vSRX
vSRX

Unable to ping PC when vsrx is in Cluster mode

‎02-04-2018 04:00 AM
Spoiler
vsrx

Hi Team

I guess am doing something wrong but can someone look at this.

I have 2 vSRX in cluster mode on eve-ng (simulation tool). I cannot ping the PC connected. Please see config and topology attached. any ideas please?

 

Attachments

7 REPLIES 7
vSRX

Re: Unable to ping PC when vsrx is in Cluster mode

‎02-04-2018 04:01 AM

Please see topologtopology.PNG

vSRX

Re: Unable to ping PC when vsrx is in Cluster mode

‎02-04-2018 09:10 PM

Hello 

 

I am not familiar with the eve-ng virtualization software, but looks like the control and fab L2 connectivity are working fine since the cluster is healthy. Therefore I dont see any reason why the LAN L2 connectivity should have a problem.

 

Did you get a chance to check the arp table on the srx "show arp no-resolve" on the vSRX and the mac-address table on the switch?

 

Regards,

 

Vikas

vSRX

Re: Unable to ping PC when vsrx is in Cluster mode

‎02-04-2018 09:13 PM

Hello 

 

One more thing, to eliminate the switch:

configure a new port ge-0/0/3 on the vSRX cluster

no need to put it in a reth

you can give it an IP and connect a PC directly to ge-0/0/3 and check L2/L3 connectivity

Regards,

 

Vikas

vSRX

Re: Unable to ping PC when vsrx is in Cluster mode

‎02-05-2018 04:50 AM

yes it looks like a eve-ng issue. I have started from scratch: one vsrx, one pc, one switch and one pc. And I can ping. as soon as I enable chasis cluster and reboot (set chassis cluster cluster-id 1 node 0 reboot), I cannot ping again.

vSRX
Solution
Accepted by topic author Kchange07
‎11-12-2018 01:52 AM

Re: Unable to ping PC when vsrx is in Cluster mode

[ Edited ]
‎08-11-2018 05:01 AM

ge-0/0/2 is actually ge-0/0/1 in eve-ng.

 

so

replace pattern ge-0/0/2 with ge-0/0/1

replace pattern ge-7/0/2 with ge-7/0/1

pleae check if this resolves your issue. I replicated your topology and from PC I can ping reth0.0 IP on SRX and vice versa.

 

My Config

=========

set chassis cluster control-link-recovery
set chassis cluster reth-count 2
set chassis cluster redundancy-group 0 node 0 priority 200
set chassis cluster redundancy-group 0 node 1 priority 100
set chassis cluster redundancy-group 1 node 0 priority 200
set chassis cluster redundancy-group 1 node 1 priority 100

 

set interfaces ge-0/0/1 gigether-options redundant-parent reth0
set interfaces ge-7/0/1 gigether-options redundant-parent reth0
set interfaces fab0 fabric-options member-interfaces ge-0/0/0
set interfaces fab1 fabric-options member-interfaces ge-7/0/0

set interfaces reth0 redundant-ether-options redundancy-group 1
set interfaces reth0 unit 0 family inet address 10.10.10.1/24

 

=======

root> show chassis cluster status
Monitor Failure codes:
    CS  Cold Sync monitoring        FL  Fabric Connection monitoring
    GR  GRES monitoring             HW  Hardware monitoring
    IF  Interface monitoring        IP  IP monitoring
    LB  Loopback monitoring         MB  Mbuf monitoring
    NH  Nexthop monitoring          NP  NPC monitoring              
    SP  SPU monitoring              SM  Schedule monitoring
    CF  Config Sync monitoring
 
Cluster ID: 1
Node   Priority Status         Preempt Manual   Monitor-failures

Redundancy group: 0 , Failover count: 1
node0  200      primary        no      no       None           
node1  100      secondary      no      no       None           

Redundancy group: 1 , Failover count: 1
node0  200      primary        no      no       None           
node1  100      secondary      no      no       None           

{primary:node0}
root> show chassis cluster interfaces
Control link status: Up

Control interfaces:
    Index   Interface   Monitored-Status   Internal-SA   Security
    0       em0         Up                 Disabled      Disabled  

Fabric link status: Up

Fabric interfaces:
    Name    Child-interface    Status                    Security
                               (Physical/Monitored)
    fab0    ge-0/0/0           Up   / Up                 Disabled   
    fab0   
    fab1    ge-7/0/0           Up   / Up                 Disabled   
    fab1   

Redundant-ethernet Information:     
    Name         Status      Redundancy-group
    reth0        Up          1                
    reth1        Down        Not configured   
   
Redundant-pseudo-interface Information:
    Name         Status      Redundancy-group
    lo0          Up          0                

{primary:node0}

VPC

====

VPCS> ip 10.10.10.10/24 10.10.10.1
Checking for duplicate address...
PC1 : 10.10.10.10 255.255.255.0 gateway 10.10.10.1

VPCS> ping 10.10.10.1

84 bytes from 10.10.10.1 icmp_seq=1 ttl=64 time=63.270 ms
84 bytes from 10.10.10.1 icmp_seq=2 ttl=64 time=1.071 ms
84 bytes from 10.10.10.1 icmp_seq=3 ttl=64 time=1.110 ms
84 bytes from 10.10.10.1 icmp_seq=4 ttl=64 time=0.842 ms
84 bytes from 10.10.10.1 icmp_seq=5 ttl=64 time=1.033 ms


SRX

======

root> ping 10.10.10.10
PING 10.10.10.10 (10.10.10.10): 56 data bytes
64 bytes from 10.10.10.10: icmp_seq=0 ttl=64 time=5.059 ms
64 bytes from 10.10.10.10: icmp_seq=1 ttl=64 time=3.487 ms
64 bytes from 10.10.10.10: icmp_seq=2 ttl=64 time=3.616 ms
^C
--- 10.10.10.10 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max/stddev = 3.487/4.054/5.059/0.713 ms

{primary:node0}
root> show arp no-resolve
MAC Address       Address         Interface         Flags
00:50:79:66:68:04 10.10.10.10     reth0.0                  none
4c:96:14:70:bf:b0 30.17.0.2       fab0.0                   permanent
4c:96:14:8d:7a:b0 30.18.0.1       fab1.0                   permanent
50:00:00:01:00:01 129.16.0.16     em0.0                    none
02:00:00:02:01:04 130.16.0.1      em0.0                    none
50:00:00:02:00:01 130.16.0.16     em0.0                    none
aa:bb:cc:dd:ee:ff 192.168.1.1     em1.32768                none

 

 

 

vSRX

Re: Unable to ping PC when vsrx is in Cluster mode

3 weeks ago

Hi, iam using eve-ng and vSRX release :

Junos: 15.1X49-D180.2
JUNOS Software Release [15.1X49-D180.2]

 

follow the standard configuration, but i cannot ping the reth0.0 form my switch and vice versa, i noticed also thats the is no apr request/reply from/to  Juniper

 

Any idea ?

 

Thanks

 

regards

vSRX

Re: Unable to ping PC when vsrx is in Cluster mode

3 weeks ago
Hello,

This may happen if the interface reth0.0 is not associated with a security zone. Could you please check this?

Associating an interface with a security zone and allow ping:
set security zone security-zone interface reth0.0
set security zone security-zone host-inbound-traffic system-services ping

Could you please provide the output of? show configuration | display set | match reth0

I hope this helps. Best Regards,

Vikas



Juniper Business Use Only