SRX Services Gateway
Highlighted
SRX Services Gateway

SRX Default Route Not in Table - Wha?

[ Edited ]
‎01-08-2013 11:14 AM

We are deploying an SRX210-HE with a T1 ePIM module to a remote site. I'm running Junos 12.1R4.7 with a setup like this:

 

t1-1/0/0 Trust 192.168.1.2/30

ge-0/0/0 Untrust 192.168.2.1/24

 

I can see routes created from interfaces on my device and I can create a route for something like this:

 

set routing-options static route 192.168.3.0/24 next-hop 192.168.2.10 no-resolve

 

And the route shows up in the routing table as expected.

 

If I add a default route to point at the other end of my T1 (i.e. my core router) the route does not show up in the routing table:

 

set routing-options static route 0.0.0.0/0 next-hop 192.168.1.1

 

The route is in the configuration but does not enter the routing table. If I try to ping a subnet that would be at the end of my T1 I get 'route not found' or something to that effect.

 

This is true even when the T1 interface is up, if I add 'no-resolve', do not use 'no-resolve', etc.

 

I have used ScreenOS, Junos on routers, switches, etc so this isn't my first rodeo when it comes to routing or Junos.

 

It is however our first foray into using an SRX in production.

 

I'm thinking that there has to be something in an SRX that I need to do in order to get a default route to show up - virtual router, policy, protocol, something - but I'm unsure as to what that should be.

 

Docs I have seen do not show any difference than with a non-ES Junos device as far as a default route goes.

 

I would be grateful for a kick n the pants toward the right direction or the missing piece that is eluding me at this point.

 

 

 

11 REPLIES 11
Highlighted
SRX Services Gateway

Re: SRX Default Route Not in Table - Wha?

‎01-08-2013 01:38 PM

Ok - so my stupid question of the day would be:

 

Do you see the local / direct routes for the associated interface? 

Kevin Barker
JNCIP-SEC
JNCIS-ENT, FWV, SSL, WLAN
JNCIA-ER, EX, IDP, UAC, WX
Juniper Networks Certified Instructor
Juniper Networks Ambassador

Juniper Elite Reseller
J-Partner Service Specialist - Implementation

If this worked for you please flag my post as an "Accepted Solution" so others can benefit. A kudo would be cool if you think I earned it.
Highlighted
SRX Services Gateway

Re: SRX Default Route Not in Table - Wha?

‎01-08-2013 02:20 PM

Here is what I see with 'show route' and 'show route hidden'

 

root@firewall> show route

 

inet.0: 5 destinations, 5 routes (5 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

192.168.3.0/24 *[Static/5] 00:00:06 > to 192.168.2.1 via ge-0/0/0.0


192.168.2.0/24 *[Direct/0] 00:00:06 > via ge-0/0/0.0

 

192.168.2.1/32 *[Local/0] 00:02:26 Local via ge-0/0/0.0

 

192.168.10.49/32 *[Direct/0] 00:03:23 > via lo0.0

 

192.168.1.2/32 *[Local/0] 00:02:20 Reject

 

root@firewall> show route hidden

inet.0: 3 destinations, 3 routes (3 active, 0 holddown, 0 hidden)

 

t1-1/0/0 is 192.168.1.2 and is down in this example (not connected to other end of the link).

 

If I connect t1-1/0/0 the last entry is replaced by the following when I view the route table:

 

192.168.1.0/30 *[Direct/0] 00:05:08 via t1-1/0/0.0

 

192.168.1.2/32 *[Local/0] 00:05:08 via t1-1/0/0.0

 

'show route hidden' shows 6 destinations, 6 routes (6 active, 0 holdown, 0 hidden)

 

 

Highlighted
SRX Services Gateway

Re: SRX Default Route Not in Table - Wha?

‎01-08-2013 02:36 PM

As long as the other end is reachable the route should show up in the table. Reachability is a seperate issue.The one thought I had was is the I/F in a zone. That might be an issue. You don't need a policy but I am not sure what the impact would be if the I/F was not assigned to a zone (assuming you are not running in packet mode.)

 

Kevin Barker
JNCIP-SEC
JNCIS-ENT, FWV, SSL, WLAN
JNCIA-ER, EX, IDP, UAC, WX
Juniper Networks Certified Instructor
Juniper Networks Ambassador

Juniper Elite Reseller
J-Partner Service Specialist - Implementation

If this worked for you please flag my post as an "Accepted Solution" so others can benefit. A kudo would be cool if you think I earned it.
Highlighted
SRX Services Gateway

Re: SRX Default Route Not in Table - Wha?

‎01-08-2013 02:36 PM

SRX config attached

Attachments

Highlighted
SRX Services Gateway

Re: SRX Default Route Not in Table - Wha?

