SRX

Hello,

I'm having trouble to correctly setup my SRX340 (15.1X49-D150.2). I have two routing-instace, each of them using a specific WAN (one for LAN, other for WIFI). I work great and I have to separate network.

But I'm having trouble to correctly route packets for basic services like NTP sync:

root@srx> set date ntp
20 Nov 10:03:16 ntpdate[38625]: no server suitable for synchronization found

Looking at this doc ( https://kb.juniper.net/InfoCenter/index?page=content&id=KB31654&actp=RSS ), it should be because the SRX could not found any route.

root@srx> show route

inet.0: 2 destinations, 2 routes (2 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

0.0.0.0/0 *[Static/5] 3d 17:14:18
 to table RouteLANInternet.inet.0
192.168.1.1/32 *[Local/0] 5d 21:14:15
 Reject

RouteLANInternet.inet.0: 16 destinations, 16 routes (16 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

0.0.0.0/0 *[Static/5] 4d 16:07:15
 > via pp0.0
10.3.0.0/21 *[Static/5] 5d 21:14:09
 > via st0.0
X.X.X.0/22 *[Direct/0] 4d 16:07:33
 > via ge-0/0/4.0
X.X.X.91/32 *[Local/0] 4d 16:07:33
 Local via ge-0/0/4.0
Z.Z.Z.0/24 *[Direct/0] 5d 21:13:05
 > via ge-0/0/6.0
Z.Z.Z.47/32 *[Local/0] 5d 21:13:05
 Local via ge-0/0/6.0
Y.Y.Y.47/32 *[Local/0] 4d 16:07:15
 Local via pp0.0
192.168.30.0/24 *[Direct/0] 5d 21:13:29
 > via ge-0/0/3.0
192.168.30.1/32 *[Local/0] 5d 21:13:29
 Local via ge-0/0/3.0
192.168.33.0/24 *[Direct/0] 5d 21:13:29
 > via ge-0/0/1.0
192.168.33.10/32 *[Local/0] 5d 21:13:29
 Local via ge-0/0/1.0
192.168.88.0/24 *[Direct/0] 5d 21:13:31
 > via ge-0/0/15.0
192.168.88.8/32 *[Local/0] 5d 21:13:33
 Local via ge-0/0/15.0
192.168.89.0/24 *[Direct/0] 5d 21:13:29
 > via ge-0/0/2.0
192.168.89.1/32 *[Local/0] 5d 21:13:29
 Local via ge-0/0/2.0
193.253.160.3/32 *[Direct/0] 4d 16:07:15
 > via pp0.0

RouteWifiCameraInternetOrange.inet.0: 42 destinations, 43 routes (42 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

0.0.0.0/0 *[Access-internal/12] 4d 16:07:32
 > to X.X.X.1 via ge-0/0/4.0
 [Access-internal/12] 5d 21:12:50
 > to Z.Z.Z.254 via ge-0/0/6.0
X.X.X.0/22 *[Direct/0] 4d 16:07:33
 > via ge-0/0/4.0
X.X.X.91/32 *[Local/0] 4d 16:07:33
 Local via ge-0/0/4.0
Z.Z.Z.0/24 *[Direct/0] 5d 21:13:05
 > via ge-0/0/6.0
Z.Z.Z.47/32 *[Local/0] 5d 21:13:05
 Local via ge-0/0/6.0
Y.Y.Y.47/32 *[Local/0] 4d 16:07:15
 Local via pp0.0
192.168.30.0/24 *[Direct/0] 5d 21:13:29
 > via ge-0/0/3.0
192.168.30.1/32 *[Local/0] 5d 21:13:34
 Local via ge-0/0/3.0
192.168.33.0/24 *[Direct/0] 5d 21:13:29
 > via ge-0/0/1.0
192.168.33.10/32 *[Local/0] 5d 21:13:34
 Local via ge-0/0/1.0
192.168.88.0/24 *[Direct/0] 5d 21:13:31
 > via ge-0/0/15.0
192.168.88.8/32 *[Local/0] 5d 21:13:31
 Local via ge-0/0/15.0
192.168.89.0/24 *[Direct/0] 5d 21:13:29
 > via ge-0/0/2.0
192.168.89.1/32 *[Local/0] 5d 21:13:34
 Local via ge-0/0/2.0
193.253.160.3/32 *[Direct/0] 4d 16:07:15
 > via pp0.0

Here is my config :

routing-options {
    static {
        route 0.0.0.0/0 next-table RouteLANInternet.inet.0;
     }
    rib-groups {
        LAN-External {
            import-rib [ RouteWifiCameraInternetOrange.inet.0 RouteLANInternet.inet.0 ];
        }
    }
    forwarding-table {
        export load-balancing-policy;
    }
}

(...)
routing-instances {
    RouteLANInternet {
        instance-type virtual-router;
        interface ge-0/0/5.0;
        interface ge-0/0/15.0;
        interface pp0.0;
        interface st0.0;
        routing-options {
            interface-routes {
                rib-group inet LAN-External;
            }
            # le lan sort sur le lien Orange
            static {
                route 10.3.0.0/21 next-hop st0.0;
                route 0.0.0.0/0 next-hop pp0.0;
            }
        }
    }
    RouteWifiCameraInternetOrange {
        instance-type virtual-router;
        interface ge-0/0/1.0;
        interface ge-0/0/2.0;
        interface ge-0/0/3.0;
        interface ge-0/0/4.0;
        interface ge-0/0/6.0;
        routing-options {
            interface-routes {
                rib-group inet LAN-External;
            }
            static {
                route 0.0.0.0/0 next-hop X.X.X.91;
            }
        }
    }
}

I'm using RIB group to import ribs between instance, because they do need to communicate (LAN must have access to Wifi).

If I'm adding in global routing-options the default route to 0.0.0.0 

static {
    route 0.0.0.0/0 next-table RouteLANInternet.inet.0;
}

Then I have a different result :

root@srx> set date ntp
20 Nov 10:19:37 ntpdate[39077]: sendto/sendmsg(195.83.132.135): No route to host
20 Nov 10:19:38 ntpdate[39077]: sendto/sendmsg(195.83.132.135): No route to host
20 Nov 10:19:39 ntpdate[39077]: sendto/sendmsg(195.83.132.135): No route to host
20 Nov 10:19:40 ntpdate[39077]: sendto/sendmsg(195.83.132.135): No route to host
20 Nov 10:19:41 ntpdate[39077]: no server suitable for synchronization found

and show route clearly shows that inet.0 does not have any route to follow :

root@srx> show route

inet.0: 1 destinations, 1 routes (1 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

192.168.1.1/32     *[Local/0] 5d 21:29:05
                      Reject

I'm a bit lost for now, so any help is welcome 🙂

Hi,

Please follow the KB: https://kb.juniper.net/InfoCenter/index?page=content&id=KB22499&actp=METADATA

Thanks for the link, it was indeed what was missing !