Re: [j-nsp] OSPF neig / SRX cluster / LACP
You'll see in Cooper's blog that both nodes are going back into a *single* EX
switch with *two* ae interfaces configured - one to each node.
These ae links have two ports allocated to them.
All LACP does is provide redundancy/balancing between ports to the primary node
- the secondary node will be down from a reth perspective, even if the LACP
shows as up.
On 16 Jan 2014, at 4:42 pm, Samol wrote:
> Hi Aaron,
>
> LACP is running on the reth interface and reth's are up. below is the
> configuration:
>
> Admin@coolSRX# show interfaces reth1
> vlan-tagging;
> redundant-ether-options {
>redundancy-group 1;
>lacp {
>passive;
>periodic fast;
>}
> }
>
> this link was successful for this. http://cooperlees.com/blog/?p=401
>
>
>
> 2014/1/16 Aaron Dewell :
>>
>> reth interfaces are for failover not for bundle. You can use two LAGs
>> within a reth interface (multiple interface on a single node in a LAG) but
>> not across both. It's up (probably) because you aren't running LACP. If
>> you turn on LACP, then various links will be down. I'm going to guess
>> that's why the OSPF session from the right MX is down - because the MX is
>> transmitting to the wrong node for that redundancy-group and it's being
>> ignored.
>>
>> On Jan 15, 2014, at 11:52 PM, Samol wrote:
>>> I can't access to the devices at the moment, but basically what we did
>>> was under each routing instance, we just put the interfaces inside the
>>> ospf area. very straight forward configuration of ospf. I have thought
>>> of links LAG from MX should only connect to each node individually.
>>> but it's interesting that LAG are running even though links are
>>> connected two different nodes (this is for Reth interface). But I
>>> tried to use AE interface on SRX cluster, the theory is true that we
>>> can't bundle two links that land on different node. we just can't
>>> commit. that is the reason we move to Reth.
>>>
>>>
>>> Regards,
>>>
>>>
>>>
>>>
>>> 2014/1/16 Ben Dale :
I'm surprised that this is even working at all.
http://www.juniper.net/techpubs/en_US/junos12.2/topics/concept/interface-security-aggregated-ethernet-lacp-chassis-cluster-understanding.html
Specifically:
Note: The redundant Ethernet interface LAG child links from each node in
the chassis cluster must be connected to a different LAG at the peer
devices. If a single peer switch is used to terminate the redundant
Ethernet interface LAG, two separate LAGs must be used in the switch.
From a single MX a single LAG should got to a single individual node from
the chassis cluster.
Can you paste the OSPF configs from each RI on the SRX and MX-B?
On 16 Jan 2014, at 2:51 pm, Samol wrote:
> what i'm doing is LACP (ae) from MX to LACP (reth) SRX where one link is
> on Node0 and another is on node1. both link on SRX are member of Reth.
>
> Admin@coolSRX# show interfaces reth1
> vlan-tagging;
> redundant-ether-options {
> redundancy-group 1;
> lacp {
> passive;
> periodic fast;
> }
> }
>
> {primary:node0}[edit]
> Admin@coolSRX# run show lacp interfaces reth1
> Aggregated interface: reth1
> LACP state: Role Exp Def Dist Col Syn Aggr Timeout
> Activity
> ge-0/0/4 ActorNoNo Yes Yes Yes Yes Fast
> Passive
> ge-0/0/4 PartnerNoNo Yes Yes Yes Yes Fast
> Active
> ge-9/0/4 ActorNoNo Yes Yes Yes Yes Fast
> Passive
> ge-9/0/4 PartnerNoNo Yes Yes Yes Yes Fast
> Active
> LACP protocol:Receive State Transmit State Mux State
> ge-0/0/4 Current Fast periodic Collecting
> distributing
> ge-9/0/4 Current Fast periodic Collecting
> distributing
>
> All interfaces are UP. Reth's on SRX are also up. ae interfaces on MX-A
> and B are also UP.
