SRX

Hi everybody,

I have configured logical tunnel on my SRX 210 in order to interconnect between virtual routers on the same router but the problem the lt-0/0/0 after the configuration didn't appear on the interface list.

interfaces {
    lt-0/0/0 {
        unit 0 {
            encapsulation ethernet;
            peer-unit 1;
            family inet {
                address 10.0.0.1/30;
            }
        }
        unit 1 {
            encapsulation ethernet;
            peer-unit 0;
            family inet {
                address 10.0.0.2/30;
            }
        }
    }
}
security {
    zones {
    	security-zone trust-1 {         
            interfaces {                
                lt-0/0/0.1 {            
                    host-inbound-traffic {
                        system-services {
                            all;        
                        }               
                        protocols {     
                            all;        
                        }               
                    }                   
                }                       
            }                           
        }                               
        security-zone trust-2 {         
            interfaces {                
                lt-0/0/0.0 {            
                    host-inbound-traffic {
                        system-services {
                            all;        
                        }               
                        protocols {     
                            all;        
                        }               
                    }                   
                }                       
            }                           
        }                               
    }
routing-instances {
    R1 {
        instance-type virtual-router;
        interface lt-0/0/0.0;
        protocols {
            ospf {
                area 0.0.0.0 {
                    interface lt-0/0/0.0;
                }
            }
        }
    }
    R2 {                                
        instance-type virtual-router;
        interface lt-0/0/0.1;
        protocols {
            ospf {
                area 0.0.0.0 {
                    interface lt-0/0/0.1;
                }
            }
        }
    }
}

# run show interfaces terse 
Interface               Admin Link Proto    Local                 Remote    
ge-2/0/1                up    up  
ge-2/0/1.0              up    up   inet     192.168.15.6/24 
fe-2/0/2                up    down
fe-2/0/3                up    down
fe-2/0/4                up    down
fe-2/0/5                up    down
fe-2/0/6                up    down
fe-2/0/7                up    down
fab1                    up    down
fab1.0                  up    down inet     30.18.0.200/24  
fxp0                    up    up  
fxp1                    up    up  
fxp1.0                  up    up   inet     130.16.0.1/2    
                                   tnp      0x2100001       
fxp2                    up    up  
fxp2.0                  up    up   tnp      0x2100001       
gre                     up    up  
ipip                    up    up  
lo0                     up    up  
lo0.16384               up    up   inet     127.0.0.1           --> 0/0
lo0.16385               up    up   inet     10.0.0.1            --> 0/0
                                            10.0.0.16           --> 0/0
                                            128.0.0.1           --> 0/0
                                            128.0.1.16          --> 0/0
lo0.32768               up    up  
lsi                     up    up  
mtun                    up    up  
pimd                    up    up  
pime                    up    up  
pp0                     up    up  
ppd0                    up    up  
ppe0                    up    up  
st0                     up    up  
tap                     up    up  

Hi

From interface naming (ge-2/*/*), it looks like you are using clustered boxes, and lt- is not supported in cluster.

Thanks PK,

It's resolved when I disable the Cluster

> show interfaces terse 
Interface               Admin Link Proto    Local                 Remote

gr-0/0/0                up    up  
ip-0/0/0                up    up  
lsq-0/0/0               up    up  
lt-0/0/0                up    up  
lt-0/0/0.0              up    up   inet     10.0.0.1/30     
lt-0/0/0.1              up    up   inet     10.0.0.2/30     
mt-0/0/0                up    up  
sp-0/0/0                up    up  
sp-0/0/0.0              up    up   inet    
sp-0/0/0.16383          up    up   inet     10.0.0.1            --> 10.0.0.16
                                            10.0.0.6            --> 0/0
                                            128.0.0.1           --> 128.0.1.16
                                            128.0.0.6           --> 0/0

We have a pair of clustered SRX550 firewalls and another pair of clustered SRX1400 firewalls. We use two Logical Tunnel interfaces on the SRX1400 pair to forward traffic between two routing instances. We have a identical configuration on the SRX550 pair that doesn't seem to work due to the interfaces not appearing in the system (lt-0/0/0 didn't show up after running the show interfaces terse command).

JUNOS versions:

SRX550 - 12.1R5.5

SRX1400 - 11.4R6.5

So, obviously the lt interfaces are working on clustered SRX devices. What is the real issue here? Is it perhaps only supported in newer JUNOS versions and depending on hardware/branch/highend/clustering enabled/disabled?

Edit: Just to clarify; we have no issues with the lt interfaces on our SRX1400 cluster.