I'm experiencing weird problem with ARP on my SRX210. It currently works fine with following minimal configuration:
set system host-name j16
set system time-zone Europe/Warsaw
set system root-authentication encrypted-password "blahblahblah"
set system name-server 10.10.10.1
set system services ssh
set system ntp server 10.10.10.1
set interfaces fe-0/0/7 vlan-tagging
set interfaces fe-0/0/7 unit 0 vlan-id 12
set interfaces fe-0/0/7 unit 0 family inet address 10.10.10.16/24
set interfaces lo0 unit 0 family inet address 127.0.0.1/32
set interfaces vlan unit 12
set routing-options static route 0.0.0.0/0 next-hop 10.10.10.1
set protocols stp
set security zones security-zone ADM interfaces vlan.12 host-inbound-traffic system-services ping
set security zones security-zone ADM interfaces vlan.12 host-inbound-traffic system-services ssh
set security zones security-zone ADM interfaces fe-0/0/7.0 host-inbound-traffic system-services ping
set security zones security-zone ADM interfaces fe-0/0/7.0 host-inbound-traffic system-services ssh
set vlans ADM vlan-id 12
set vlans ADM l3-interface vlan.12
Device is connected to network using port fe-0/0/7.
Now I'm trying to move from single connection to aggregated link (for failover) so I'm disconnecting device from network and from console I'm changing configuration to this:
set system host-name j16
set system time-zone Europe/Warsaw
set system root-authentication encrypted-password "blahblahblah"
set system name-server 10.10.10.1
set system services ssh
set system ntp server 10.10.10.1
set chassis aggregated-devices ethernet device-count 1
set interfaces ge-0/0/0 gigether-options 802.3ad ae0
set interfaces ge-0/0/1 gigether-options 802.3ad ae0
set interfaces ae0 aggregated-ether-options lacp active
set interfaces ae0 unit 0 family ethernet-switching port-mode trunk
set interfaces ae0 unit 0 family ethernet-switching vlan members all
set interfaces ae0 unit 0 family ethernet-switching native-vlan-id ADM
set interfaces lo0 unit 0 family inet address 127.0.0.1/32
set interfaces vlan unit 12 family inet address 10.10.10.16/24
set routing-options static route 0.0.0.0/0 next-hop 10.10.10.1
set protocols stp
set security zones security-zone ADM interfaces vlan.12 host-inbound-traffic system-services ping
set security zones security-zone ADM interfaces vlan.12 host-inbound-traffic system-services ssh
set vlans ADM vlan-id 12
set vlans ADM l3-interface vlan.12
I'm commiting changes, connecting both gigabit ports to switches (each port to separate switch unit), aggregated link is properly set up on both ends, ARP entries on both SRX210 and other machines in network gets updated and everything works. So I thought that is all, but its not. If I'll reboot SRX210 I won't be able to reach it from network anymore.
What I've found/checked:
1. ARP table is empty on SRX210.
2. tcpdump on SRX210 shows ARP requests being sent.
3. ARP entry for SRX210 on other machines looks like this: ? (10.10.10.16) at <incomplete> on eth0.12.
4. Other machines are receiving ARP requests and are sending replies according to tcpdump, but those replies never reach or are dopped by SRX210.
At first I though its maybe some VLAN or switch problem so I double and tripple checked switch config and its ok (besides it worked fine before rebooting). Then I tried to manually fill ARP tables on both SRX210 and other machines and I still can't reach SRX210 from network and can't reach network from SRX210 despite ARP entries being correct and in place.
If I'll load my first config and go back to old connection everything starts working again. I can load my second config, switch to aggregated connection and its working fine again... until I'll reboot.
Am I missing something obvious here? What can cause such behavior and how can I fix it?