>
> Regards,
>
>
>
> 2014/1/16 Ben Dale
>
> On 16 Jan 2014, at 11:22 am, Samol wrote:
>>
>> I got OSPF neighbor UP for all neighbors (RI: OUTSIDE and INSIDE) but not
>> for Routing Instance (RI) INSIDE between SRX and MX-B. and If I shutdown
>> interface on SRX-B (secondary) that connecting MX, all OSPF neighbors are
>> UP.
>>
>
> Check it in layers:
> - is the reth interface on SRX-B definitely up when you have both links
> enabled
> show chassis cluster interfaces
> - is your LACP up between MX-B and the cluster - bearing in mind that you
> cannot have a single LAG between MX-B and your SRX (it will need to be a
> LAG to each cluster node)
> show lacp interfaces
> - if the neighbor is only down on one of the RIs, assuming you have a
> VLAN between t
Re: [j-nsp] OSPF neig / SRX cluster / LACP
Hi Aaron,
LACP is running on the reth interface and reth's are up. below is the
configuration:
Admin@coolSRX# show interfaces reth1
vlan-tagging;
redundant-ether-options {
redundancy-group 1;
lacp {
passive;
periodic fast;
}
}
this link was successful for this. http://cooperlees.com/blog/?p=401
2014/1/16 Aaron Dewell :
>
> reth interfaces are for failover not for bundle. You can use two LAGs within
> a reth interface (multiple interface on a single node in a LAG) but not
> across both. It's up (probably) because you aren't running LACP. If you
> turn on LACP, then various links will be down. I'm going to guess that's why
> the OSPF session from the right MX is down - because the MX is transmitting
> to the wrong node for that redundancy-group and it's being ignored.
>
> On Jan 15, 2014, at 11:52 PM, Samol wrote:
>> I can't access to the devices at the moment, but basically what we did
>> was under each routing instance, we just put the interfaces inside the
>> ospf area. very straight forward configuration of ospf. I have thought
>> of links LAG from MX should only connect to each node individually.
>> but it's interesting that LAG are running even though links are
>> connected two different nodes (this is for Reth interface). But I
>> tried to use AE interface on SRX cluster, the theory is true that we
>> can't bundle two links that land on different node. we just can't
>> commit. that is the reason we move to Reth.
>>
>>
>> Regards,
>>
>>
>>
>>
>> 2014/1/16 Ben Dale :
>>> I'm surprised that this is even working at all.
>>>
>>> http://www.juniper.net/techpubs/en_US/junos12.2/topics/concept/interface-security-aggregated-ethernet-lacp-chassis-cluster-understanding.html
>>>
>>> Specifically:
>>>
>>> Note: The redundant Ethernet interface LAG child links from each node in
>>> the chassis cluster must be connected to a different LAG at the peer
>>> devices. If a single peer switch is used to terminate the redundant
>>> Ethernet interface LAG, two separate LAGs must be used in the switch.
>>>
>>> From a single MX a single LAG should got to a single individual node from
>>> the chassis cluster.
>>>
>>> Can you paste the OSPF configs from each RI on the SRX and MX-B?
>>>
>>> On 16 Jan 2014, at 2:51 pm, Samol wrote:
>>>
what i'm doing is LACP (ae) from MX to LACP (reth) SRX where one link is
on Node0 and another is on node1. both link on SRX are member of Reth.
Admin@coolSRX# show interfaces reth1
vlan-tagging;
redundant-ether-options {
redundancy-group 1;
lacp {
passive;
periodic fast;
}
}
{primary:node0}[edit]
Admin@coolSRX# run show lacp interfaces reth1
Aggregated interface: reth1
LACP state: Role Exp Def Dist Col Syn Aggr Timeout
Activity
ge-0/0/4 ActorNoNo Yes Yes Yes Yes Fast
Passive
ge-0/0/4 PartnerNoNo Yes Yes Yes Yes Fast
Active
ge-9/0/4 ActorNoNo Yes Yes Yes Yes Fast
Passive
ge-9/0/4 PartnerNoNo Yes Yes Yes Yes Fast
Active
LACP protocol:Receive State Transmit State Mux State
ge-0/0/4 Current Fast periodic Collecting
distributing
ge-9/0/4 Current Fast periodic Collecting
distributing
All interfaces are UP. Reth's on SRX are also up. ae interfaces on MX-A
and B are also UP.
