it works on my srx240, with static routes with next-table command, but on the ex4200 this command is not supported.

is there any way to get this to work on an ex4200?

my whole scenario is described here: 

http://forums.juniper.net/t5/Routing/One-arm-Router-EX4200-virtual-routing-Problem/m-p/71614

EDIT: clarification:

i replaced "network 1" with "computer 1"

and "server" with "computer 2"

VR1 with interfaces ge-0/0/0 and ge-0/0/5

VR2 with interfaces ge-0/0/6 and ge-0/0/23

i want traffic from computer1 to computer2 to be routed 

ge-0/0/0 -> ge-0/0/5 -> SRX-ge-0/0/0 -> SRX-ge-0/0/1 -> ge-0/0/6 -> ge-0/0/23

but traffic from computer2 to computer1 without the srx part, so 

ge-0/0/23 -> ge-0/0/6 -> ge-0/0/5 -> ge-0/0/0

(so i would put something like

VR2

  routing-options

       static

             route server-subnet next-hop r

             route 0.0.0.0/0 next-table vr1.inet.0  

(which is obviously not supported due to "## Warning: statement ignored: unsupported platform (ex4200-24t) "

hope this was not too complicated to understand;)

Hi,

next-table is not supported on EX. You have to use policies (also notice you cannot leak directly connected routes; no problem with statics and dynamic routes):

root@router# show policy-options

policy-statement Import-from-Jordan {

    term 1 {

        from instance Jordan;

        then accept;

    }

}

policy-statement import-from-Jarvis {

    term 1 {

        from instance Jarvis;

        then accept;

    }

}

root@router# show routing-instances

Jarvis {

    instance-type virtual-router;

    interface ge-0/0/0.20;

    routing-options {

        static {

            route 11.0.0.0/8 next-hop 1.0.0.2;

            route 12.0.0.0/8 next-hop 2.0.0.2;

        }

        instance-import Import-from-Jordan;

    }

}

Jordan {

    instance-type virtual-router;

    interface ge-0/0/0.10;

    routing-options {

        instance-import import-from-Jarvis;              

    }

}

Kind Regards

Michael Pergament

If this worked for you please flag my post as an "Accepted Solution" so others can benefit. A kudo would be cool if you think I earned it.

thanks for the response, ill try that as soon as possible and get back to you;)

this is "somehow" working. 

i imported the route from vr1 into vr2, and i can ping/trace/ssh from a computer1 on ge-0/0/0.0 to the computer2 connected to ge-0/0/23.  so it works obviously, because vr2 doesnt have a static route for 0/0 and "show routes" on vr2 lists ge-0/0/0.0 for 0/0.)

(i obviously import only vr1 into vr2 not vice versa, because i of my scenario)

BUT here is another problem with this.

- i can NOT traceroute back from the computer on ge-0/0/23 to the one on ge-0/0/0.0, it just prints " * * * "  until i stop the trace, (i guess this is because vr1 hands packets to vr2 by voodoo through the import)

- AND ssh to computer2 times out after like 10 seconds everytime ( this i dont get.). 

any ideas?

Hi,

do you see packet loss with e.g. continuos ping?

Kind Regards

Michael Pergament

i dont.

i run ping both ways, no problems with that (infinite number of pings)

latency is about 1ms (0.7 to 1.5) (both ways)

btw ssh times out after about 10seconds every time.

i'm pretty sure the ssh timeout has to do something with the import-policy, because if i replace it with a static route so traffic from comp2 to comp1 goes through my srx (like traffic the other way around) it works without problems.

side fact: (no idea if thats important)

if i replace computer 1 (windows 7 machine) with another srx210, ping time on this srx is shown as 2.5ms to 3 ms, with "spikes" to 8-9ms.

computer 2 is an ubuntu machine. (all pings with same 56 byte size)

How your setup looks like exactly? Just two PCs connected to EX4200 directly (then why are you talking about SRX)?

Kind Regards

Michael Pergament

i'm sorry if i confused you, i include part of the first post and added some edits to clarify (i hope):

i configured:

EX4200 ge-0/0/0 connected to computer 1

EX4200 ge-0/0/5 connected to SRX240 ge-0/0/0

VR1 (on EX) with interfaces ge-0/0/0 and ge-0/0/5

EX4200 ge-0/0/6 connected to SRX240 ge-0/0/1

EX4200 ge-0/0/23 connected to computer 2

VR2 (on EX) with interfaces ge-0/0/6 and ge-0/0/23

i want traffic from computer1 to computer2 to be routed 

ge-0/0/0 -> ge-0/0/5 -> SRX-ge-0/0/0 -> SRX-ge-0/0/1 -> ge-0/0/6 -> ge-0/0/23

but traffic from computer2 to computer1 without the srx part, so 

ge-0/0/23 -> ge-0/0/6 -> ge-0/0/5 -> ge-0/0/0

routing-options on VR1:

static route 0/0 next-hop computer1 (yes its ip address here;-) )

static route to computer2-network next-hop srx-g0/0/0

routing-options on SRX:

static route to computer2-network next-hop ex-g0/0/6

static route 0/0 next-hop ex-ge0/0/5

Routing-options VR2:

import VR1-policy (importing all) <<< this is to get the 0/0 route to computer 1 into VR2.

<<< if i replace this with a static route to srx-ge0/0/1 it works fine, but doesn't fulfill what i wanted to do really;)

hope that's easier to understand.

How this should work as SRX is stateful device? SYN goes to SRX but SRX will never see SYN ACK so you end up in half-embryonic connection which times out on SRX.

Kind Regards

Michael Pergament

i thought so too, yet ssh does work for some seconds, and pings work all day as i stated, obviously my technical understanding of the whole routing idea is wrong,

Big Thanks anyways for your time and effort, at least it helped with my original question regarding the VR-policy-import, maybe i'll still get to use it somehow someday.

so is there any way to have outgoing traffic take another route than incoming?

would be pretty senseless to use the one-arm-router topology if everything goes through the "arm" anyways..