[QFX] Syslog server not working when em0 interface is part of mgmt_junos routing instance

  [KB34896] Show Article Properties


Summary:

Starting with Junos OS Release 17.3R1, you can confine the management interface (em0) in a non-default virtual routing and forwarding (VRF) instance, the mgmt_junos routing instance.

However, when the em0 management interface is configured to be part of the mgmt_junos routing instance with the following configuration and when the source IP address for the syslog server is the IRB's IP address, which is part of the default net.0 table, then the syslog server does not work.

This article explains why the syslog server may not work when IRB is used as the source IP address and the em0 interface is configured with a non-default routing instance.

Symptoms:

For example, the em0 management interface is configured to be part of the mgmt_junos routing instance as follows:

set system management-instance

Lab Topology

Qfx5100 (ge-0/0/6) ---------------------------- Syslog (VM)

QFX5100

  • Irb.444 - 172.16.10.1 (inet.0)

  • VM - 172.16.10.10 (syslog server)

QFX5100 syslog configuration

set system syslog host 172.16.10.10 any notice
set system syslog host 172.16.10.10 authorization any
set system syslog host 172.16.10.10 change-log any
set system syslog host 172.16.10.10 interactive-commands any
set system syslog host 172.16.10.10 allow-duplicates
set system syslog host 172.16.10.10 port 514
set system syslog host 172.16.10.10 facility-override local6
set system syslog host 172.16.10.10 log-prefix qfx
set system syslog host 172.16.10.10 source-address 172.16.10.1 >>>>>> Used IRB.444 IP address instead of management em0 IP

As shown above, when the em0 port is moved to the mgmt_junos routing instance, the syslog server stops working. If the set system management-instance configuration is removed, then the syslog server starts working again.

Cause:

On the QFX5100 device, when IRB is used as the source IP address for the syslog server and if set system management-instance is enabled, it puts the em0 management interface in the “mgmt._junos.inet.0” routing instance.

However, despite the above setup, the syslog messages still exit by using the em0 interface instead of the expected IRB interface through which the syslog server is now reachable.

When you monitor the em0 port in a non-working scenario:

{master:0}[edit]
root@qfx# run monitor traffic interface em0.0 no-resolve
Jan 30 19:47:50
verbose output suppressed, use <detail> or <extensive> for full protocol decode
Address resolution is OFF.
Listening on em0.0, capture size 96 bytes
 
19:47:56.164922  In STP 802.1w, Rapid STP, Flags [Learn, Forward], bridge-id 8000.5c:45:27:dd:27:41.821a, length 43
19:47:56.489449  In IP 10.219.41.194 > 224.0.0.18: VRRPv2-advertisement 20: vrid=20 prio=128 authtype=none intvl=1
19:47:57.322399  In IP 10.219.41.194 > 224.0.0.18: VRRPv2-advertisement 20: vrid=20 prio=128 authtype=none intvl=1
19:47:58.058967  In STP 802.1w, Rapid STP, Flags [Learn, Forward], bridge-id 8000.5c:45:27:dd:27:41.821a, length 43
19:47:58.102350  In IP 10.219.41.194 > 224.0.0.18: VRRPv2-advertisement 20: vrid=20 prio=128 authtype=none intvl=1
19:47:59.084149  In IP 10.219.41.194 > 224.0.0.18: VRRPv2-advertisement 20: vrid=20 prio=128 authtype=none intvl=1
19:47:59.199588 Out IP truncated-ip - 95 bytes missing! 172.16.10.1.514 > 172.16.10.10.514: SYSLOG local6.info, length: 127 >>>>> Syslog packet is sent out on em0 interface instead of ge-0/0/6 interface.
19:47:59.852979  In IP 10.219.41.194 > 224.0.0.18: VRRPv2-advertisement 20: vrid=20 prio=128 authtype=none intvl=1

Solution:

As a workaround, leak the inet.0 route to mgmt._junos.inet.0 by using routing information base (RIB) groups. Following this, syslog from QFX5100 will be sent via the IRB/Layer2 connected interfaces.

With RIB group configuration and leaking the inet.0 route to the mgmt._junos.inet.0 table, the above problem is resolved as shown:

Configuration Changes

set routing-options interface-routes rib-group inet master-to-vr
set routing-options rib-groups master-to-vr import-rib [ inet.0 mgmt_junos.inet.0 ]  
root@qfx# run show route
Jan 30 19:51:54
 
inet.0: 2 destinations, 2 routes (2 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
 
172.16.10.0/24     *[Direct/0] 00:10:03
                    > via irb.444
172.16.10.1/32     *[Local/0] 00:10:03
                      Local via irb.444
 
mgmt_junos.inet.0: 5 destinations, 5 routes (5 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
 