Regards,
2014/1/16 Ben Dale
On 16 Jan 2014, at 11:22 am, Samol wrote:
>
> I got OSPF neighbor UP for all neighbors (RI: OUTSIDE and INSIDE) but not
> for Routing Instance (RI) INSIDE between SRX and MX-B. and If I shutdown
> interface on SRX-B (secondary) that connecting MX, all OSPF neighbors are
> UP.
>
Check it in layers:
- is the reth interface on SRX-B definitely up when you have both links
enabled
show chassis cluster interfaces
- is your LACP up between MX-B and the cluster - bearing in mind that you
cannot have a single LAG between MX-B and your SRX (it will need to be a
LAG to each cluster node)
show lacp interfaces
- if the neighbor is only down on one of the RIs, assuming you have a VLAN
between the MX and the SRX to carry each RI - double check that the VLAN
is actually tagged on both LAGs between the two boxes
show bridge domain interface aex.0
Ben
--
Samol Khoeurn
(855) 077 55 64 02 / (855) 067 41 88 66
Network Engineer
Cisco: CCNA/CCNP SP/CCIP/
Juniper: JNCIA/JNCIS-ENT,SP,SEC/JNCIP-ENT
www.linkedin.com/in/samolkhoeurn
>>>
>>
>>
>>
>> --
>> Samol Khoeurn
>> (855) 077 55 64 02 / (855) 067 41 88 66
>> Network Engineer
>> Cisco: CCNA/CCNP SP/CCIP/
>> Juniper: JNCIA/JNCIS-EN
Re: [j-nsp] OSPF neig / SRX cluster / LACP
reth interfaces are for failover not for bundle. You can use two LAGs within a
reth interface (multiple interface on a single node in a LAG) but not across
both. It's up (probably) because you aren't running LACP. If you turn on
LACP, then various links will be down. I'm going to guess that's why the OSPF
session from the right MX is down - because the MX is transmitting to the wrong
node for that redundancy-group and it's being ignored.
On Jan 15, 2014, at 11:52 PM, Samol wrote:
> I can't access to the devices at the moment, but basically what we did
> was under each routing instance, we just put the interfaces inside the
> ospf area. very straight forward configuration of ospf. I have thought
> of links LAG from MX should only connect to each node individually.
> but it's interesting that LAG are running even though links are
> connected two different nodes (this is for Reth interface). But I
> tried to use AE interface on SRX cluster, the theory is true that we
> can't bundle two links that land on different node. we just can't
> commit. that is the reason we move to Reth.
>
>
> Regards,
>
>
>
>
> 2014/1/16 Ben Dale :
>> I'm surprised that this is even working at all.
>>
>> http://www.juniper.net/techpubs/en_US/junos12.2/topics/concept/interface-security-aggregated-ethernet-lacp-chassis-cluster-understanding.html
>>
>> Specifically:
>>
>> Note: The redundant Ethernet interface LAG child links from each node in the
>> chassis cluster must be connected to a different LAG at the peer devices. If
>> a single peer switch is used to terminate the redundant Ethernet interface
>> LAG, two separate LAGs must be used in the switch.
>>
>> From a single MX a single LAG should got to a single individual node from
>> the chassis cluster.
>>
>> Can you paste the OSPF configs from each RI on the SRX and MX-B?
>>
>> On 16 Jan 2014, at 2:51 pm, Samol wrote:
>>
>>> what i'm doing is LACP (ae) from MX to LACP (reth) SRX where one link is on
>>> Node0 and another is on node1. both link on SRX are member of Reth.
