Hi All,
I have configured 2 SRX as a chassis cluster (Active/Standby) and then connect them to 2 Nexus 6k - there are 4 10G links and form 2 VPCs. Please find the topology as below:
I just used the reth8 interface in SRX cluster and it bundles 4 interfaces - xe-1/0/0, xe-1/0/1, xe-9/0/0, xe-9/0/1, and enabled the vlan-tagging in reth8, reth8.10 has vlan-id 10 and IP 192.168.0.168 - setup for trust zone.
In nexus, the IPs are:
Nexus 1 - vlan 10 is 192.168.0.251 (HSRP primary)
Nexus 2 - vlan 10 is 192.168.0.252 (HSRP standby)
HSRP vlan 10 - 192.168.0.253
Now after the setup, I observed some issues, not sure why:
1 I find vPc 7 is up while vPc 8 is down, more specifically:
Nexus 1 interface E/1/7 is up
Nexus 1 interface E1/8 is down - hot standby in bundle
Nexus 2 interface E1/7 is up
Nexus 2 interface E1/8 is down - hot standby in bundle
Nexus 1 and 2: Both vPc 8 (interface port-channel 😎 is shown DOWN - no operation member
So it looks like all interfaces connects to node 1 SRX, are DOWN. But why ?
2 Issue with ping:
From Nexus 1 - I can ping reth8.10 IP 192.168.0.168
From Nexus 2 - I CANNOT ping reth8.10 IP 19.168.0.168
From SRX - I can ping Nexus 1 vlan 10 IP 192.168.0.251 and HSRP IP 192.168.0.253
From SRX - I CANNOT ping Nexus 2 vlan 10 P 192.168.0.252
This is very strange ... not sure why ?
3 Link change made changes ...
I just shut down the following interfaces:
Nexus 1 interface E1/7
Nexus 2 interface E1/8
And wait for a moment, then no shut them. After a while, I observed:
Nexus 1 interface E/1/7 is down - hot standby in bundle
Nexus 1 interface E1/8 is up
Nexus 2 interface E1/7 is down - hot standby in bundle
Nexus 2 interface E1/8 is up
Nexus 1 and 2: Both vPc 7 (interface port-channel 7) is shown DOWN - no operation member
And now I can ping Nexus 2 vlan 10 P 192.168.0.252 from SRX !!!
-----------------------------------------------------------------------------------------------
The above is very strange ... can someone assist to understand ? Much appreciated !
Cook