SRX

Hi all,

I've been on two Juniper courses recently and started to work on my labs to prepare for my exams and just get some more experience.

I have Cisco VIRL and study at lot with these so decided to put a couple of vSRX in my lab and have a play around.

I've setup the clustering and all is well there got my FXP, FAB and EM0 interfaces all setup and playing nicely.

I then came to be setting up my Reth's and figured LACP from my L2 VIRL switch would be the way to go in order to failover my cluster. I think in the lab during the course we used LAG but I assumed LACP would do the same thing.

Problem I have is that with a manual failover of the cluster the two interfaces in my LACP remain in a Passive state and the traffic from a ping (for example) still tries to travel down Gi0/0 instead of Gi0/1. I get a message in Wireshark on the 2^nd link to state "Gratuitous ARP for 172.16.1.1 (Request)" however even after ARP it still insists on travelling down Gi0/0 unless I hard shutdown the interface or the Node which forces the LACP to use Gi0/1. I guess this means it kind of works but surely LACP should be clever enough to know a failover has been committed and that interface is now not the one to use?

I've tried to set this up as active active, active passive, passive active with the same result on all.

I've got copies of my configuration below:

vSRX

interfaces {
    ge-0/0/2 {
        gigether-options {
            redundant-parent reth0;
        }
    }
    ge-7/0/2 {
        gigether-options {
            redundant-parent reth0;


    reth0 {
        redundant-ether-options {
            redundancy-group 1;
            lacp {
                active;
                periodic slow;
            }
        }
        unit 0 {
            family inet {
                address 172.16.1.1/24;
            }

Cisco IOS VIRL

interface Port-channel1
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet0/0
switchport trunk encapsulation dot1q
switchport mode trunk
media-type rj45
negotiation auto
channel-group 1 mode passive
!
interface GigabitEthernet0/1
switchport trunk encapsulation dot1q
switchport mode trunk
media-type rj45
negotiation auto
channel-group 1 mode passive

Another side issue I seem to have is once I failover and then reset the redundancy group and then manually fail back I seem to drop the ICMP packets with this message in Wireshark "Echo (ping) request  id=0x9f0b, seq=2039/63239, ttl=64 (no response found!)" has anyone had problems with this after a manual failover and back before?

A restart of the vSRX fixes this issue. I've tried various methods to monitor the traffic/flow to capture what it’s doing with this packet, but none have helped me so far.

Am I just being a victim of gremlins in the system because I'm virtualising this on my laptop with 3rd party tools?

Thanks,

Charles

Hi Charles,

LACP and SRX chassis clusters works a bit different than most people think. You need to configure a Port-Channel towards each node in the chassis cluster - but it's still the same reth on the cluster side.

This example describes it very well - no need to write a wrapped up version here.

https://www.juniper.net/documentation/en_US/junos/topics/example/interface-security-aggregated-ethernet-lacp-chassis-cluster-configuring.html

Huge Thanks Jonas,

Didn't even have to click the link as soon as you said it made sense now working perfectly!

Now on to OSPF and BGP setup.

Thanks,

Charles