SRX

Hello

I'm running SRX1400 cluster with Junos 12.1X46-D30.2.

I'm trying to implement a possibility to connect my infrastructure servers using unnumbered interface with /24 network on lo0 interface. At this moment I've an issue, that I'm not able to configure proxy arp on reth interface to achieve connectivity between servers inside /24 network but in different vlans.

Is there a way to fix this issue? Maybe some newer Junos supports this feature?

Hello,

Yes,, This feature to configure SRX fgor proxy arp has always been there.

Please check the below link for configuring proxy-arp on SRX.

https://kb.juniper.net/InfoCenter/index?page=content&id=KB21785

As per the above polivy the only thing you have to change is to use reth interface in the configuration instead of the physical interface.

Thanks,
Pulkit Bhandari
Please mark my response as Solution Accepted if it Helps, Kudos are Appreciated too. 🙂

Unfortunately the link you've provided doesn't help (if I getting it right).

I'll attach a file with configuration I'm trying to run. I've tried to apply it on my cluster, but servers wasn't able to see eachother.

Maybe I've getting something completly wrong here?

Attachment(s)

config.txt   649 B 1 version

Can you share the error you are getting. I am able to configure the same on cluster ruiing 12.1X46-D25.7

{primary:node0}
root> show configuration | display set | match reth2
set interfaces reth2 vlan-tagging
set interfaces reth2 redundant-ether-options redundancy-group 1
set interfaces reth2 unit 1150 vlan-id 1150
set interfaces reth2 unit 1150 family inet unnumbered-address lo0.1
set interfaces reth2 unit 1151 vlan-id 1151
set interfaces reth2 unit 1151 family inet unnumbered-address lo0.1
set routing-options static route 10.0.0.2/32 qualified-next-hop reth2.1150
set routing-options static route 10.0.0.3/32 qualified-next-hop reth2.1151
set security nat proxy-arp interface reth2.1150 address 10.0.0.0/24
set security nat proxy-arp interface reth2.1151 address 10.0.0.0/24

{primary:node0}
root>

Yes, I can commit this config without any problems/errors too.
The problem is that I can't send packets from host 10.0.0.2 to host 10.0.0.3. That's happening simply because SRX doesn't answers to arp-packets from servers (He's probably must answer to them, because that's the purpose of proxy-arp, I assume):

The following request from server

11:31:53.013723 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 10.0.0.3 tell 10.0.0.2, length 28
Receives no answer from SRX.

The main problem here, I think, is because I can't apply command "proxy-arp" on any unit of reth interface.

So the question is - is it possible to apply proxy-arp command on reth interfaces on later version of Junos or not.

Still looking for the solution (If there is one).

On JUNOS 12.3X48-D45.6 this issue is reasolved.

Hi Genhart,

Very interesting design.  Where did you get this idea from?

I played with it for a while and I was able to make it work on firefly 12.1X47-D35.2 after I added proxy-arp statement under logical interface level.  After adding proxy-arp under logical interfaces and not security nat it started to work.

set interfaces reth0 vlan-tagging
set interfaces reth0 redundant-ether-options redundancy-group 1
set interfaces reth0 unit 10 proxy-arp
set interfaces reth0 unit 10 vlan-id 10
set interfaces reth0 unit 10 family inet unnumbered-address lo0.0
set interfaces reth0 unit 20 proxy-arp
set interfaces reth0 unit 20 vlan-id 20
set interfaces reth0 unit 20 family inet unnumbered-address lo0.0


Session ID: 47, Policy name: default-policy-00/2, State: Active, Timeout: 1792, Valid
  In: 172.31.15.20/40204 --> 172.31.15.10/22;tcp, If: reth0.20, Pkts: 23, Bytes: 3541
  Out: 172.31.15.10/22 --> 172.31.15.20/40204;tcp, If: reth0.10, Pkts: 26, Bytes: 4624

Regards, Wojtek