Hi,
3 X vSRX
All the same version:
Model: firefly-perimeter
JUNOS Software Release [12.1X47-D10.4]
Lab I'm using is : EVE-NG
Something weird going in my lab .. I cannot ping ae interfaces even the route in there :
Here is my configuration for vSRX-2
set chassis aggregated-devices ethernet device-count 1
set interfaces ge-0/0/1 gigether-options 802.3ad ae0
set interfaces ge-0/0/3 gigether-options 802.3ad ae0
set interfaces ae0 unit 0 family inet address 192.168.6.1/30
set protocols ospf area 0.0.0.0 interface ae0.0 interface-type p2p
set security zones security-zone trust interfaces ae0.0 host-inbound-traffic system-services all
set security zones security-zone trust interfaces ae0.0 host-inbound-traffic protocols all
root@vsrx2> show interfaces terse | match ae0
ge-0/0/1.0 up up aenet --> ae0.0
ge-0/0/3.0 up up aenet --> ae0.0
ae0 up up
ae0.0 up up inet 192.168.6.1/30
Here is my configuration for vSRX-3
set chassis aggregated-devices ethernet device-count 1
set interfaces ge-0/0/0 gigether-options 802.3ad ae0
set interfaces ge-0/0/3 gigether-options 802.3ad ae0
set interfaces ae0 unit 0 family inet address 192.168.6.2/30
set protocols ospf area 0.0.0.0 interface ae0.0 interface-type p2p
set security zones security-zone trust interfaces ae0.0 host-inbound-traffic system-services all
set security zones security-zone trust interfaces ae0.0 host-inbound-traffic protocols all
root@vsrx3> show interfaces terse | match ae0
ge-0/0/0.0 up up aenet --> ae0.0
ge-0/0/3.0 up up aenet --> ae0.0
ae0 up up
ae0.0 up up inet 192.168.6.2/30
And I can't ping between the ae interfaces :
root@vsrx3> ping 192.168.6.1
PING 192.168.6.1 (192.168.6.1): 56 data bytes
^C
--- 192.168.6.1 ping statistics ---
4 packets transmitted, 0 packets received, 100% packet loss
root@vsrx3> ping 192.168.6.1 source 192.168.6.2
PING 192.168.6.1 (192.168.6.1): 56 data bytes
^C
--- 192.168.6.1 ping statistics ---
3 packets transmitted, 0 packets received, 100% packet loss
root@vsrx2> ping 192.168.6.2
PING 192.168.6.2 (192.168.6.2): 56 data bytes
^C
--- 192.168.6.2 ping statistics ---
5 packets transmitted, 0 packets received, 100% packet loss
root@vsrx2> ping 192.168.6.2 source 192.168.6.1
PING 192.168.6.2 (192.168.6.2): 56 data bytes
^C
--- 192.168.6.2 ping statistics ---
4 packets transmitted, 0 packets received, 100% packet loss
Here is the show route:
root@vsrx3> show route
inet.0: 8 destinations, 8 routes (8 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
192.168.6.0/30 *[Direct/0] 00:57:06
> via ae0.0
192.168.6.2/32 *[Local/0] 00:57:08
Local via ae0.0
192.168.7.0/24 *[Direct/0] 01:01:51
> via ge-0/0/1.0
192.168.7.1/32 *[Local/0] 01:02:02
Local via ge-0/0/1.0
192.168.8.0/24 *[OSPF/10] 00:33:01, metric 2
> to 192.168.7.2 via ge-0/0/1.0
to 192.168.6.1 via ae0.0
192.168.9.0/24 *[Direct/0] 01:01:50
> via ge-0/0/2.0
192.168.9.2/32 *[Local/0] 01:02:00
Local via ge-0/0/2.0
224.0.0.5/32 *[OSPF/10] 01:06:56, metric 1
MultiRecv
root@vsrx2> show route
inet.0: 9 destinations, 9 routes (9 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
192.168.5.0/24 *[Direct/0] 00:58:13
> via ge-0/0/0.0
192.168.5.1/32 *[Local/0] 00:59:03
Local via ge-0/0/0.0
192.168.6.0/30 *[Direct/0] 00:56:13
> via ae0.0
192.168.6.1/32 *[Local/0] 00:56:13
Local via ae0.0
192.168.7.0/24 *[OSPF/10] 00:33:22, metric 2
to 192.168.8.2 via ge-0/0/2.0