0.0.0.0/0          *[Static/5] 1w0d 21:08:20
                    > to 10.219.41.193 via em0.0
10.219.41.192/26   *[Direct/0] 1w0d 21:08:20
                    > via em0.0
10.219.41.250/32   *[Local/0] 1w0d 21:08:20
                      Local via em0.0
172.16.10.0/24     *[Direct/0] 00:00:03 >>>>>>>>>>>>>>>>>>>>>>>
                    > via irb.444
172.16.10.1/32     *[Local/0] 00:00:03
                      Local via irb.444

ge-0/0/6: Syslog packet sent out on this port

root@qfx# run monitor traffic interface ge-0/0/6 no-resolve
Jan 30 19:52:42
verbose output suppressed, use <detail> or <extensive> for full protocol decode
Address resolution is OFF.
Listening on ge-0/0/6, capture size 96 bytes
 
19:52:44.898975  In IP truncated-ip - 48 bytes missing! 172.16.10.10.50676 > 172.16.10.1.22: P 3204089081:3204089145(64) ack 3972777026 win 251
19:52:44.899279 Out IP truncated-ip - 86 bytes missing! 172.16.10.1.22 > 172.16.10.10.50676: P 1:97(96) ack 64 win 32850
19:52:44.899441 Out IP truncated-ip - 70 bytes missing! 172.16.10.1.22 > 172.16.10.10.50676: P 97:177(80) ack 64 win 32850
19:52:44.909952  In IP 172.16.10.10.50676 > 172.16.10.1.22: . ack 177 win 256
19:52:45.472973  In IP truncated-ip - 48 bytes missing! 172.16.10.10.50676 > 172.16.10.1.22: P 64:128(64) ack 177 win 256
19:52:45.473290 Out IP truncated-ip - 102 bytes missing! 172.16.10.1.22 > 172.16.10.10.50676: P 177:289(112) ack 128 win 32850
19:52:45.692953  In IP 172.16.10.10.50676 > 172.16.10.1.22: . ack 289 win 256
19:52:45.846947  In IP truncated-ip - 48 bytes missing! 172.16.10.10.50676 > 172.16.10.1.22: P 128:192(64) ack 289 win 256
19:52:45.848637 Out IP truncated-ip - 54 bytes missing! 172.16.10.1.22 > 172.16.10.10.50676: P 289:353(64) ack 192 win 32850
19:52:45.849400 Out IP truncated-ip - 105 bytes missing! 172.16.10.1.514 > 172.16.10.10.514: SYSLOG local6.info, length: 127 >>>> Syslog packet sent out on ge-0/0/6 interface
19:52:45.850945 Out IP truncated-ip - 294 bytes missing! 172.16.10.1.22 > 172.16.10.10.50676: P 353:657(304) ack 192 win 32850
19:52:45.852205 Out IP truncated-ip - 742 bytes missing! 172.16.10.1.22 > 172.16.10.10.50676: P 657:1409(752) ack 192 win 32850
19:52:45.852415  In IP 172.16.10.10.50676 > 172.16.10.1.22: . ack 657 win 254
19:52:45.852503 Out IP truncated-ip - 54 bytes missing! 172.16.10.1.22 > 172.16.10.10.50676: P 1409:1473(64) ack 192 win 32850
19:52:45.862945  In IP 172.16.10.10.50676 > 172.16.10.1.22: . ack 1473 win 251
19:52:49.036954  In IP truncated-ip - 48 bytes missing! 172.16.10.10.50676 > 172.16.10.1.22: P 192:256(64) ack 1473 win 251
19:52:49.037324 Out IP truncated-ip - 1174 bytes missing! 172.16.10.1.22 > 172.16.10.10.50676: P 1473:2657(1184) ack 256 win 32850
19:52:49.245991  In IP 172.16.10.10.50676 > 172.16.10.1.22: . ack 2657 win 256
19:52:49.497722  In IP truncated-ip - 48 bytes missing! 172.16.10.10.50676 > 172.16.10.1.22: P 256:320(64) ack 2657 win 256
19:52:49.507879 Out IP truncated-ip - 150 bytes missing! 172.16.10.1.22 > 172.16.10.10.50676: P 2657:2817(160) ack 320 win 32850
19:52:49.717048  In IP 172.16.10.10.50676 > 172.16.10.1.22: . ack 2817 win 256
19:52:51.487925  In LLDP, name EX4500-SL-H8, length 60
        [|LLDP]
19:53:23.390544 Out IP truncated-ip - 140 bytes missing! 172.16.10.1.514 > 172.16.10.10.514: SYSLOG local6.warning, length: 162
19:53:23.390830 Out IP truncated-ip - 105 bytes missing! 172.16.10.1.514 > 172.16.10.10.514: SYSLOG local6.warning, length: 127
19:53:23.391091 Out IP truncated-ip - 102 bytes missing! 172.16.10.1.514 > 172.16.10.10.514: SYSLOG local6.warning, length: 124
19:53:23.402945 Out IP truncated-ip - 136 bytes missing! 172.16.10.1.514 > 172.16.10.10.514: SYSLOG local6.warning, length: 158
19:53:23.403229 Out IP truncated-ip - 213 bytes missing! 172.16.10.1.514 > 172.16.10.10.514: SYSLOG local6.warning, length: 235
19:53:23.403603 Out IP truncated-ip - 99 bytes missing! 172.16.10.1.514 > 172.16.10.10.514: SYSLOG local6.warning, length: 121

On VM: The syslog packet is seen:

Related Links: