09-29-2016 03:20 AM
I'm running SRX1400 cluster with Junos 12.1X46-D30.2.
I'm trying to implement a possibility to connect my infrastructure servers using unnumbered interface with /24 network on lo0 interface. At this moment I've an issue, that I'm not able to configure proxy arp on reth interface to achieve connectivity between servers inside /24 network but in different vlans.
Is there a way to fix this issue? Maybe some newer Junos supports this feature?
Solved! Go to Solution.
09-29-2016 04:10 AM
Yes,, This feature to configure SRX fgor proxy arp has always been there.
Please check the below link for configuring proxy-arp on SRX.
As per the above polivy the only thing you have to change is to use reth interface in the configuration instead of the physical interface.
Please mark my response as Solution Accepted if it Helps, Kudos are Appreciated too.
09-30-2016 01:58 AM
Unfortunately the link you've provided doesn't help (if I getting it right).
I'll attach a file with configuration I'm trying to run. I've tried to apply it on my cluster, but servers wasn't able to see eachother.
Maybe I've getting something completly wrong here?
09-30-2016 07:42 PM
Can you share the error you are getting. I am able to configure the same on cluster ruiing 12.1X46-D25.7
root> show configuration | display set | match reth2
set interfaces reth2 vlan-tagging
set interfaces reth2 redundant-ether-options redundancy-group 1
set interfaces reth2 unit 1150 vlan-id 1150
set interfaces reth2 unit 1150 family inet unnumbered-address lo0.1
set interfaces reth2 unit 1151 vlan-id 1151
set interfaces reth2 unit 1151 family inet unnumbered-address lo0.1
set routing-options static route 10.0.0.2/32 qualified-next-hop reth2.1150
set routing-options static route 10.0.0.3/32 qualified-next-hop reth2.1151
set security nat proxy-arp interface reth2.1150 address 10.0.0.0/24
set security nat proxy-arp interface reth2.1151 address 10.0.0.0/24
Please Mark My Solution Accepted if it Helped, Kudos are Appreciated too
10-03-2016 01:41 AM - edited 10-03-2016 01:47 AM
Yes, I can commit this config without any problems/errors too.
The problem is that I can't send packets from host 10.0.0.2 to host 10.0.0.3. That's happening simply because SRX doesn't answers to arp-packets from servers (He's probably must answer to them, because that's the purpose of proxy-arp, I assume):
The following request from server
11:31:53.013723 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 10.0.0.3 tell 10.0.0.2, length 28
Receives no answer from SRX.
10-11-2016 04:56 AM
The main problem here, I think, is because I can't apply command "proxy-arp" on any unit of reth interface.
So the question is - is it possible to apply proxy-arp command on reth interfaces on later version of Junos or not.
07-06-2017 05:07 AM - edited 07-06-2017 12:35 PM
Very interesting design. Where did you get this idea from?
I played with it for a while and I was able to make it work on firefly 12.1X47-D35.2 after I added proxy-arp statement under logical interface level. After adding proxy-arp under logical interfaces and not security nat it started to work.
set interfaces reth0 vlan-tagging set interfaces reth0 redundant-ether-options redundancy-group 1 set interfaces reth0 unit 10 proxy-arp set interfaces reth0 unit 10 vlan-id 10 set interfaces reth0 unit 10 family inet unnumbered-address lo0.0 set interfaces reth0 unit 20 proxy-arp set interfaces reth0 unit 20 vlan-id 20 set interfaces reth0 unit 20 family inet unnumbered-address lo0.0 Session ID: 47, Policy name: default-policy-00/2, State: Active, Timeout: 1792, Valid In: 172.31.15.20/40204 --> 172.31.15.10/22;tcp, If: reth0.20, Pkts: 23, Bytes: 3541 Out: 172.31.15.10/22 --> 172.31.15.20/40204;tcp, If: reth0.10, Pkts: 26, Bytes: 4624