>>>
>>> Admin@coolSRX# show interfaces reth1
>>> vlan-tagging;
>>> redundant-ether-options {
>>>redundancy-group 1;
>>>lacp {
>>>passive;
>>>periodic fast;
>>>}
>>> }
>>>
>>> {primary:node0}[edit]
>>> Admin@coolSRX# run show lacp interfaces reth1
>>> Aggregated interface: reth1
>>>LACP state: Role Exp Def Dist Col Syn Aggr Timeout
>>> Activity
>>> ge-0/0/4 ActorNoNo Yes Yes Yes Yes Fast
>>> Passive
>>> ge-0/0/4 PartnerNoNo Yes Yes Yes Yes Fast
>>> Active
>>> ge-9/0/4 ActorNoNo Yes Yes Yes Yes Fast
>>> Passive
>>> ge-9/0/4 PartnerNoNo Yes Yes Yes Yes Fast
>>> Active
>>>LACP protocol:Receive State Transmit State Mux State
>>> ge-0/0/4 Current Fast periodic Collecting
>>> distributing
>>> ge-9/0/4 Current Fast periodic Collecting
>>> distributing
>>>
>>> All interfaces are UP. Reth's on SRX are also up. ae interfaces on MX-A and
>>> B are also UP.
>>>
>>> Regards,
>>>
>>>
>>>
>>> 2014/1/16 Ben Dale
>>>
>>> On 16 Jan 2014, at 11:22 am, Samol wrote:
I got OSPF neighbor UP for all neighbors (RI: OUTSIDE and INSIDE) but not
for Routing Instance (RI) INSIDE between SRX and MX-B. and If I shutdown
interface on SRX-B (secondary) that connecting MX, all OSPF neighbors are
UP.
>>>
>>> Check it in layers:
>>> - is the reth interface on SRX-B definitely up when you have both links
>>> enabled
>>> show chassis cluster interfaces
>>> - is your LACP up between MX-B and the cluster - bearing in mind that you
>>> cannot have a single LAG between MX-B and your SRX (it will need to be a
>>> LAG to each cluster node)
>>> show lacp interfaces
>>> - if the neighbor is only down on one of the RIs, assuming you have a VLAN
>>> between the MX and the SRX to carry each RI - double check that the VLAN is
>>> actually tagged on both LAGs between the two boxes
>>> show bridge domain interface aex.0
>>>
>>> Ben
>>>
>>>
>>>
>>> --
>>> Samol Khoeurn
>>> (855) 077 55 64 02 / (855) 067 41 88 66
>>> Network Engineer
>>> Cisco: CCNA/CCNP SP/CCIP/
>>> Juniper: JNCIA/JNCIS-ENT,SP,SEC/JNCIP-ENT
>>> www.linkedin.com/in/samolkhoeurn
>>>
>>
>
>
>
> --
> Samol Khoeurn
> (855) 077 55 64 02 / (855) 067 41 88 66
> Network Engineer
> Cisco: CCNA/CCNP SP/CCIP/
> Juniper: JNCIA/JNCIS-ENT,SP,SEC/JNCIP-ENT
> www.linkedin.com/in/samolkhoeurn
>
> ___
> juniper-nsp mailing list juniper-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] OSPF neig / SRX cluster / LACP
I can't access to the devices at the moment, but basically what we did
was under each routing instance, we just put the interfaces inside the
ospf area. very straight forward configuration of ospf. I have thought
of links LAG from MX should only connect to each node individually.
but it's interesting that LAG are running even though links are
connected two different nodes (this is for Reth interface). But I
tried to use AE interface on SRX cluster, the theory is true that we
can't bundle two links that land on different node. we just can't
commit. that is the reason we move to Reth.
Regards,
2014/1/16 Ben Dale :
> I'm surprised that this is even working at all.
>
> http://www.juniper.net/techpubs/en_US/junos12.2/topics/concept/interface-security-aggregated-ethernet-lacp-chassis-cluster-understanding.html
>
> Specifically:
>
> Note: The redundant Ethernet interface LAG child links from each node in the
> chassis cluster must be connected to a different LAG at the peer devices. If
> a single peer switch is used to terminate the redundant Ethernet interface
> LAG, two separate LAGs must be used in the switch.
