SRX Services Gateway
SRX Services Gateway

Proxy-arp on redundancy interface

09.29.16   |  
‎09-29-2016 03:20 AM

Hello

 

I'm running SRX1400 cluster with Junos 12.1X46-D30.2.

I'm trying to implement a possibility to connect my infrastructure servers using unnumbered interface with /24 network on lo0 interface. At this moment I've an issue, that I'm not able to configure proxy arp on reth interface to achieve connectivity between servers inside /24 network but in different vlans.

Is there a way to fix this issue? Maybe some newer Junos supports this feature?

8 REPLIES
SRX Services Gateway

Re: Proxy-arp on redundancy interface

09.29.16   |  
‎09-29-2016 04:10 AM

Hello,

 

 

Yes,, This feature to configure SRX fgor proxy arp has always been there.

 

Please check the below link for configuring proxy-arp on SRX.

 

https://kb.juniper.net/InfoCenter/index?page=content&id=KB21785

 

As per the above polivy the only thing you have to change is to use reth interface in the configuration instead of the physical interface.

 

Thanks,
Pulkit Bhandari
Please mark my response as Solution Accepted if it Helps, Kudos are Appreciated too. Smiley Happy

 

 

SRX Services Gateway

Re: Proxy-arp on redundancy interface

09.30.16   |  
‎09-30-2016 01:58 AM

Unfortunately the link you've provided doesn't help (if I getting it right).

 

I'll attach a file with configuration I'm trying to run. I've tried to apply it on my cluster, but servers wasn't able to see eachother.

Maybe I've getting something completly wrong here?

Attachments

SRX Services Gateway

Re: Proxy-arp on redundancy interface

09.30.16   |  
‎09-30-2016 07:42 PM

Can you share the error you are getting. I am able to configure the same on cluster ruiing 12.1X46-D25.7

 

{primary:node0}
root> show configuration | display set | match reth2
set interfaces reth2 vlan-tagging
set interfaces reth2 redundant-ether-options redundancy-group 1
set interfaces reth2 unit 1150 vlan-id 1150
set interfaces reth2 unit 1150 family inet unnumbered-address lo0.1
set interfaces reth2 unit 1151 vlan-id 1151
set interfaces reth2 unit 1151 family inet unnumbered-address lo0.1
set routing-options static route 10.0.0.2/32 qualified-next-hop reth2.1150
set routing-options static route 10.0.0.3/32 qualified-next-hop reth2.1151
set security nat proxy-arp interface reth2.1150 address 10.0.0.0/24
set security nat proxy-arp interface reth2.1151 address 10.0.0.0/24

{primary:node0}
root>

Thanks,
Suraj
Please Mark My Solution Accepted if it Helped, Kudos are Appreciated too
SRX Services Gateway

Re: Proxy-arp on redundancy interface

[ Edited ]
10.03.16   |  
‎10-03-2016 01:41 AM

Yes, I can commit this config without any problems/errors too.
The problem is that I can't send packets from host 10.0.0.2 to host 10.0.0.3. That's happening simply because SRX doesn't answers to arp-packets from servers (He's probably must answer to them, because that's the purpose of proxy-arp, I assume):

 

The following request from server

11:31:53.013723 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 10.0.0.3 tell 10.0.0.2, length 28
Receives no answer from SRX.

SRX Services Gateway

Re: Proxy-arp on redundancy interface

10.11.16   |  
‎10-11-2016 04:56 AM

The main problem here, I think, is because I can't apply command "proxy-arp" on any unit of reth interface.

 

So the question is - is it possible to apply proxy-arp command on reth interfaces on later version of Junos or not.

SRX Services Gateway

Re: Proxy-arp on redundancy interface

10.18.16   |  
‎10-18-2016 02:41 AM

Still looking for the solution (If there is one).

 

 

SRX Services Gateway
Solution
Accepted by topic author Ganhart
‎07-05-2017 07:49 AM

Re: Proxy-arp on redundancy interface

07.05.17   |  
‎07-05-2017 07:49 AM

On JUNOS 12.3X48-D45.6 this issue is reasolved.

Highlighted
SRX Services Gateway

Re: Proxy-arp on redundancy interface

[ Edited ]
07.06.17   |  
‎07-06-2017 05:07 AM

Hi Genhart,

Very interesting design.  Where did you get this idea from?

I played with it for a while and I was able to make it work on firefly 12.1X47-D35.2 after I added proxy-arp statement under logical interface level.  After adding proxy-arp under logical interfaces and not security nat it started to work.

 

set interfaces reth0 vlan-tagging
set interfaces reth0 redundant-ether-options redundancy-group 1
set interfaces reth0 unit 10 proxy-arp
set interfaces reth0 unit 10 vlan-id 10
set interfaces reth0 unit 10 family inet unnumbered-address lo0.0
set interfaces reth0 unit 20 proxy-arp
set interfaces reth0 unit 20 vlan-id 20
set interfaces reth0 unit 20 family inet unnumbered-address lo0.0


Session ID: 47, Policy name: default-policy-00/2, State: Active, Timeout: 1792, Valid
  In: 172.31.15.20/40204 --> 172.31.15.10/22;tcp, If: reth0.20, Pkts: 23, Bytes: 3541
  Out: 172.31.15.10/22 --> 172.31.15.20/40204;tcp, If: reth0.10, Pkts: 26, Bytes: 4624

 

Regards, Wojtek