SRX

Anyone run into an issue where an interface just stops forwarding traffic completely on a SRX650 running 10.4? Today my internet interface just stopped forwarding traffic in/out. The 4 other interfaces were fine. I was not able to ping my next hop, but but looking in the arp table I can certainly see it. I even cleared arp and it was back again. I enable icmp on the interface was my provider was not able to ping me, but did have arp. I wish I could have spent more time troubleshooting but the small data center needs working internet. I rebooted the SRX and it failover to the other node which fixed. I was able to fail back like normal. I have a case open with JTAC, but just looking for the people who have to deal with nonsense like me. 

 

Also, would tracking my next-hop maybe fail this node over in this case you think? Just wondering if I should turn that on and turn off preempt.

 

Few things I have enabled: IDP, HA Cluster, single VPN tunnel as a backup to another circuit failure, OSPF.

 

Thanks!

Do you by chance have a duplex mismatch on a interface not including the onboard ports.  I.E. a port on a 16x GE gPIM?

I am thinking that there may be a speed/duplex mismatch, but the chassis are clustered and gives me an error when i try to them: 

 

 

 

 

 

[edit interfaces ge-2/0/11]

+   speed 100m;

+   link-mode full-duplex;

 

 

 

[edit interfaces ge-2/0/11 gigether-options]  'redundant-parent'    redundant child device link-mode setting is not allowed[edit interfaces]  'ge-2/0/11'    Platform: gigether options parsing failserror: configuration check-out failed

 

 

 

 

Lost on this one. Everyone once in a while the interface just stops forwarding traffic. I see some arp on the interfaces, but not the one for my next-hop and I can't ping any other the other address I do see. As soon as I failover to the other chassis it starts working again. Monitoring the interfaces shows BPDU's from the switch I am connected to, but no other traffic. 

 

Thanks

 

 

 

 

 

Yup. JTAC just confirmed that you can NOT set speed/duplex when chassis is clustered. 

Yep had the exact same problem on a 650 deployment. See if You. Can have upstream provider not hard set values. Sorry so short, driving. ; p

You also can not see what the ports auto-negotiated too. I am finding it very difficult to troubleshoot connection problems when I don't have the most basic set of tools. 

 

My provider is going to set their core to auto and hopefully this is the issue and will fix the problem which I am grasping at. 

 

Thanks for your help. Hopefully I will have some good news.

Having the ISP change their core to Auto/Auto did the trick. It has been up sense.

 

Thanks for the help!!!

Cool!  I see this question a lot and IDP seems to get the blame...  Bump for duplex mismatches.  😉

Hi guys,

 

I am having the same issue right now on a SRX650 chassis cluster.

Both interfaces are showing as up/up with an arp table entry showing, it is a dark fibre connection and I control the equipment at both ends. Both ends are SRX650 chassis clusters.

The interface at both ends is auto/auto and showing the following:

*Note that it is showing as down as I have disabled the interface.

**Note that both sides show Link Mode: full duplex with speed: 10Gbps

 

SRX# run show interfaces xe-6/0/0
Physical interface: xe-6/0/0, Enabled, Physical link is down
  Interface index: 395, SNMP ifIndex: 560
  Link-level type: Ethernet, MTU: 1514, Link-mode: Full-duplex, Speed: 10Gbps, BPDU Error: None,
  MAC-REWRITE Error: None, Loopback: Disabled, Source filtering: Disabled, Flow control: Enabled
  Device flags   : Present Running Down
  Interface flags: Hardware-Down SNMP-Traps Internal: 0x0
  Link flags     : None
  CoS queues     : 8 supported, 8 maximum usable queues
  Current address: 00:10:db:ff:10:00, Hardware address: 54:e0:32:6b:12:a8
  Last flapped   : 2013-08-28 21:49:19 EST (00:30:34 ago)
  Input rate     : 0 bps (0 pps)
  Output rate    : 0 bps (0 pps)
  Active alarms  : LINK
  Active defects : LINK
  Interface transmit statistics: Disabled

  Logical interface xe-6/0/0.0 (Index 96) (SNMP ifIndex 572)
    Flags: Device-Down SNMP-Traps Encapsulation: ENET2
    Input packets : 334952149
    Output packets: 317443182
    Security: Zone: Null
    Protocol aenet, AE bundle: reth0.0   Link Index: 0

Junos version is 11.4r7.5 on both chassis clusters. The other interface in the RETH is forwarding traffic just fine and has never had any issues. The interface seems to stop forwarding at random times, sometimes staying up for a week, other times last about 4-5 hours.

 

I have tried JTAC multiple times and even had the RE replaced in the chassis.

*Note that if I reboot the SRX or roll the interface then it will come back up and start sending traffic again (Until it stops anyway)

 

Any help on this would be fantastic guys.

 

Cheers,

Shaun