>
> From a single MX a single LAG should got to a single individual node from the
> chassis cluster.
>
> Can you paste the OSPF configs from each RI on the SRX and MX-B?
>
> On 16 Jan 2014, at 2:51 pm, Samol wrote:
>
>> what i'm doing is LACP (ae) from MX to LACP (reth) SRX where one link is on
>> Node0 and another is on node1. both link on SRX are member of Reth.
>>
>> Admin@coolSRX# show interfaces reth1
>> vlan-tagging;
>> redundant-ether-options {
>> redundancy-group 1;
>> lacp {
>> passive;
>> periodic fast;
>> }
>> }
>>
>> {primary:node0}[edit]
>> Admin@coolSRX# run show lacp interfaces reth1
>> Aggregated interface: reth1
>> LACP state: Role Exp Def Dist Col Syn Aggr Timeout
>> Activity
>> ge-0/0/4 ActorNoNo Yes Yes Yes Yes Fast
>> Passive
>> ge-0/0/4 PartnerNoNo Yes Yes Yes Yes Fast
>> Active
>> ge-9/0/4 ActorNoNo Yes Yes Yes Yes Fast
>> Passive
>> ge-9/0/4 PartnerNoNo Yes Yes Yes Yes Fast
>> Active
>> LACP protocol:Receive State Transmit State Mux State
>> ge-0/0/4 Current Fast periodic Collecting
>> distributing
>> ge-9/0/4 Current Fast periodic Collecting
>> distributing
>>
>> All interfaces are UP. Reth's on SRX are also up. ae interfaces on MX-A and
>> B are also UP.
>>
>> Regards,
>>
>>
>>
>> 2014/1/16 Ben Dale
>>
>> On 16 Jan 2014, at 11:22 am, Samol wrote:
>> >
>> > I got OSPF neighbor UP for all neighbors (RI: OUTSIDE and INSIDE) but not
>> > for Routing Instance (RI) INSIDE between SRX and MX-B. and If I shutdown
>> > interface on SRX-B (secondary) that connecting MX, all OSPF neighbors are
>> > UP.
>> >
>>
>> Check it in layers:
>> - is the reth interface on SRX-B definitely up when you have both links
>> enabled
>> show chassis cluster interfaces
>> - is your LACP up between MX-B and the cluster - bearing in mind that you
>> cannot have a single LAG between MX-B and your SRX (it will need to be a
>> LAG to each cluster node)
>> show lacp interfaces
>> - if the neighbor is only down on one of the RIs, assuming you have a VLAN
>> between the MX and the SRX to carry each RI - double check that the VLAN is
>> actually tagged on both LAGs between the two boxes
>> show bridge domain interface aex.0
>>
>> Ben
>>
>>
>>
>> --
>> Samol Khoeurn
>> (855) 077 55 64 02 / (855) 067 41 88 66
>> Network Engineer
>> Cisco: CCNA/CCNP SP/CCIP/
>> Juniper: JNCIA/JNCIS-ENT,SP,SEC/JNCIP-ENT
>> www.linkedin.com/in/samolkhoeurn
>>
>
--
Samol Khoeurn
(855) 077 55 64 02 / (855) 067 41 88 66
Network Engineer
Cisco: CCNA/CCNP SP/CCIP/
Juniper: JNCIA/JNCIS-ENT,SP,SEC/JNCIP-ENT
www.linkedin.com/in/samolkhoeurn
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] OSPF neig / SRX cluster / LACP
I'm surprised that this is even working at all.
http://www.juniper.net/techpubs/en_US/junos12.2/topics/concept/interface-security-aggregated-ethernet-lacp-chassis-cluster-understanding.html
Specifically:
Note: The redundant Ethernet interface LAG child links from each node in the
chassis cluster must be connected to a different LAG at the peer devices. If a
single peer switch is used to terminate the redundant Ethernet interface LAG,
two separate LAGs must be used in the switch.
>From a single MX a single LAG should got to a single individual node from the
>chassis cluster.
Can you paste the OSPF configs from each RI on the SRX and MX-B?
