SRX Services Gateway
Reply
Contributor
Jockel
Posts: 12
Registered: ‎01-27-2012
0

Problem with pp0.0 in a cluster

I'm new to Juniper and SRX, bear with it please. I'm running into a problem with pppoe in a cluster setup on SRX210H with Junos 10.4R6.5. The situation is as following: I have a reth0.40 interface activ on node 0, behind this interface is host A. pp0.0 (underlying-interface fe-2/0/2.0) is active on node 1, behind this interface is host B. The default-policy is permit-all, so ping and any other connection should work (ping and traceroute allowed in host-inbound-traffic). Ping and any other connection from host A to B or host B to A is not working. When reth0.40 and pp0.0 are active on the same node (node 1) the connection from host a to b and vice versa is working. When I stop using pp0.0 and setup the underlying-interface (fe-2/0/2.0) with a static IP, the connection from host A to host B works, even when the interfaces are on different nodes. Anybody know this problem or have a solution? Greeting. JK
Contributor
Jockel
Posts: 12
Registered: ‎01-27-2012
0

Re: Problem with pp0.0 in a cluster

OK, I tried Junos 10.4R8.5 with the same result, connection from host A to host B is not working.

 

After upgrading to Junos 11.2R5.4 the same configuration (without any changes) is working. This was quite a version jump so.

 

Is there any known problem in Junos 10.4 wich prevents pp0 working correctly in a chassis cluster?

 

Greetings JK

Contributor
vinayk
Posts: 31
Registered: ‎05-31-2010
0

Re: Problem with pp0.0 in a cluster

From 11.2R2 PPPOE support was enabled on reth interface, along with this few other issues were also addressed.

Contributor
Jockel
Posts: 12
Registered: ‎01-27-2012
0

Re: Problem with pp0.0 in a cluster


vinayk wrote:

From 11.2R2 PPPOE support was enabled on reth interface, along with this few other issues were also addressed.


Hi,

 

right now I'm not using reth for PPPOE (know it's not supported on 10.4), so this shouldn't be the problem.

 

In the attached picture is the simplified setup of my configuration:

- reth1 is build from ge-0/0/1 and ge-2/0/1 (node 0 is primary)

- pp0.0 underlying-interface is fe-2/0/2.0

 

Connection from host A to host B is not working in this setup. When I failover the reth1.40 interface to node 1, the connection works.

 

Greeting JK

 

Contributor
Jockel
Posts: 12
Registered: ‎01-27-2012
0

Re: Problem with pp0.0 in a cluster

 

Ok, I found one mentioning of pp0 and chassis cluster in the release notes:

 


Chassis Cluster
On SRX Series and J Series devices, the following features are not supported when chassis clustering is enabled on the device: 
  • On SRX3400, SRX3600, SRX5600 and SRX5800 devices, only redundant Ethernet interfaces (reth) are supported for IKE external interface configuration in IPsec VPN. Other interface types can be configured but IPsec VPN will not work.
  • Packet-based forwarding for MPLS and International Organization for Standardization (ISO) protocol families.
  • Any function that depends on the configurable interfaces:
    • lsq-0/0/0—Link services Multilink Point-to-Point Protocol (MLPPP), Multilink Frame Relay (MLFR), and Compressed Real-Time Transport Protocol (CRTP)
    • gr-0/0/0—Generic routing encapsulation (GRE) and tunneling
    • ip-0/0/0—IP-over-IP (IP-IP) encapsulation
    • lt-0/0/0—Real-time performance monitoring (RPM)
    • pp0—PPPoE, PPPoEoA
    • WXC Integrated Services Module (WXC ISM 200)
    • ISDN BRI
    • Layer 2 Ethernet switching

 

Does this mean: don't use pp0 if you use a cluster in 10.x ?

Trusted Contributor
Ozark777
Posts: 99
Registered: ‎01-06-2010
0

Re: Problem with pp0.0 in a cluster

You can use pppoe in a chassis cluster, however when the cluster fails over to the link without the pppoe link, you can't route from active node to passive node.

 

 

The way I get around it in 10.x is having 1 pppoe link on each node (active/passive):

set groups node0 interfaces pp0 unit 0 ppp-options pap default-password "xyz"
set groups node0 interfaces pp0 unit 0 ppp-options pap local-name "abc@123.net"
set groups node0 interfaces pp0 unit 0 ppp-options pap local-password "xyz"
set groups node0 interfaces pp0 unit 0 ppp-options pap passive
set groups node0 interfaces pp0 unit 0 pppoe-options underlying-interface fe-0/0/0.0
set groups node0 interfaces pp0 unit 0 pppoe-options idle-timeout 0
set groups node0 interfaces pp0 unit 0 pppoe-options auto-reconnect 5
set groups node0 interfaces pp0 unit 0 pppoe-options client
set groups node0 interfaces pp0 unit 0 family inet mtu 1492
set groups node0 interfaces pp0 unit 0 family inet negotiate-address

 

set groups node1 interfaces pp0 description "PPPoE interface to Internet"
set groups node1 interfaces pp0 unit 0 ppp-options pap default-password "xyz"
set groups node1 interfaces pp0 unit 0 ppp-options pap local-name "abc@123.net"
set groups node1 interfaces pp0 unit 0 ppp-options pap local-password "xyz"
set groups node1 interfaces pp0 unit 0 ppp-options pap passive
set groups node1 interfaces pp0 unit 0 pppoe-options underlying-interface fe-1/0/0.0
set groups node1 interfaces pp0 unit 0 pppoe-options idle-timeout 0
set groups node1 interfaces pp0 unit 0 pppoe-options auto-reconnect 5
set groups node1 interfaces pp0 unit 0 pppoe-options client
set groups node1 interfaces pp0 unit 0 family inet mtu 1492
set groups node1 interfaces pp0 unit 0 family inet negotiate-address

-------------------------------------------------------------------------------
Ben Boyd
Sr. Network Engineer
TorreyPoint and Proteus (www.torreypoint.com & www.proteus.net)
JNCIE-M, JNCIE-ENT, JNCIP-SEC, JNCIA-EX
Contributor
Jockel
Posts: 12
Registered: ‎01-27-2012
0

Re: Problem with pp0.0 in a cluster

Thank you for the response.

 

As I understand you,  pppoe works, but only on the active node. That's what I found out. The "trick" you use will help, when the complete cluster fails over from node0 to node1. When only one redundancy-group fails over to the other node, this will not help.

 

Ok, this will help when a cluster node fails.

 

Is this behaviour of pppoe a "feature" or a bug in Junos ? It works apparently in later versions (I tested 11.2+ with the same config and it works).

 

Regards

JK

 

Trusted Contributor
Ozark777
Posts: 99
Registered: ‎01-06-2010
0

Re: Problem with pp0.0 in a cluster

It's actually neither... Just a limitation of the 10.x code.  It's a "feature" in 11.x :smileyhappy:

-------------------------------------------------------------------------------
Ben Boyd
Sr. Network Engineer
TorreyPoint and Proteus (www.torreypoint.com & www.proteus.net)
JNCIE-M, JNCIE-ENT, JNCIP-SEC, JNCIA-EX
Visitor
ict@epe.nl
Posts: 1
Registered: ‎05-17-2011
0

Re: Problem with pp0.0 in a cluster

Do you have more info on this for me?

 

I tried putting these settings. But it does not work.

 

When I try to ping I have no route.

 

How do I set the 0.0.0.0/0 route?

I used: set routing-options static route 0.0.0.0/0 next-hop pp0.0

 

Hope to hear from you.

 

Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.