> to 192.168.6.2 via ae0.0
192.168.8.0/24 *[Direct/0] 00:58:13
> via ge-0/0/2.0
192.168.8.1/32 *[Local/0] 00:59:02
Local via ge-0/0/2.0
192.168.9.0/24 *[OSPF/10] 00:56:00, metric 2
> to 192.168.6.2 via ae0.0
224.0.0.5/32 *[OSPF/10] 01:01:14, metric 1
MultiRecv
root@vsrx4> show route
inet.0: 13 destinations, 13 routes (13 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
1.1.1.1/32 *[Direct/0] 00:35:12
> via lo0.0
192.168.6.0/30 *[OSPF/10] 00:33:42, metric 2
to 192.168.7.1 via ge-0/0/0.0
> to 192.168.8.1 via ge-0/0/1.0
192.168.7.0/24 *[Direct/0] 00:34:00
> via ge-0/0/0.0
192.168.7.2/32 *[Local/0] 00:34:10
Local via ge-0/0/0.0
192.168.8.0/24 *[Direct/0] 00:34:00
> via ge-0/0/1.0
192.168.8.2/32 *[Local/0] 00:34:10
Local via ge-0/0/1.0
192.168.9.0/24 *[OSPF/10] 00:33:42, metric 2
> to 192.168.7.1 via ge-0/0/0.0
192.168.10.0/24 *[Direct/0] 00:34:00
> via ge-0/0/2.0
192.168.10.2/32 *[Local/0] 00:34:09
Local via ge-0/0/2.0
192.168.11.0/24 *[Direct/0] 00:34:00
> via ge-0/0/3.0
192.168.11.2/32 *[Local/0] 00:34:09
Local via ge-0/0/3.0
224.0.0.5/32 *[OSPF/10] 00:35:18, metric 1
MultiRecv
224.0.0.9/32 *[RIP/100] 00:35:17, metric 1
MultiRecv
reachability through a normal link (not ae0 interface) is working fine ..
Also I can see that the route to 192.168.6.X peer in on hold in the the forwarding-table:
root@vsrx2> show route forwarding-table
Routing table: default.inet
Internet:
Destination Type RtRef Next hop Type Index NhRef Netif
default perm 0 rjct 36 1
0.0.0.0/32 perm 0 dscd 34 1
192.168.5.0/24 intf 0 rslv 545 1 ge-0/0/0.0
192.168.5.0/32 dest 0 192.168.5.0 recv 543 1 ge-0/0/0.0
192.168.5.1/32 intf 0 192.168.5.1 locl 544 2
192.168.5.1/32 dest 0 192.168.5.1 locl 544 2
192.168.5.2/32 dest 1 192.168.5.2 hold 559 2 ge-0/0/0.0
192.168.5.255/32 dest 0 192.168.5.255 bcst 542 1 ge-0/0/0.0
192.168.6.0/24 intf 0 rslv 568 1 ae0.0
192.168.6.0/32 dest 0 192.168.6.0 recv 566 1 ae0.0
192.168.6.1/32 intf 0 192.168.6.1 locl 567 2
192.168.6.1/32 dest 0 192.168.6.1 locl 567 2______
192.168.6.2/32 dest 0 192.168.6.2 hold 560 3 ae0.0
192.168.6.255/32 dest 0 192.168.6.255 bcst 564 1 ae0.0
192.168.7.0/24 user 0 192.168.8.2 ucst 565 3 ge-0/0/2.0
192.168.8.0/24 intf 0 rslv 549 1 ge-0/0/2.0
192.168.8.0/32 dest 0 192.168.8.0 recv 547 1 ge-0/0/2.0
192.168.8.1/32 intf 0 192.168.8.1 locl 548 2
192.168.8.1/32 dest 0 192.168.8.1 locl 548 2
192.168.8.2/32 dest 0 50:0:0:8:0:1 ucst 565 3 ge-0/0/2.0
192.168.8.255/32 dest 0 192.168.8.255 bcst 546 1 ge-0/0/2.0
192.168.9.0/24 user 0 192.168.6.2 hold 560 3 ae0.0
224.0.0.0/4 perm 1 mdsc 35 1
224.0.0.1/32 perm 0 224.0.0.1 mcst 31 3
224.0.0.5/32 user 1 224.0.0.5 mcst 31 3
255.255.255.255/32 perm 0 bcst 32 1
which I guess it means there is no ARP reply is received for 192.168.6.2
I've also tried to configure lacp active for both vSRXs , but then the route goes "reject" in both of them
root@vsrx3> show route
inet.0: 7 destinations, 7 routes (7 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
192.168.6.2/32 *[Local/0] 00:04:58
Reject
192.168.7.0/24 *[Direct/0] 00:01:04
> via ge-0/0/1.0
192.168.7.1/32 *[Local/0] 00:01:11
Local via ge-0/0/1.0
192.168.8.0/24 *[OSPF/10] 00:00:52, metric 2
> to 192.168.7.2 via ge-0/0/1.0
192.168.9.0/24 *[Direct/0] 00:01:02
> via ge-0/0/2.0
192.168.9.2/32 *[Local/0] 00:01:10
Local via ge-0/0/2.0
224.0.0.5/32 *[OSPF/10] 00:05:24, metric 1