On 16 Jan 2014, at 2:51 pm, Samol wrote:
> what i'm doing is LACP (ae) from MX to LACP (reth) SRX where one link is on
> Node0 and another is on node1. both link on SRX are member of Reth.
>
> Admin@coolSRX# show interfaces reth1
> vlan-tagging;
> redundant-ether-options {
> redundancy-group 1;
> lacp {
> passive;
> periodic fast;
> }
> }
>
> {primary:node0}[edit]
> Admin@coolSRX# run show lacp interfaces reth1
> Aggregated interface: reth1
> LACP state: Role Exp Def Dist Col Syn Aggr Timeout
> Activity
> ge-0/0/4 ActorNoNo Yes Yes Yes Yes Fast
> Passive
> ge-0/0/4 PartnerNoNo Yes Yes Yes Yes Fast
> Active
> ge-9/0/4 ActorNoNo Yes Yes Yes Yes Fast
> Passive
> ge-9/0/4 PartnerNoNo Yes Yes Yes Yes Fast
> Active
> LACP protocol:Receive State Transmit State Mux State
> ge-0/0/4 Current Fast periodic Collecting
> distributing
> ge-9/0/4 Current Fast periodic Collecting
> distributing
>
> All interfaces are UP. Reth's on SRX are also up. ae interfaces on MX-A and B
> are also UP.
>
> Regards,
>
>
>
> 2014/1/16 Ben Dale
>
> On 16 Jan 2014, at 11:22 am, Samol wrote:
> >
> > I got OSPF neighbor UP for all neighbors (RI: OUTSIDE and INSIDE) but not
> > for Routing Instance (RI) INSIDE between SRX and MX-B. and If I shutdown
> > interface on SRX-B (secondary) that connecting MX, all OSPF neighbors are
> > UP.
> >
>
> Check it in layers:
> - is the reth interface on SRX-B definitely up when you have both links
> enabled
> show chassis cluster interfaces
> - is your LACP up between MX-B and the cluster - bearing in mind that you
> cannot have a single LAG between MX-B and your SRX (it will need to be a LAG
> to each cluster node)
> show lacp interfaces
> - if the neighbor is only down on one of the RIs, assuming you have a VLAN
> between the MX and the SRX to carry each RI - double check that the VLAN is
> actually tagged on both LAGs between the two boxes
> show bridge domain interface aex.0
>
> Ben
>
>
>
> --
> Samol Khoeurn
> (855) 077 55 64 02 / (855) 067 41 88 66
> Network Engineer
> Cisco: CCNA/CCNP SP/CCIP/
> Juniper: JNCIA/JNCIS-ENT,SP,SEC/JNCIP-ENT
> www.linkedin.com/in/samolkhoeurn
>
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] OSPF neig / SRX cluster / LACP
Depending on how you have your redundancy groups set up, only the active links will be active at any given time. That means that the mxs won't see two links active, they will see one each. So you should have two adjacencies on the srx and one on each mx in this scenario. Lacp would only be useful with multiple links between the mx and the same srx node. It does not help for failover between the two srx cluster members. I'm not sure this works in quite the way you are expecting. On Jan 15, 2014 7:32 PM, "Samol" wrote: > Hi Experts, > > I'm running out of idea what else to try. I think it has something to do > with clustering on SRX that makes ospf neigh never comes up. Let me explain > you the scenario, I have two SRXs and two MXs. The two SRXs are clustered > and two routing instances there, INSIDE and OUTSIDE. both MXs are also > having two RI, INSIDE and OUTSIDE. RI OUSIDE on SRX connect to OUSIDE RI on > MX. We got the physical connectivity like this : > > MX-A---SRX-A--MX-B > MX-A---SRX-B--MX-B > > We basically have 4 ospf neig. LACP are between MX-A and SRX clustering , > same to MX-B and SRX cluster. > > MX-A INSIDE(irb)--(reth)INSIDE SRX > OUTSIDE(reth)(irb)MX-B OUTSIDE > > MX-B INSIDE(irb)--(reth)INSIDE SRX > OUTSIDE(reth)(irb)MX-A OUTSIDE > > I got OSPF neighbor UP for all neighbors (RI: OUTSIDE and INSIDE) but not > for Routing Instance (RI) INSIDE between SRX and MX-B. and If I shutdown > interface on SRX-B (secondary) that connecting MX, all OSPF neighbors are > UP. > > Has anyone experience this ? I believe this must be caused by some features > on SRX clustering things like LACP on Reth interfaces or so. > > would very appreciate for any comment. > > > -- > Samol Khoeurn > (855) 077 55 64 02 / (855) 067 41 88 66 > Network Engineer > Cisco: CCNA/CCNP SP/CCIP/ > Juniper: JNCIA/JNCIS-ENT,SP,SEC/JNCIP-ENT > www.linkedin.com/in/samolkhoeurn > ___ > juniper-nsp mailing list juniper-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/juniper-nsp > ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] OSPF neig / SRX cluster / LACP
Yup, one link from each node connect to MX-B. then these two link are member of reth. and another one link from each node to MX-A creating another reth. 2014/1/16 Morgan McLean > You're not trying to use lacp with two srx nodes at once right? > > > On Wednesday, January 15, 2014, Samol wrote: > >> Hi Experts, >> >> I'm running out of idea what else to try. I think it has something to do >> with clustering on SRX that makes ospf neigh never comes up. Let me >> explain >> you the scenario, I have two SRXs and two MXs. The two SRXs are clustered >> and two routing instances there, INSIDE and OUTSIDE. both MXs are also >> having two RI, INSIDE and OUTSIDE. RI OUSIDE on SRX connect to OUSIDE RI >> on >> MX. We got the physical connectivity like this : >> >> MX-A---SRX-A--MX-B >> MX-A---SRX-B--MX-B >> >> We basically have 4 ospf neig. LACP are between MX-A and SRX clustering , >> same to MX-B and SRX cluster. >> >> MX-A INSIDE(irb)--(reth)INSIDE SRX >> OUTSIDE(reth)(irb)MX-B OUTSIDE >> >> MX-B INSIDE(irb)--(reth)INSIDE SRX >> OUTSIDE(reth)(irb)MX-A OUTSIDE >> >> I got OSPF neighbor UP for all neighbors (RI: OUTSIDE and INSIDE) but not >> for Routing Instance (RI) INSIDE between SRX and MX-B. and If I shutdown >> interface on SRX-B (secondary) that connecting MX, all OSPF neighbors are >> UP. >> >> Has anyone experience this ? I believe this must be caused by some >> features >> on SRX clustering things like LACP on Reth interfaces or so. >> >> would very appreciate for any comment. >> >> >> -- >> Samol Khoeurn >> (855) 077 55 64 02 / (855) 067 41 88 66 >> Network Engineer >> Cisco: CCNA/CCNP SP/CCIP/ >> Juniper: JNCIA/JNCIS-ENT,SP,SEC/JNCIP-ENT >> www.linkedin.com/in/samolkhoeurn >> ___ >> juniper-nsp mailing list juniper-nsp@puck.nether.net >> https://puck.nether.net/mailman/listinfo/juniper-nsp >> > > > -- > Thanks, > Morgan > > -- Samol Khoeurn (855) 077 55 64 02 / (855) 067 41 88 66 Network Engineer Cisco: CCNA/CCNP SP/CCIP/ Juniper: JNCIA/JNCIS-ENT,SP,SEC/JNCIP-ENT www.linkedin.com/in/samolkhoeurn ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] OSPF neig / SRX cluster / LACP
On 16 Jan 2014, at 11:22 am, Samol wrote: > > I got OSPF neighbor UP for all neighbors (RI: OUTSIDE and INSIDE) but not > for Routing Instance (RI) INSIDE between SRX and MX-B. and If I shutdown > interface on SRX-B (secondary) that connecting MX, all OSPF neighbors are > UP. > Check it in layers: - is the reth interface on SRX-B definitely up when you have both links enabled show chassis cluster interfaces - is your LACP up between MX-B and the cluster - bearing in mind that you cannot have a single LAG between MX-B and your SRX (it will need to be a LAG to each cluster node) show lacp interfaces - if the neighbor is only down on one of the RIs, assuming you have a VLAN between the MX and the SRX to carry each RI - double check that the VLAN is actually tagged on both LAGs between the two boxes show bridge domain interface aex.0 Ben ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] OSPF neig / SRX cluster / LACP
