Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[M/MX/T-series] Same subnet under two different interfaces or under the same interface

0

0

Article ID: KB24928 KB Last Updated: 31 Aug 2017Version: 2.0
Summary:

This article describes the possibility of assigning the same subnet under two separate physical interfaces or under the same interface.

Symptoms:

Scenario A:

When assigning the same subnet to two different interfaces, Junos will allow you to commit.

The following example is a testing topology in which the usage of the same subnet in two interfaces will be an issue.

Router R1 connects to R2 over 2 interfaces

ge-1/2/3------ge-2/3/1
ge-1/3/9------ge-2/3/9
Configuration:
lab@R1# show interfaces ge-1/2/3
unit 0 {
    family inet {
        address 10.1.1.1/24;
    }
}

[edit]
lab# show interfaces ge-1/3/9
unit 0 {
    family inet {
        address 10.1.1.10/24;
    }
}

[edit]
lab@R2# show interfaces ge-2/3/1
unit 0 {
    family inet {
        address 10.1.1.2/24;
    }
}

[edit]
lab@MX-240# show interfaces ge-2/3/9
unit 0 {
    family inet {
        address 10.1.1.11/24;
    }
}

As you can see, the same subnet has been assigned to two interfaces in both R1 and R2, which causes the routing table to look like the following:

lab@R1# run show route 10.1.1.0

inet.0: 6 destinations, 7 routes (6 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

10.1.1.0/24 *[Direct/0] 00:12:37
> via ge-1/2/3.0
[Direct/0] 00:11:36
> via ge-1/3/9.0

ARP requests to the 10.1.1.0 subnet will only be sent via ge-1/2/3.0; so traffic to 10.1.1.11 will fail:

lab@R1# run monitor traffic interface ge-1/2/3
verbose output suppressed, use <detail> or <extensive> for full protocol decode
Address resolution is ON. Use <no-resolve> to avoid any reverse lookup delay.
Address resolution timeout is 4s.
Listening on ge-1/2/3, capture size 96 bytes

Reverse lookup for 10.1.1.11 failed (check DNS reachability).
Other reverse lookup failures will not be reported.
Use <no-resolve> to avoid reverse lookups on IP addresses.

23:40:21.442652 Out arp who-has 10.1.1.11 tell 10.1.1.1
23:40:22.142648 Out arp who-has 10.1.1.11 tell 10.1.1.1
23:40:22.742634 Out arp who-has 10.1.1.11 tell 10.1.1.1
23:40:23.342627 Out arp who-has 10.1.1.11 tell 10.1.1.1
^C
4 packets received by filter
0 packets dropped by kernel

lab@R1# run ping 10.1.1.11
PING 10.1.1.11 (10.1.1.11): 56 data bytes
^C
--- 10.1.1.11 ping statistics ---
65 packets transmitted, 0 packets received, 100% packet loss

 

Scenario B:

When assigning the same subnet to the same interface, Junos will also allow you to commit. There is no issue under this scenario because it does not exist either with the wrong route next hop or with the wrong ARP communication at the same interface (at the same IFL).

Cause:

Scenario A: Same subnet addresses on these two different interfaces

  • Packets to the destination will drop due to the same subnet being in multiple interfaces.

  • Exporting a load balance per-packet policy will also not resolve this issue, as hashing is based on different flows.

Scenario B: same subnet addresses at the same interface

  • no issue with that configuration.

Solution:

Currently, Junos will not fail commit when it detects the same subnet on two different interfaces or at the same interface. However, Junos will display warning messages in the log file:

scenario-a:

Jun 15 23:26:52 dcd[3376]: Warning: identical subnet address 10.1.1/24 is found on default route instance, intf: ge-1/3/9.0, family type: inet

--------------
Scenario-b:

Aug 31 15:21:46  router dcd[2110]: %DAEMON-4-DCD_PARSE_WARN_IDENTICAL_SUBNET: Warning: identical subnet address 10.2.155/24 is found on route instance default, intf xe-3/0/0.501, family inet ‚Äč


---------------

For scenario A, to avoid this issue, it is recommended not to use the same subnet on two different interfaces.
For scenario B,  these waring messages can be ignored.

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search