SRX Services Gateway
SRX Services Gateway

static route to multipoint st0.0 does not show up in routing table

‎06-07-2012 06:45 AM

I have a situation where I am adding a static route to a multipoint tunnel interface (st0.0) but it is not showing up in the routing table. Does anyone know why this does not work?

 

Details....

I am converting a working route based VPN tunnel from using a dedicated tunnel interface (st0.0) to the tunnel interface being multipoint. Before I changed the st0.0 interface to multipoint I had a static route where the next-hop was set to "st0.0" and that worked.

 

Now when I add the 192.168.22.0/24 static route, if the next-hop refers to the st0.0 interface or the tunnel ip in that interface the route just does not show up in the route table.

 

As a test I tried the static route using my second ISP's gateway IP as the next-hop and that route does show up as expected.

 

These are routes I tried. They all commit without error, but none of them result in a route showing up in the table.

set routing-options static route 192.168.22.0/24 next-hop 172.16.254.22  #this is the NHT IP on st0.0
set routing-options static route 192.168.22.0/24 qualified-next-hop 172.16.254.22 interface st0.0
set routing-options static route 192.168.22.0/24 next-hop st0.0 # just as a test

 

These commands show that the static route for 192.168.22.0/24 is in the routing-options section, but there is no entry for 192.168.22* in the routing table and in fact the route for an IP in that subnet does not follow the static route I specified. (the config was fully committed at the time)

{primary:node0}[edit]
bobg@gateway-th1# show routing-options | display set| match 192.168.22
set routing-options static route 192.168.22.0/24 next-hop 172.16.254.22

{primary:node0}[edit]
bobg@gateway-th1# run show route | match 192.168.22

{primary:node0}[edit]
bobg@gateway-th1# run show route 192.168.22.1                            

inet.0: 24 destinations, 24 routes (24 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

0.0.0.0/0          *[Static/5] 21:24:06
                    > to <my public IP - redacted> via reth0.0

{primary:node0}[edit]
bobg@gateway-th1#

 

 

 This is my st0 config

 show interfaces st0 
unit 0 {
    description "Data center VPN Interface. 172.16.254.0/24 is only used locally to distinguish next-hop in routes ";
    multipoint;
    family inet {
        next-hop-tunnel 172.16.254.22 ipsec-vpn BGSiteVPN;
        address 172.16.254.1/24;
    }
}

 

routes for the st0.0 interface (172.16.254.0/24 -> st0.0, 172.16.254.1/32 -> st0.0)  do show up in the routing table as expected

 

--BobG

 

 

 

 

 

 

 

6 REPLIES 6
SRX Services Gateway

Re: static route to multipoint st0.0 does not show up in routing table

‎06-07-2012 08:05 AM

A little more information....

 

The IKE SA gets created for this VPN but the ipsec SA's do not .

 

--BobG

SRX Services Gateway

Re: static route to multipoint st0.0 does not show up in routing table

‎06-07-2012 09:04 AM

Well, while I was trying to debug this, it just started working.  Maybe there was some state left over that had to time out. I had clreared the ike and ipsec SA and restarted the remote gateway but the problem persisted after those actions.

 

I had not made any substanative change -- I just removed the proxy-id setting from the ipsec vpn object  and then when I put it back in and committed, it started working. I know the proxy-id settings had been correct before because the vpn tunnel worked before I made the multipoint change.

 

I guess I should have restarted the SRX Smiley Happy

 

--BobG

 

 

SRX Services Gateway

Re: static route to multipoint st0.0 does not show up in routing table

‎09-04-2012 03:50 AM

Hi Bob,

 

did you find the reason why the route is not there ? I have also the same problems but my routes did not come up.

I am getting crazy ;-)

 

Br Daniel

SRX Services Gateway

Re: static route to multipoint st0.0 does not show up in routing table

‎03-08-2015 03:03 PM

Remember to add family inet or inet6.

    st0 {
        unit 0 {
            family inet;
        }
        unit 1 {
            family inet;
        }
    }

 

in your interface definitions.

 

Caught me out when I was banging my head why my static routes weren't in the routing table!

SRX Services Gateway

Re: static route to multipoint st0.0 does not show up in routing table

‎03-08-2015 04:04 PM

Start looking as to why IPSec is not being established, if IPSec doesn't establish first then you won't see routes in the route table. 

 

I'd start off with traceoptions to see why phase 2 is not coming up.  Also is the st0.0 interface assigned to a zone?

SRX Services Gateway

Re: static route to multipoint st0.0 does not show up in routing table

‎01-30-2019 05:28 PM

'family inet' was it! spent about an hour trying to figure out why my route wasnt showing up..