SRX Services Gateway
Showing results for 
Search instead for 
Do you mean 
Reply
Visitor
Posts: 6
Registered: ‎09-29-2016
0 Kudos
Accepted Solution

Proxy-arp on redundancy interface

Hello

 

I'm running SRX1400 cluster with Junos 12.1X46-D30.2.

I'm trying to implement a possibility to connect my infrastructure servers using unnumbered interface with /24 network on lo0 interface. At this moment I've an issue, that I'm not able to configure proxy arp on reth interface to achieve connectivity between servers inside /24 network but in different vlans.

Is there a way to fix this issue? Maybe some newer Junos supports this feature?

Super Contributor
Posts: 111
Registered: ‎01-19-2015
0 Kudos

Re: Proxy-arp on redundancy interface

Hello,

 

 

Yes,, This feature to configure SRX fgor proxy arp has always been there.

 

Please check the below link for configuring proxy-arp on SRX.

 

https://kb.juniper.net/InfoCenter/index?page=content&id=KB21785

 

As per the above polivy the only thing you have to change is to use reth interface in the configuration instead of the physical interface.

 

Thanks,
Pulkit Bhandari
Please mark my response as Solution Accepted if it Helps, Kudos are Appreciated too. Smiley Happy

 

 

Visitor
Posts: 6
Registered: ‎09-29-2016
0 Kudos

Re: Proxy-arp on redundancy interface

Unfortunately the link you've provided doesn't help (if I getting it right).

 

I'll attach a file with configuration I'm trying to run. I've tried to apply it on my cluster, but servers wasn't able to see eachother.

Maybe I've getting something completly wrong here?

Distinguished Expert
Posts: 1,083
Registered: ‎08-29-2013
0 Kudos

Re: Proxy-arp on redundancy interface

Can you share the error you are getting. I am able to configure the same on cluster ruiing 12.1X46-D25.7

 

{primary:node0}
root> show configuration | display set | match reth2
set interfaces reth2 vlan-tagging
set interfaces reth2 redundant-ether-options redundancy-group 1
set interfaces reth2 unit 1150 vlan-id 1150
set interfaces reth2 unit 1150 family inet unnumbered-address lo0.1
set interfaces reth2 unit 1151 vlan-id 1151
set interfaces reth2 unit 1151 family inet unnumbered-address lo0.1
set routing-options static route 10.0.0.2/32 qualified-next-hop reth2.1150
set routing-options static route 10.0.0.3/32 qualified-next-hop reth2.1151
set security nat proxy-arp interface reth2.1150 address 10.0.0.0/24
set security nat proxy-arp interface reth2.1151 address 10.0.0.0/24

{primary:node0}
root>

Thanks,
Suraj
Please Mark My Solution Accepted if it Helped, Kudos are Appreciated too
Visitor
Posts: 6
Registered: ‎09-29-2016
0 Kudos

Re: Proxy-arp on redundancy interface

[ Edited ]

Yes, I can commit this config without any problems/errors too.
The problem is that I can't send packets from host 10.0.0.2 to host 10.0.0.3. That's happening simply because SRX doesn't answers to arp-packets from servers (He's probably must answer to them, because that's the purpose of proxy-arp, I assume):

 

The following request from server

11:31:53.013723 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 10.0.0.3 tell 10.0.0.2, length 28
Receives no answer from SRX.

Visitor
Posts: 6
Registered: ‎09-29-2016
0 Kudos

Re: Proxy-arp on redundancy interface

The main problem here, I think, is because I can't apply command "proxy-arp" on any unit of reth interface.

 

So the question is - is it possible to apply proxy-arp command on reth interfaces on later version of Junos or not.

Visitor
Posts: 6
Registered: ‎09-29-2016
0 Kudos

Re: Proxy-arp on redundancy interface

Still looking for the solution (If there is one).

 

 

Visitor
Posts: 6
Registered: ‎09-29-2016
0 Kudos

Re: Proxy-arp on redundancy interface

On JUNOS 12.3X48-D45.6 this issue is reasolved.

Highlighted
Trusted Contributor
Posts: 67
Registered: ‎03-11-2011
0 Kudos

Re: Proxy-arp on redundancy interface

[ Edited ]

Hi Genhart,

Very interesting design.  Where did you get this idea from?

I played with it for a while and I was able to make it work on firefly 12.1X47-D35.2 after I added proxy-arp statement under logical interface level.  After adding proxy-arp under logical interfaces and not security nat it started to work.

 

set interfaces reth0 vlan-tagging
set interfaces reth0 redundant-ether-options redundancy-group 1
set interfaces reth0 unit 10 proxy-arp
set interfaces reth0 unit 10 vlan-id 10
set interfaces reth0 unit 10 family inet unnumbered-address lo0.0
set interfaces reth0 unit 20 proxy-arp
set interfaces reth0 unit 20 vlan-id 20
set interfaces reth0 unit 20 family inet unnumbered-address lo0.0


Session ID: 47, Policy name: default-policy-00/2, State: Active, Timeout: 1792, Valid
  In: 172.31.15.20/40204 --> 172.31.15.10/22;tcp, If: reth0.20, Pkts: 23, Bytes: 3541
  Out: 172.31.15.10/22 --> 172.31.15.20/40204;tcp, If: reth0.10, Pkts: 26, Bytes: 4624

 

Regards, Wojtek