Scenario:
- upstream QFX pair, connected to SRX HA-pair, 4 ports crossed over for mesh redundancy (reth on SRX to ae on QFX)
- reth has LACP active
Problem:
- ping from QFX to host behind SRX only works for odd numbered IP address
Using capture files, I can see:
- ICMP ECHO-REQUEST arrive on reth from QFX (both odd and even numbered IPs)
- ICMP ECHO-REQUEST sent out physical (for odd numbered IPs)
- ICMP ECHO-REPLY arrive on the other side reth (for odd numbered IPs)
- ICMP ECHO-REPLY sent out physical to QFX (for odd numbered IPs)
Even numbered IP packets disappear.
LACP output:
LACP state: Role Exp Def Dist Col Syn Aggr Timeout Activity
ge-0/0/6 Actor No No Yes Yes Yes Yes Fast Active
ge-0/0/6 Partner No No Yes Yes Yes Yes Fast Passive
ge-0/0/7 Actor No No Yes Yes Yes Yes Fast Active
ge-0/0/7 Partner No No Yes Yes Yes Yes Fast Passive
ge-9/0/6 Actor No No Yes Yes Yes Yes Fast Active
ge-9/0/6 Partner No No Yes Yes Yes Yes Fast Passive
ge-9/0/7 Actor No No Yes Yes Yes Yes Fast Active
ge-9/0/7 Partner No No Yes Yes Yes Yes Fast Passive
LACP protocol: Receive State Transmit State Mux State
ge-0/0/6 Current Fast periodic Collecting distributing
ge-0/0/7 Current Fast periodic Collecting distributing
ge-9/0/6 Current Fast periodic Collecting distributing
ge-9/0/7 Current Fast periodic Collecting distributingInterfaces are all up:
show interfaces terse | match reth6 ge-0/0/6.0 up up aenet --> reth6.0 ge-0/0/7.0 up up aenet --> reth6.0 ge-9/0/6.0 up up aenet --> reth6.0 ge-9/0/7.0 up up aenet --> reth6.0 reth6 up up reth6.0 up up inet 1.2.3.4/29
The reth looks like this:
show interfaces reth6
Physical interface: reth6 , Enabled, Physical link is Up
Interface index: 134, SNMP ifIndex: 573
Link-level type: Ethernet, MTU: 1514, Speed: 2Gbps, BPDU Error: None, MAC-REWRITE Error: None, Loopback: Disabled, Source filtering: Disabled, Flow control: Disabled, Minimum links needed: 1,
Minimum bandwidth needed: 1bps
Device flags : Present Running
Interface flags: SNMP-Traps Internal: 0x0
Current address: 00:10:db:ED:IT:ED, Hardware address: 00:10:db:ED:IT:ED
Last flapped : 2018-12-10 17:08:10 EST (07:07:20 ago)
Input rate : 3936 bps (0 pps)
Output rate : 272 bps (0 pps)
Logical interface reth6.0 (Index 95) (SNMP ifIndex 574)
Flags: Up SNMP-Traps 0x0 Encapsulation: ENET2
Statistics Packets pps Bytes bps
Bundle:
Input : 135576 0 16490480 3936
Output: 58629 0 4452718 272
Adaptive Statistics:
Adaptive Adjusts: 0
Adaptive Scans : 0
Adaptive Updates: 0
Security: Zone: UNTRUSTED
Allowed host-inbound traffic : ping ssh
Protocol inet, MTU: 1500
Flags: Sendbcast-pkt-to-re
Addresses, Flags: Is-Preferred Is-Primary
What it feels like is the juniper is discarding the packets because it doesn't like which interface they arrived on.
reth6 is configured:
show configuration interfaces reth6
redundant-ether-options {
redundancy-group 6;
lacp {
active;
}
}
unit 0 {
family inet {
filter {
input ICMP-CAPTURE;
output ICMP-CAPTURE;
}
address 1.2.3.4/29;
}
}
show configuration interfaces ge-0/0/6
gigether-options {
redundant-parent reth6;
}
...which I imagine to be pretty normal and the ge's are all the same.
I feel like I'm missing something obvious but I don't quite know what.