SRX Services Gateway
Highlighted
SRX Services Gateway

SRX 3400 Chassis Cluster with Reth interfaces in same subnet

‎03-31-2014 11:13 PM

Dear All,

 

I'm configuring two SRX 3400 with 2 Reth interfaces in the same subnet and I think I'm having ARP issues as I see some interfaces as being up and can't ping from them while others are down and pingable ?  Are there any known issues related with using two Reth interfaces in the same subnet and same broadcast domain ?

Thanks,
Hisham

Please accept my comment as a solution, if it helped in resolving your issue, to help guide other commentators and encourage others.
8 REPLIES 8
Highlighted
SRX Services Gateway

Re: SRX 3400 Chassis Cluster with Reth interfaces in same subnet

‎03-31-2014 11:23 PM

Are both of the reth interfaces in same routing-instance or differnet one?

If there are no routing-instance configured, it doesn't make sense to have two interfaces in same subnet.

Do you have any specific use-case/requirement to have same subnet IPs?

 

Regards,

Raveen

Note: If this answers your question, you could mark this post as accepted solution, that way it helps others as well. Kudos will be cool if I earned it!
Highlighted
SRX Services Gateway

Re: SRX 3400 Chassis Cluster with Reth interfaces in same subnet

‎04-01-2014 10:33 PM

Yes both are in same routing instance .  This is the user requirements in order to configure seperate IPSec VPN Peer gateways for seperate clients.

Thanks,
Hisham

Please accept my comment as a solution, if it helped in resolving your issue, to help guide other commentators and encourage others.
Highlighted
SRX Services Gateway

Re: SRX 3400 Chassis Cluster with Reth interfaces in same subnet

‎04-01-2014 10:53 PM

There are no known issues as such with two interfaces in the same broadcast domain.

BUt thinking of it from newtwork terms, two interfaces can reach the same boracast domain, now the SRX would choose the interface with the highest interface ID as the prefereed outgoing interface.

 

It is not ana dvisible design to have two interfaces on the same broadcast domain.

 

c_r

[Click the "Star" for Kudos if you think I earned it!
If this solution worked for you please flag my post as an "Accepted Solution" so others can benefit..]

Highlighted
SRX Services Gateway

Re: SRX 3400 Chassis Cluster with Reth interfaces in same subnet

‎04-01-2014 11:04 PM

Overlapping IPs for a given subnet is not recommended to be configured on the same routing-instance.

To have your requirement met, you will have to create routing-instance logically seperate traffic.

 

Regards,

Raveen

Note: If this answers your question, you could mark this post as accepted solution, that way it helps others as well. Kudos will be cool if I earned it!
Highlighted
SRX Services Gateway

Re: SRX 3400 Chassis Cluster with Reth interfaces in same subnet

‎04-01-2014 11:12 PM

Are there any technical specifics to why it is not recommended as I have a common vpn tunnel on one of the interfaces so I can't seperate them ( or it would make it very complicated ) with a routing instance .

Thanks,
Hisham

Please accept my comment as a solution, if it helped in resolving your issue, to help guide other commentators and encourage others.
Highlighted
SRX Services Gateway
Solution
Accepted by topic author elkadiki
‎08-26-2015 01:27 AM

Re: SRX 3400 Chassis Cluster with Reth interfaces in same subnet

‎04-01-2014 11:25 PM

Hello

 

If you have two interfaces configured with IPs overlapping from same subnet.

Junos will have to two create direct-route like below for same esubnet:

 

Configuration:

 

*********

root# show interfaces
ge-0/0/0 {
    unit 0 {
        family inet {
            address 10.10.10.1/24;
        }
    }
}
ge-0/0/6 {
    unit 0 {
        family inet {
            address 10.10.10.2/24;
        }
    }
}

*********

*********

root> show route


10.10.10.0/24      *[Direct/0] 00:00:19
                    > via ge-0/0/0.0
                    [Direct/0] 00:00:19
                    > via ge-0/0/6.0
10.10.10.1/32      *[Local/0] 00:00:19
                      Local via ge-0/0/0.0
10.10.10.2/32      *[Local/0] 00:00:19
                      Local via ge-0/0/6.0

**********

 

While processing traffic, you would see behavior like you are experiencing now.

 

Hence it is recommended to have routing-instace configured for overlapping IPs of a subnet.

Hope this clarifies!

 

Regards,

Raveen

Note: If this answers your question, you could mark this post as accepted solution, that way it helps others as well. Kudos will be cool if I earned it!
Highlighted
SRX Services Gateway

Re: SRX 3400 Chassis Cluster with Reth interfaces in same subnet

‎04-01-2014 11:44 PM

The thing is I'm configuring route based vpn on the reth interfaces, so I had issues with route based vpn in a routing instance and had to remove the reth interface outside of the virtual router. Is there a better way to do it ?

Thanks,
Hisham

Please accept my comment as a solution, if it helped in resolving your issue, to help guide other commentators and encourage others.
Highlighted
SRX Services Gateway

Re: SRX 3400 Chassis Cluster with Reth interfaces in same subnet

‎04-02-2014 01:58 AM

Route based VPN in routing-instance should not be that challenging!

You could refer below KB for example:

 

http://kb.juniper.net/InfoCenter/index?page=content&id=KB21487

 

Regards,

Raveen

Note: If this answers your question, you could mark this post as accepted solution, that way it helps others as well. Kudos will be cool if I earned it!