Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

Unable to pass traffic between SSG and M7 router when configured for Multilink PPP

0

0

Article ID: KB11165 KB Last Updated: 23 May 2011Version: 6.0
Summary:
Unable to pass traffic between SSG and M7 router when configured for Multilink PPP.
Symptoms:
SSG firewall and M7 router is configured for Multilink PPP, bundling 2 serial interfaces. The physical and logical link come up fine on the serial interface of both the firewall and the router; however one is not able to ping the Multilink interface IP in either direction or pass any traffic.

Following is the SSG debug output (debug flow basic, snoop, and debug ppp, debug ml all, debug interface basic) showing the ICMP packet sent out from the SSG to the M7 router. The M7 router replies back but the decapsulation process fails on the SSG.
****** 00438.0: <Self/self> packet received [128]******
  ipid = 1235(04d3), @0233de84
flow_self_vector2: send pack with current vid =0, enc_size:0
  processing packet through normal path.
  packet passed sanity check.
  self:1.1.1.1/2100->1.1.1.2/1024,1(8/0)<Root>
  no session found
  created new session from self  8062
  policy id = 1(Permit), tunnel = 0
  search route to (null, 0.0.0.0->1.1.1.2) in vr trust-vr for
vsd-0/flag-2000/ifp-ml1
  [ Dest] 5.route 1.1.1.2->1.1.1.2, to ml1
  routed 1.1.1.2 next hop 1.1.1.2, from self
  existing vector list 0-3160540.
  processing packet from self
  flow_first_install_session======>
  route to 1.1.1.2
  serial or adsl or ml if, nsp ready.
  nsp2 wing prepared, ready
  flow got session.
  flow session id 8062
  skip ttl adjust for packet from self.
  send out through normal path.
  flow_ip_send: 04d3:1.1.1.1->1.1.1.2,1 => ml1(128) flag 0x200080, vlan 0
## 2007-05-14 05:25:44 : ml1, start to encap ppp data pak for serial port
## 2007-05-14 05:25:44 : ppp encap IP packet.
  Send to ml1 (130)
00438.0: ml1(o) len=130:
              1.1.1.1 -> 1.1.1.2/1
              vhl=45, tos=00, id=1235, frag=0000, ttl=64 tlen=128
              icmp:type=8, code=0

## 2007-05-14 05:25:44 :  serial2/0, ppp serial decap process the data pak,
proto 0x3d
## 2007-05-14 05:25:44 : serial2/0 finds pak with mlppp header
## 2007-05-14 05:25:44 : serial2/0 finds pak with mlppp header
## 2007-05-14 05:25:44 :  ml1, ppp serial decap process the data pak, proto
0x2145
## 2007-05-14 05:25:44 :  ml1, ppp control panel take the pak.
See the below output from debug mll all and debug ppp all
## 2010-12-08 14:14:01 : ml1, ppp serial decap process the data pak, proto 0x2145 ## 2010-12-08 14:14:01 : ml1, ppp control panel take the pak.
## 2010-12-08 14:14:01 : [PPPRECV]:(ml1) ppp_get_input:(ppp 0x44e3c60/lolayer 0x43eb1a4): received len 41:
21:45:0:0:28:d:31:40:0:34:6:d:74:42:5e:e9:bb:d8:8e:27:83:0:50:b5:5e:43:83:28:89:21:49:6e:d3:50:11:0:36:d1:9a:0:0:
## 2010-12-08 14:14:01 : RECV DECODE:(ml1) [proto=0x2145] 00 00 28 0d 31 40 00 34 06 0d 74 42 5e e9 bb d8 8e 27 83 00 50 b5 5e 43 83 28 89 21 49 6e d3 50 11 00 36 d1 9a 00 00

>> the protocol should be 0x0021, not 0x2145.

The Ncp will never come up and you will see something like below output in the debug.
## 2010-12-08 14:14:03 : SEND DECODE:( serial2/0( in ml1 ) ) ***[LCP EchoReq 0d 79 97 e4]***
## 2010-12-08 14:14:03 : serial2/0( in ml1 ) , link_established: ppp 0x44e67b0, ppp->lolayer 0x3fa4aac, Entered, auth_req 0, go->neg_chap 0, go->neg_upap 0
## 2010-12-08 14:14:03 : network_phase: Entered, ppp 0x44e67b0, ppp->lolayer 0x3fa4aac
## 2010-12-08 14:14:03 : serial2/0( in ml1 ) , compare ID with serial1/0( in ml1 ) , ep-ret 1, name-ret 0
## 2010-12-08 14:14:03 : serial2/0( in ml1 ) , completes joining bundle, bundle phase 3, active 2, member 2
## 2010-12-08 14:14:03 : serial2/0 joins bundle ml1 successfully
## 2010-12-08 14:14:03 : serial2/0 l2 status[L2APP_ID_PROTOCOL] changed to UP
## 2010-12-08 14:14:03 : serial2/0 l2 real status changed from DOWN to UP
## 2010-12-08 14:14:03 : serial2/0 l2_status is UP (to update the soft link status)
## 2010-12-08 14:14:03 : serial2/0 phy link is 1, soft_link 0, is vsi 0
## 2010-12-08 14:14:03 : serial2/0 soft link changed to 4
## 2010-12-08 14:14:03 : bundle member serial2/0( in ml1 ) is LCP-UP but does not bring up NCP


 
Solution:
The problem is due to the default MLPPP compression settings set on the Junos M7 router. SSG does not support compression on the MLPPP interface and thus the traffic cannot be passed.

To disable the compression on the JUNOS M7 router, go in to the MLPPP interface instance and add the following command:
disable-mlppp-inner-ppp-pfc
This will turn off the compression on the M7 router and the traffic will pass fine.

Make sure that the peer device is not configured with compression settings. Run the debugs to confirm and if you found the messages in the debugs as mentioned above, then disable the compression settings on the peer device.

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search