[j-nsp] default-address-selection not working?

Pekka Savola pekkas at netcore.fi
Tue May 13 20:45:24 EDT 2003

On 13 May 2003, Lars Erik Gullerud wrote:
> Have a weird problem with one of our M40 routers. The box, like all our
> Junipers, is configured with "system default-address-selection" to
> source all RE-generated packets from lo0.0.
> However, in this particular box, this seems to have stopped working for
> some reason, and the router now picks the numerically lowest IP-address
> configured on any interface as its source address. We only discovered
> this when adding a new interface using an IP from a new netblock, since
> the address used on lo0 was in fact previously the numerically lowest on
> the system. Suddenly RADIUS, netflow and syslog-packets were being
> dropped by our firewall because they originated from a different source.
> When doing a "show interfaces snmp-index 0" to see the local IP's on the
> box, the output differs on this box from our other routers in that the
> lowest numerical IP will have "Flags: Is-Default" listed - none of our
> other M40s or our M5s display this flag on any address.
> We have tried removing the default-address-selection statement,
> committing, and adding it again with no change in behaviour. It is
> running JunOS 5.4R2.4 and has a current uptime of 203 days, and since it
> is scheduled to be upgraded to 5.6 in a few weeks, I'd rather not have
> to try to reboot it until then.

Yes, we've had the same problem with 5.4R3 (though how it came to be is a
different issue); a reboot (and simultaneous upgrade to 5.6) fixed it.  

Our screwup supposedly happened because 5.4 allowed you to configure an
lo0._1_ unit (and someone did that), but even though you removed it, it
would still screw up the default address selection until the reboot.  
This has been prevented in 5.3 and 5.4, and now fixed in 5.4R4.

But, of course, this could be a different problem too.

Pekka Savola                 "You each name yourselves king, yet the
Netcore Oy                    kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings

More information about the juniper-nsp mailing list