Support Support Downloads Knowledge Base Service Request Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[SRX] Unable to access management IP of the primary node in a chassis cluster with only backup-router setting

0

0

Article ID: KB31029 KB Last Updated: 04 Mar 2017Version: 2.0
Summary:

This article describes the issue of being from an external subnet and unable to access the management IP on the fxp0 interface of the primary node in a chassis cluster with only the backup-router setting. This behavior is expected and works this way by design.

Symptoms:

From an external subnet, unable to access the management IP on the fxp0 interface of the primary node in a chassis cluster if only with backup-router setting.

set groups node0 system host-name SRX-220-1
set groups node0 system backup-router 192.168.10.254
set groups node0 system backup-router destination 10.1.1.0/24
<-- Only setting backup-router without setting static route to 10.1.1.0/24
set groups node0 interfaces fxp0 unit 0 family inet address 192.168.10.1/24
set groups node1 system host-name SRX-220-2
set groups node1 system backup-router 192.168.10.254
set groups node1 system backup-router destination 10.1.1.0/24
set groups node1 interfaces fxp0 unit 0 family inet address 192.168.10.2/24
set apply-groups "$ "
commit

{primary:node0}[edit]
root@SRX# run show route forwarding-table node 0 | match 10.1.1.0
<-- No route information in Node 0(Primary node)
{primary:node0}[edit]
root@SRX# run show route forwarding-table node 1 | match 10.1.1.0
<--Backup-router information will be added in forwarding-table of Node1(Secondary node)
10.1.1.0/24 user 0 192.168.10.254 ucst 331 2 fxp0.0

After reboot node0, then reboot node1(To make sure node0 keeping working as primary node)

{primary:node0}
root@SRX> show route forwarding-table node 0 | match 10.1.1.0
10.1.1.0/24 user 0 192.168.10.254 ucst 324 2 fxp0.0
<--At first, the route information can be seen.
{primary:node0}[edit]
root@SRX# run show route forwarding-table | match 10.1.1.0
<--After a few minutes, the route information disappeared.
Cause:

This is due to the primary node. When the router is booting, the RPD (Routing Protocol Process) is not running. Therefore, the router has no static or default routes. To allow the router to boot and ensure that the router is reachable over the network if the routing protocol process fails to start properly, you configure a backup router.

Solution:

This is an expected behavior and works as designed. To have the address remain in these tables, configure a static route for that address by including the static statement at the [edit routing-options] hierarchy level.

set routing-options static route 10.1.1.0/32 next-hop 192.168.10.254
commit

{primary:node0}[edit]
root@SRX# run show route forwarding-table | match 10.1.1.0
10.1.1.0/32 user 0 192.168.10.254 ucst 324 3 fxp0.0
<--Here, we can always see the route to 10.1.1.0/24 in primary node.

Related Links

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Security Alerts and Vulnerabilities

Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search