SRX

Hi everyone,

My setup:

SRX----at-1/0/0.0----Telstra ADSL 1

SRX----fe-0/0/2.0 (pp0.0)----Draytek Vigor 120 (bridge mode)-----Telstra ADSL 2

Issue:

ADSL via Draytek Vigor 120 = no traffic, however is authenticated and shown as "Session Up" under PPPoE interfaces

If I plug my laptop directly into the Vigor 120 and set my IP address on the same subnet as the Draytek (192.168.1.1/24) I get access to the internet.

How is it possible that the SRX connects to the 2nd ISP and yet doesn't receive any traffic or is able to route out??

I've also attached my routers full config.

Here's some more info as well....

admin@SRX210-XXXX# run show ppp interface pp0 extensive

Sessions for interface pp0
Session pp0.0, Type: PPP, Phase: Network
LCP
State: Opened
Last started: 2013-10-14 15:04:55 GMT+10
Last completed: 2013-10-14 15:04:56 GMT+10
Negotiated options:
Authentication protocol: CHAP, Authentication algorithm: MD5, Magic number: 2763970449, Local MRU: 1492
Authentication: CHAP
State: Success
Authentication: PAP
State: Closed
Last completed: 2013-10-14 15:04:56 GMT+10
IPCP
State: Opened
Last started: 2013-10-14 15:05:02 GMT+10
Last completed: 2013-10-14 15:05:02 GMT+10
Negotiated options:
Primary DNS: 139.130.4.4, Secondary DNS: 203.50.2.71

Attachment(s)

srx config.txt   25 KB 1 version

show route 0.0.0.0/0 exact. By default the SRX will only use one of those. You will have to look at load balancing configuration under forwarding options.

Here's the show route any output....

admin@SRX210-XXXX# run show route 0.0.0.0

inet.0: 14 destinations, 14 routes (13 active, 0 holddown, 1 hidden)
+ = Active Route, - = Last Active, * = Both

0.0.0.0/0 *[Static/5] 01:08:53
via pp0.0
> via at-1/0/0.0

How do I test that this 2nd ADSL is actually working though?

Whilst typing this I remembered a Juniper article I read a while back about Static routes and next hops, it mentions "...When you do not set a preferred route, traffic is alternated between routes in round-robin fashion."

http://www.juniper.net/techpubs/software/junos-security/junos-security10.2/junos-security-swconfig-interfaces-and-routing/topic-46938.html

Here's a show route terse output:

admin@SRX210-XXXX> show route terse

inet.0: 14 destinations, 14 routes (13 active, 0 holddown, 1 hidden)
+ = Active Route, - = Last Active, * = Both

A Destination P Prf Metric 1 Metric 2 Next hop AS path
* 0.0.0.0/0 S 5 pp0.0
>at-1/0/0.0
* 120.150.XXXX/24 D 0 >pp0.0
* 120.150.XXXX/32 L 0 Local
* 120.151.XXXX/24 D 0 >at-1/0/0.0
* 120.151.XXXX/32 L 0 Local
* 192.168.0.0/24 D 0 >vlan.0
* 192.168.0.2/32 L 0 Local

Given this output, the pp0.0 interface should be up and traffic should flow? Or at least destined to flow through pp0.0.

pp0.0 is under the same security zone and has the same policy as the first ADSL interface, so there shouldn't be any issues with security.... 

If you do: show route forwarding-table destination 0.0.0.0/0

Only a single next hop will be listed. To utilise both:

set policy-options policy-statement LOADBALALL then load-balance per-packet

set routing-options forwarding-table export LOADBALALL

Commit that and look at output of show route forwarding-table destination 0.0.0.0/0 again you should see two next hops installed, and each path used. Traceroute to something to confirm.

THANK YOU VERY VERY VERY MUCH!!!!!

Also did a show security flow session to also confirm packets are going out both interfaces, all sorted now thanks!

Hi dandufunk, which ADSL module do you use to connect to Telstra? Is it SRX-MP-1VDSL2-A ?

Juniper 1-Port ADSL2+ Mini-PIM supporting
ADSL/ADSL2/ADSL2+ Annex A

Part Number: Juniper SRX-MP-1ADSL2-A

works a treat and very easy to configure, although still trying to get our dual WAN to work 100%