Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[MX] When primary RE is down or rebooting, device is inaccessible over telnet/SSH



Article ID: KB36547 KB Last Updated: 03 Mar 2021Version: 1.0

This article explains a scenario wherein the device itself becomes unreachable when the primary Routing Engine goes down or is rebooting. The workaround in this case would be to resolve the device name in the DNS registry to the loopback address of the device.



Device cannot be accessed via SSH/telnet when the primary RE has gone down or is rebooting.



On MX platforms with redundant Routing Engines, there may be instances when the primary RE (referred to as RE0 here) goes down or is rebooting and the device too becomes unreachable. Note that the device may be functional with the previous backup RE (referred to as RE1) taking mastership.

This is because the device name has been resolved to the management IP address of RE0 in the DNS registry that is used in the customer network.

show interfaces terse em*

Interface               Admin Link Proto    Local                 Remote
em0                     up    up
em0.0                   up    up   inet      
                                   inet6    fe80::200:ff:fe00:4/64
                                   tnp      0x4             
em1                     up    up
em1.0                   up    up   inet      
                                   inet6    fe80::200:1ff:fe00:4/64
                                   tnp      0x4    

If you run the above output on your device, you can find the IP addresses configured on the management "em" interfaces. If the corresponding RE goes down, the em interface goes down as well.



Ideally with systems running redundant REs, the DNS registry should resolve the device hostname to an IP address that is always up, as long as the device is up, such as the loopback address.

Therefore, the solution to this problem would be to resolve the device name in the DNS registry to the loopback address of the device. Thus, whichever RE has the primary role, the device will always be accessible.

You can check the address assigned to the loopback address by using the following command:

show interfaces terse lo0  
Interface               Admin Link Proto    Local                 Remote
lo0                     up    up
lo0.0                   up    up   inet            --> 0/0
lo0.16384               up    up   inet           --> 0/0
lo0.16385               up    up   inet    


Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search