Support Support Downloads Knowledge Base Service Request Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[vSRX] Unable to ping peer device after changing interface from ge-0/0/1 to reth10

0

0

Article ID: KB35248 KB Last Updated: 13 Nov 2019Version: 1.0
Summary:

vSRX hypervisor is VMware. After changing the interface from ge-0/0/1 to reth10, vSRX cannot ping the peer device.

Symptoms:

vSRX can ping peer device when configuring ge-0/0/1 as below:

{primary:node0}[edit]
root@vsrx-node0# show interfaces
ge-0/0/1 {
    unit 0 {
        family inet {
            address 10.85.154.151/25;
        }
    }
}

{primary:node0}
root@vsrx-node0> ping 10.85.154.130 count 10 rapid
PING 10.85.154.130 (10.85.154.130): 56 data bytes
!!!!!!!!!!
--- 10.85.154.130 ping statistics ---
10 packets transmitted, 10 packets received, 0% packet loss
round-trip min/avg/max/stddev = 3.942/9.800/10.796/1.980 ms

After changing ge-0/0/1 to reth10, the ping fails:

{primary:node0}[edit]
root@vsrx-node0# show interfaces
ge-0/0/1 {
    gigether-options {
        redundant-parent reth10;
    }
}
ge-7/0/1 {
    gigether-options {
        redundant-parent reth10;
    }
}
reth10 {
    redundant-ether-options {
        redundancy-group 1;
    }
    unit 0 {
        family inet {
            address 10.85.154.151/25;
        }
    }
}
{primary:node0}
root@vsrx-node0> ping 10.85.154.130 count 10 rapid
PING 10.85.154.130 (10.85.154.130): 56 data bytes
..........
--- 10.85.154.130 ping statistics ---
10 packets transmitted, 0 packets received, 100% packet loss

When monitoring traffic for reth10, it is discovered that SRX sent an ARP request, but did not receive an ARP reply:

{primary:node1}
root@vsrx-node1> monitor traffic interface reth10 extensive no-resolve no-domain-names no-promiscuous
Address resolution is OFF.
Listening on reth10, capture size 1514 bytes
 
22:20:32.537596 Out
                Juniper PCAP Flags [Ext], PCAP Extension(s) total length 16
                  Device Media Type Extension TLV #3, length 1, value: Ethernet (1)
                  Logical Interface Encapsulation Extension TLV #6, length 1, value: Ethernet (14)
                  Device Interface Index Extension TLV #1, length 2, value: 160
                  Logical Interface Index Extension TLV #4, length 4, value: 75
                -----original packet-----
                00:10:db:ff:10:0a > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 42: arp who-has 10.85.154.130 tell 10.85.154.131
22:20:33.337308 Out
                Juniper PCAP Flags [Ext], PCAP Extension(s) total length 16
                  Device Media Type Extension TLV #3, length 1, value: Ethernet (1)
                  Logical Interface Encapsulation Extension TLV #6, length 1, value: Ethernet (14)
                  Device Interface Index Extension TLV #1, length 2, value: 160
                  Logical Interface Index Extension TLV #4, length 4, value: 75
                -----original packet-----
                00:10:db:ff:10:0a > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 42: arp who-has 10.85.154.130 tell 10.85.154.131
Solution:

Confirmed the SRX configuration is good, but the VMware setting for data interface shows the following:

MAC Address Changes: Reject

After changing "MAC Address Changes" to "Accept", the ping is successful:

MAC Address Changes: Accept

{primary:node0}
root@vsrx-node0> ping 10.85.154.130 count 10 rapid
PING 10.85.154.130 (10.85.154.130): 56 data bytes
!!!!!!!!!!
--- 10.85.154.130 ping statistics ---
10 packets transmitted, 10 packets received, 0% packet loss
round-trip min/avg/max/stddev = 3.942/9.800/10.796/1.980 ms
When configuring ge-0/0/1 with 20.20.20.1/24, it will use the ge-0/0/1 mac address. For example: 4c:96:14:25:67:01.

When configuring interface reth0 with 20.20.20.1/24, it will use mac address 00:10:db:ff:10:0a.

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Security Alerts and Vulnerabilities

Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search