Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[EOL/EOE] Traffic fails after upgrading to Junos OS 11.4 because of routing instance detection

0

0

Article ID: KB28132 KB Last Updated: 05 Jan 2021Version: 3.0
Summary:

Note: A product listed in this article has either reached hardware End of Life (EOL) OR software End of Engineering (EOE). Refer to End of Life Products & Milestones for the EOL, EOE, and End of Support (EOS) dates.



Customer configures a routing instance without instance type. This configuration works in Junos OS 10.4, but after upgrading to Junos OS 11.4, some packets cannot pass through SRX. Downgrade to Junos OS 10.4 to resolve this issue.

Symptoms:

Customer upgrades SRX from Junos OS 10.4 to 11.4. During initial bootup, the following error message displays:

#############################################################
Loading configuration ...
Logical System Daemon: [edit routing-instances]
Logical System Daemon: 'test'
Logical System Daemon: cannot get ri type
mgd: error: configuration check-out failed
Warning: Commit failed, activating partial configuration.
Warning: Edit the router configuration to fix these errors.
#############################################################

In /var/log/messages, we can see "kernel: Warning: Commit failed, activating partial configuration".

When this happens, we can see the following influence.

  1. Some traffic fails to pass through SRX

  2. Log in /var/log is disordered.

  3. It takes over 30 minutes for coldsync to finish if SRX is in a cluster.
Solution:

Junos OS 11.2  added strict checking for routing-instance type. Without the instance-type configured, policy installation may fail because of routing-instance checking. Policy installation does not commit in packet forwarding engine (PFE) side and causes traffic drop. It may also influence other configuration work. After configuring a proper routing instance type, this issue is resolved. Please use validate during SRX upgrade in order to avoid this issue.

{primary:node0}[edit]
root@SRX5800-A# show routing-instances 
    test {
        instance-type virtual-router;
        interface reth0.620;
        interface reth2.626;
        routing-options {
            static {
                route 10.0.11.0/24 next-hop 10.3.3.3;
                route 10.4.11.0/24 next-hop 10.3.4.3;
            }
        }
    }

Modification History:
2021-01-01: Tagged article for EOL/EOE.
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search