SRX Services Gateway
Highlighted
SRX Services Gateway

SRX320 SFP Leased Line routing

Tuesday

Hi

 

I have a SRX320 

 

Currently i have a SFP module in port ge-0/0/6 which is LC/LC to the ISP's ADVA Layer 2 device

 

when i do "show chassis hardware" the SFP, serial number etc is shown. 

 

Link LED's are green and activity flickers now and again.

 

I have programmed Port GE-0/0/6 with the ISP's IP they gave me which is a /29

 

I have added a static route of 0.0.0.0/0 to 93.x.x.x (ISP's gateway IP)

 

I have 2 Zones Trust and untrust and have set Trust to untrust ANY ANY PERMIT

 

Ive set up around 30 junipers for remote offices no problem, but this one is giving me a headache.

 

Do i have todo anything with the SFP or mode or anything it just doesnt seem to pass any traffic to the internet. I cant even ping the ISP's gateway.

 

not sure if im missing something!?

8 REPLIES 8
Highlighted
SRX Services Gateway

Re: SRX320 SFP Leased Line routing

Tuesday

Hi Tom,

 

Can you check whether the ARP is resolved for the Gateway? - user@host> show arp no-resolve

 

If you don't see ARP entry, perform the following command and check whether you are seeing ARP IN and OUT packets. user@host> monitor traffic interface <interface-name> no-resolve size 1500 

 

Also, please check the IP address and subnet value once whether it falls under a valid range.

 

If ARP is resolved and still you can't reach the Internet Gateway, we need to check whether SRX is sending the ICMP packets out or not. We can determine this using a tcpdump.

 

How about rebooting the device once if you think something abnormal is happening in this device?



Thanks,
π00bm@$t€®.
Please, Mark My Solution Accepted if it Helped, Kudos are Appreciated too!!!
Highlighted
SRX Services Gateway

Re: SRX320 SFP Leased Line routing

Tuesday

when i do "show arp no-resolve" it only shows my internal GE-0/0/1.0 (not the ge-0/0/6)

 

i then do monitor traffic interface ge-0/0/6 no-resolve and it outputs

 

listinging on ge-0/0/6

18:25:15 Out arp who-has 93.x.x.1 tell 93.x.x.2

 

93.x.x.1 being my default gateway to ISP (that they gave me)

93.x.x.2 being the IP i gave the GE-0/0/6 interface

Highlighted
SRX Services Gateway

Re: SRX320 SFP Leased Line routing

Tuesday

Hello Tom,

 

It looks like SRX is trying to resolve the ARP but it is not getting ARP reply from the next-hop device. If you see the output, we are sending the ARP request - OUT but not receiving ARP reply - IN.

 

Can you please check with the ISP once?



Thanks,
π00bm@$t€®.
Please, Mark My Solution Accepted if it Helped, Kudos are Appreciated too!!!
Highlighted
SRX Services Gateway

Re: SRX320 SFP Leased Line routing

Wednesday

Thinking out loud.. does the ISP hand of the internet connection untagged or do you need to configure ge-0/0/6 with a vlan-tag to match the ISP configuration?

 

But overall - agree with noobmaster. It looks like the SRX is working but cannot reach the ISP gateway.


--
Best regards,

Jonas Hauge Klingenberg
Juniper Ambassador & Technology Architect, SEC DATACOM A/S (Denmark)
Highlighted
SRX Services Gateway

Re: SRX320 SFP Leased Line routing

Wednesday
I have little handover information from ISP but this is how it’s presented

Fibre comes in from street

Plugs into fibre device (ADVA FSP150)

Fibre then comes out this device and plugs into my SFP in my juniper

I think this is a point to point link, and the upstream gateway is in the data enter at the other end (I think)

When doing ARP commands my SFP interface doesn’t show in the ARP table

I haven’t been told any settings in regards to VLAN etc from the isp
Highlighted
SRX Services Gateway

Re: SRX320 SFP Leased Line routing

Wednesday

As noobmaster suggests, you need to involve your ISP to solve this efficiently.

 


--
Best regards,

Jonas Hauge Klingenberg
Juniper Ambassador & Technology Architect, SEC DATACOM A/S (Denmark)
Highlighted
SRX Services Gateway

Re: SRX320 SFP Leased Line routing

Wednesday

Have you added your optical interface ge-0/0/6.0 to the untrust security zone and remove any default entry that is there.

set security zone security-zone untrust interface ge-0/0/6.0

 

Confirm your optic is linked up that the status shows both admin and link up

show interface terse ge-0/0/6

 

There are no alarms related to the link or optic

show chassis alarms

show interface diagnostics optics ge-0/0/6

 

 

Steve Puluka BSEET - Juniper Ambassador
IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)
http://puluka.com/home
Highlighted
SRX Services Gateway

Re: SRX320 SFP Leased Line routing

2 hours ago

not sure why everytime i post here it gets deleted?

Feedback