[j-nsp] 答复: 答复: SRX650 full-mesh vpn, ssh not passed
Payam Chychi
pchychi at gmail.com
Wed Aug 7 16:56:04 EDT 2013
so your valid path was actually invalid?
On 2013-08-06 6:43 PM, 徐见 wrote:
> Thx for you attention, I have found out the reason, it’s ospf issue,
> because ospf generate two next-hop for NET A on node 2.
>
>
>
> 发件人: Muhammad Atif Jauhar [mailto:atif.jauhar at gmail.com]
> 发送时间: 2013年8月5日 21:36
> 收件人: 徐见
> 抄送: juniper-nsp at puck.nether.net
> 主题: Re: [j-nsp] 答复: SRX650 full-mesh vpn, ssh not passed
>
>
>
> Hi,
>
> Is it possible to share configuration of Node 1, Node 2 and Node 3. and also
> output of Show route of Network behind Node 1 and Node 2 and Node 3 at all
> Nodes (1, 2, and 3).
>
>
>
> Regards,
> Atif.
>
>
>
> On Mon, Aug 5, 2013 at 10:58 AM, 徐见 <xujianlx at gmail.com> wrote:
>
> Actually, when I disable the first link of node 1, all nodes could pass
> every kind of traffic well, except node 2.
> And I build an same lab system, the issue not happen.
>
>
> -----邮件原件-----
> 发件人: Ojamo, V. [mailto:lists.ville at ojamo.eu]
> 发送时间: 2013年8月5日 15:02
> 收件人: '徐见'; juniper-nsp at puck.nether.net
> 主题: RE: [j-nsp] SRX650 full-mesh vpn, ssh not passed
>
> The pictures cannot be viewed without Weibo account?
>
>
> -V
>
>
>> -----Original Message-----
>> From: juniper-nsp [mailto:juniper-nsp-bounces at puck.nether.net]
>> On Behalf Of ??
>> Sent: Monday, August 05, 2013 1:18 PM
>> To: juniper-nsp at puck.nether.net
>> Subject: [j-nsp] SRX650 full-mesh vpn, ssh not passed
>>
>> Hi all:
>>
>> As the theme said, I have a route-based vpn,
> full-mesh
>> topology,
>> and run ospf protocol.
>>
>> Physical link topology is here:
>>
>> http://photo.weibo.com/2110817105/photos/detail/photo_id/3607
>> 937263216169#36
>> 07937263216169
>>
>> logical link topology is here:
>>
>>
>> http://photo.weibo.com/2110817105/photos/detail/photo_id/3607
>> 931668041778#36
>> 07926685185940
>>
>> the issue just between node 1 and node 2.
>>
>> As you can see, there are four links on node 1, and one link
> on node
>> 2, and
>> 2 vpn tunnel have been built between both,(st0.0, st0.1)
>>
>> And the two tunnel works as primary(st0.0) and backup(st0.1).
>>
>> The problem is, when primary down, ssh traffic from NET A to
> NET
>> B, can’t
>> passed, but from NET B to NET A is ok,
>>
>> Show route “NET B”, show route “NET A” commands show both
> of
>> them have
>> learned route from right tunnel (st0.1), ping command in
> bidirection
>> is ok
>> too.
>>
>> Anyone could give any idea?
>>
>>
>>
>> _______________________________________________
>> juniper-nsp mailing list juniper-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
>
>
>
>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
More information about the juniper-nsp
mailing list