MultiRecv
root@vsrx2> show route
inet.0: 8 destinations, 8 routes (8 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
192.168.5.0/24 *[Direct/0] 00:00:14
> via ge-0/0/0.0
192.168.5.1/32 *[Local/0] 00:00:55
Local via ge-0/0/0.0
192.168.6.1/32 *[Local/0] 00:05:58
Reject
192.168.7.0/24 *[OSPF/10] 00:00:05, metric 2
> to 192.168.8.2 via ge-0/0/2.0
192.168.8.0/24 *[Direct/0] 00:00:13
> via ge-0/0/2.0
192.168.8.1/32 *[Local/0] 00:00:42
Local via ge-0/0/2.0
192.168.9.0/24 *[OSPF/10] 00:00:05, metric 3
> to 192.168.8.2 via ge-0/0/2.0
224.0.0.5/32 *[OSPF/10] 00:06:03, metric 1
MultiRecv
root@vsrx3> show lacp interfaces
Aggregated interface: ae0
LACP state: Role Exp Def Dist Col Syn Aggr Timeout Activity
ge-0/0/0 Actor No No No No No Yes Fast Active
ge-0/0/0 Partner No No No No No Yes Fast Active
ge-0/0/3 Actor No No No No No Yes Fast Active
ge-0/0/3 Partner No No No No No Yes Fast Active
LACP protocol: Receive State Transmit State Mux State
ge-0/0/0 Current Fast periodic Detached
ge-0/0/3 Current Fast periodic Detached
rebooting .. reseting .. not helping at all
In vSRX-4 shows this:
root@vsrx4> show route
inet.0: 13 destinations, 13 routes (13 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
1.1.1.1/32 *[Direct/0] 00:35:12
> via lo0.0
192.168.6.0/30 *[OSPF/10] 00:33:42, metric 2
to 192.168.7.1 via ge-0/0/0.0
> to 192.168.8.1 via ge-0/0/1.0
192.168.7.0/24 *[Direct/0] 00:34:00
> via ge-0/0/0.0
192.168.7.2/32 *[Local/0] 00:34:10
Local via ge-0/0/0.0
192.168.8.0/24 *[Direct/0] 00:34:00
> via ge-0/0/1.0
192.168.8.2/32 *[Local/0] 00:34:10
Local via ge-0/0/1.0
192.168.9.0/24 *[OSPF/10] 00:33:42, metric 2
> to 192.168.7.1 via ge-0/0/0.0
192.168.10.0/24 *[Direct/0] 00:34:00
> via ge-0/0/2.0
192.168.10.2/32 *[Local/0] 00:34:09
Local via ge-0/0/2.0
192.168.11.0/24 *[Direct/0] 00:34:00
> via ge-0/0/3.0
192.168.11.2/32 *[Local/0] 00:34:09
Local via ge-0/0/3.0
224.0.0.5/32 *[OSPF/10] 00:35:18, metric 1
MultiRecv
224.0.0.9/32 *[RIP/100] 00:35:17, metric 1
MultiRecv
root@vsrx4> ping no-resolve 192.168.6.1
PING 192.168.6.1 (192.168.6.1): 56 data bytes
ping: sendto: No route to host
^C
--- 192.168.6.1 ping statistics ---
1 packets transmitted, 0 packets received, 100% packet loss
Only after deleting the ae interface and configuring normal ge-0/0/X interface the ping work fine . . . which means something in the LAG not working fine ..
root@vsrx2> show route
inet.0: 9 destinations, 9 routes (9 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
192.168.5.0/24 *[Direct/0] 00:15:38
> via ge-0/0/0.0
192.168.5.1/32 *[Local/0] 00:16:19
Local via ge-0/0/0.0
192.168.6.0/30 *[Direct/0] 00:00:46
> via ge-0/0/1.0
192.168.6.1/32 *[Local/0] 00:00:46
Local via ge-0/0/1.0
192.168.7.0/24 *[OSPF/10] 00:15:29, metric 2
> to 192.168.8.2 via ge-0/0/2.0
192.168.8.0/24 *[Direct/0] 00:15:37
> via ge-0/0/2.0
192.168.8.1/32 *[Local/0] 00:16:06
Local via ge-0/0/2.0
192.168.9.0/24 *[OSPF/10] 00:15:29, metric 3
> to 192.168.8.2 via ge-0/0/2.0
224.0.0.5/32 *[OSPF/10] 00:21:27, metric 1
MultiRecv
root@vsrx2> ping no-resolve 192.168.6.2
PING 192.168.6.2 (192.168.6.2): 56 data bytes
64 bytes from 192.168.6.2: icmp_seq=1 ttl=64 time=194.292 ms
64 bytes from 192.168.6.2: icmp_seq=2 ttl=64 time=45.053 ms
64 bytes from 192.168.6.2: icmp_seq=3 ttl=64 time=47.748 ms
^C
Here is the topology:
What I'm missing here ?