You're not trying to use lacp with two srx nodes at once right? On Wednesday, January 15, 2014, Samol wrote: > Hi Experts, > > I'm running out of idea what else to try. I think it has something to do > with clustering on SRX that makes ospf neigh never comes up. Let me explain > you the scenario, I have two SRXs and two MXs. The two SRXs are clustered > and two routing instances there, INSIDE and OUTSIDE. both MXs are also > having two RI, INSIDE and OUTSIDE. RI OUSIDE on SRX connect to OUSIDE RI on > MX. We got the physical connectivity like this : > > MX-A---SRX-A--MX-B > MX-A---SRX-B--MX-B > > We basically have 4 ospf neig. LACP are between MX-A and SRX clustering , > same to MX-B and SRX cluster. > > MX-A INSIDE(irb)--(reth)INSIDE SRX > OUTSIDE(reth)(irb)MX-B OUTSIDE > > MX-B INSIDE(irb)--(reth)INSIDE SRX > OUTSIDE(reth)(irb)MX-A OUTSIDE > > I got OSPF neighbor UP for all neighbors (RI: OUTSIDE and INSIDE) but not > for Routing Instance (RI) INSIDE between SRX and MX-B. and If I shutdown > interface on SRX-B (secondary) that connecting MX, all OSPF neighbors are > UP. > > Has anyone experience this ? I believe this must be caused by some features > on SRX clustering things like LACP on Reth interfaces or so. > > would very appreciate for any comment. > > > -- > Samol Khoeurn > (855) 077 55 64 02 / (855) 067 41 88 66 > Network Engineer > Cisco: CCNA/CCNP SP/CCIP/ > Juniper: JNCIA/JNCIS-ENT,SP,SEC/JNCIP-ENT > www.linkedin.com/in/samolkhoeurn > ___ > juniper-nsp mailing list juniper-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/juniper-nsp > -- Thanks, Morgan ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] OSPF neig / SRX cluster / LACP
Hi Experts, I'm running out of idea what else to try. I think it has something to do with clustering on SRX that makes ospf neigh never comes up. Let me explain you the scenario, I have two SRXs and two MXs. The two SRXs are clustered and two routing instances there, INSIDE and OUTSIDE. both MXs are also having two RI, INSIDE and OUTSIDE. RI OUSIDE on SRX connect to OUSIDE RI on MX. We got the physical connectivity like this : MX-A---SRX-A--MX-B MX-A---SRX-B--MX-B We basically have 4 ospf neig. LACP are between MX-A and SRX clustering , same to MX-B and SRX cluster. MX-A INSIDE(irb)--(reth)INSIDE SRX OUTSIDE(reth)(irb)MX-B OUTSIDE MX-B INSIDE(irb)--(reth)INSIDE SRX OUTSIDE(reth)(irb)MX-A OUTSIDE I got OSPF neighbor UP for all neighbors (RI: OUTSIDE and INSIDE) but not for Routing Instance (RI) INSIDE between SRX and MX-B. and If I shutdown interface on SRX-B (secondary) that connecting MX, all OSPF neighbors are UP. Has anyone experience this ? I believe this must be caused by some features on SRX clustering things like LACP on Reth interfaces or so. would very appreciate for any comment. -- Samol Khoeurn (855) 077 55 64 02 / (855) 067 41 88 66 Network Engineer Cisco: CCNA/CCNP SP/CCIP/ Juniper: JNCIA/JNCIS-ENT,SP,SEC/JNCIP-ENT www.linkedin.com/in/samolkhoeurn ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