‎01-08-2013 02:41 PM

I could get around all of this in packet mode.

 

If I don't have the T1 inf in a zone I wouldn't be able to form another zone anywhere (another interface) as the equipment is at the site of another agency so we have Trust (them) and Untrust (how we get to them).

 

I do have SSG 20 running in this type of configuration so I figured that this would be a slam dunk as far as porting to SRX platform...guess I should know better at this point in IT Smiley Happy

Highlighted
SRX Services Gateway

Re: SRX Default Route Not in Table - Wha?

‎01-08-2013 02:49 PM

Wow - config looks just fine. I am hanging out today with another Juniper SE and he looked at it also and we can't see anything that would prevent the route from being populated. 

Kevin Barker
JNCIP-SEC
JNCIS-ENT, FWV, SSL, WLAN
JNCIA-ER, EX, IDP, UAC, WX
Juniper Networks Certified Instructor
Juniper Networks Ambassador

Juniper Elite Reseller
J-Partner Service Specialist - Implementation

If this worked for you please flag my post as an "Accepted Solution" so others can benefit. A kudo would be cool if you think I earned it.
Highlighted
SRX Services Gateway

Re: SRX Default Route Not in Table - Wha?

‎01-08-2013 02:50 PM

I'm thinking I will open a JTAC ticket and see if I can get some answers, will back port the answer to this thread to help out anyone else.

 

The SRX is brand new (as is the T1 module) so I can't rule out something related to being new, etc.

Highlighted
SRX Services Gateway

Re: SRX Default Route Not in Table - Wha?

‎01-10-2013 10:06 AM

The explanation is that I'm a dumbass. Smiley Sad

 

I transcribed the configuration here properly, what I didn't do was account for the fact that I was trying to assign the same /30 that the T1 interface is using as the next-hop.

 

So instead of having the remove end be something like 192.168.1.1/30 and the SRX end 192.168.1.2/30 I kept switching the two in the actual configuration so I would have set routing-options static route 0.0.0.0/0 next-hop 192.168.1.2 where 192.168.1.2 was actually the IP address of the T1 interface rather than the actual next-hop address.

 

So Junos will take (commit) a route like this but will not put it into the routing table.

 

If someone else runs across this type of a situation be sure to verify that the interface and next-hop addresses you are using are correct.

 

Thanks to MuttBarker for weighing in on this one, sorry to waste everyone's time.

Highlighted
SRX Services Gateway

Re: SRX Default Route Not in Table - Wha?

‎01-11-2013 08:06 AM

Hey Nate - thanks for the update and for the explaination. Sometimes the simplest things are the hardest to see. 

Kevin Barker
JNCIP-SEC
JNCIS-ENT, FWV, SSL, WLAN
JNCIA-ER, EX, IDP, UAC, WX
Juniper Networks Certified Instructor
Juniper Networks Ambassador

Juniper Elite Reseller
J-Partner Service Specialist - Implementation

If this worked for you please flag my post as an "Accepted Solution" so others can benefit. A kudo would be cool if you think I earned it.
Highlighted
SRX Services Gateway

Re: SRX Default Route Not in Table - Wha?

‎07-08-2016 08:22 AM

I realize I'm dragging up an old post, but I was having very similar issues. I knew deep down I was doing something quite idiotic but kept looking for more technical answers as to why my routing instance wasn't working and why routes weren't showing in the forwarding table. Turns out I accidentally forgot to append /24 to my interface address. Since it was then a /32 naturally it couldn't communicate with anything else in the subnet.

Highlighted
SRX Services Gateway

Re: SRX Default Route Not in Table - Wha?

‎02-12-2019 05:48 AM

@NateK wrote:

The explanation is that I'm a dumbass. Smiley Sad

 

I transcribed the configuration here properly, what I didn't do was account for the fact that I was trying to assign the same /30 that the T1 interface is using as the next-hop.

 

So instead of having the remove end be something like 192.168.1.1/30 and the SRX end 192.168.1.2/30 I kept switching the two in the actual configuration so I would have set routing-options static route 0.0.0.0/0 next-hop 192.168.1.2 where 192.168.1.2 was actually the IP address of the T1 interface rather than the actual next-hop address.

 

So Junos will take (commit) a route like this but will not put it into the routing table.

 

If someone else runs across this type of a situation be sure to verify that the interface and next-hop addresses you are using are correct.

 

Thanks to MuttBarker for weighing in on this one, sorry to waste everyone's time.


Digging up a really old post here I know but thanks for taking the time to post this, as I similarly had just made the exact same mistake, went googling for why an SRX wouldn't show a default route and found this post.

 

I had indeed mixed up using the next-hop address of the default gateway as the actual interface IP on the SRX instead of the proper default gateway IP and couldn't work out why my default route was not showing in the routing table.