SRX

last person joined: 2 days ago 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.

  • 1.  Side effect of moving SRX loopback interface between zones

    Posted 09-30-2014 06:37

    Hi, kind of a strange situation I've inherited.  I have an SRX5800 cluster, and am changing my site-to-site VPNs to use the loopback interface instead of a hard-coded physical interface.  Lo0.0 is configured with the proper address, and is in RG1.  But I just noticed that lo0.0 is inside one of our trusted zones, instead of an untrusted zone facing toward our edge.

     

    The loopback is also used for iBGP and OSPF peerings.  When I move the interface and address into the proper zone, will that cause the BGP sessions to resync?  I would expect that but just can't confirm it - when I moved the loopback from RG0 to RG1 I saw no change on either the BGP or OSPF sessions.  I'm just curious what kind of impact I can expect so I can schedule properly.

     

    Thanks very much!

     

    Louis



  • 2.  RE: Side effect of moving SRX loopback interface between zones
    Best Answer

    Posted 09-30-2014 23:31

    Hi Louis,

     

    I would expect BGP would definitely reset, however OSPF *should* continue to function.

     

    BGP's TCP session will move from one zone to another, which will mean that the session table no longer matches any BGP updates that come through and will cause a reset.

     

    OSPF on the other hand being UDP and essentially stateless will probably just happily keep working.

     

    Hope this helps!



  • 3.  RE: Side effect of moving SRX loopback interface between zones

    Posted 10-01-2014 06:14

    Yes, that is very helpful and is what I expect as well.  But only having about 6 months experience on the SRX I definitely wanted to double check my thinking with experts.  Thank you so much!

     

    Louis