[j-nsp] 答复: 答复: 答复: SRX650 full-mesh vpn, ssh not passed
徐见
xujianlx at gmail.com
Thu Aug 8 21:47:22 EDT 2013
Yes. Double equal next-hop there, one path is directly connect node
1(st0.1), and another is node 2(st0.2)->node 3->node 1, ospf choose route
random. if next-hop is sto.1, traffic pass right, another route can't be.
It's all trouble with metric value of st0.X.
-----邮件原件-----
发件人: juniper-nsp [mailto:juniper-nsp-bounces at puck.nether.net] 代表 Payam
Chychi
发送时间: 2013年8月8日 4:56
收件人: juniper-nsp at puck.nether.net
主题: Re: [j-nsp] 答复: 答复: SRX650 full-mesh vpn, ssh not passed
so your valid path was actually invalid?
On 2013-08-06 6:43 PM, 徐见 wrote:
> Thx for you attention, I have found out the reason, it’s ospf issue,
> because ospf generate two next-hop for NET A on node 2.
>
>
>
> 发件人: Muhammad Atif Jauhar [mailto:atif.jauhar at gmail.com]
> 发送时间: 2013年8月5日 21:36
> 收件人: 徐见
> 抄送: juniper-nsp at puck.nether.net
> 主题: Re: [j-nsp] 答复: SRX650 full-mesh vpn, ssh not passed
>
>
>
> Hi,
>
> Is it possible to share configuration of Node 1, Node 2 and Node 3.
> and also output of Show route of Network behind Node 1 and Node 2 and
> Node 3 at all Nodes (1, 2, and 3).
>
>
>
> Regards,
> Atif.
>
>
>
> On Mon, Aug 5, 2013 at 10:58 AM, 徐见 <xujianlx at gmail.com> wrote:
>
> Actually, when I disable the first link of node 1, all nodes could
> pass every kind of traffic well, except node 2.
> And I build an same lab system, the issue not happen.
>
>
> -----邮件原件-----
> 发件人: Ojamo, V. [mailto:lists.ville at ojamo.eu]
> 发送时间: 2013年8月5日 15:02
> 收件人: '徐见'; juniper-nsp at puck.nether.net
> 主题: RE: [j-nsp] SRX650 full-mesh vpn, ssh not passed
>
> The pictures cannot be viewed without Weibo account?
>
>
> -V
>
>
>> -----Original Message-----
>> From: juniper-nsp [mailto:juniper-nsp-bounces at puck.nether.net]
>> On Behalf Of ??
>> Sent: Monday, August 05, 2013 1:18 PM
>> To: juniper-nsp at puck.nether.net
>> Subject: [j-nsp] SRX650 full-mesh vpn, ssh not passed
>>
>> Hi all:
>>
>> As the theme said, I have a route-based vpn,
> full-mesh
>> topology,
>> and run ospf protocol.
>>
>> Physical link topology is here:
>>
>> http://photo.weibo.com/2110817105/photos/detail/photo_id/3607
>> 937263216169#36
>> 07937263216169
>>
>> logical link topology is here:
>>
>>
>> http://photo.weibo.com/2110817105/photos/detail/photo_id/3607
>> 931668041778#36
>> 07926685185940
>>
>> the issue just between node 1 and node 2.
>>
>> As you can see, there are four links on node 1, and one link
> on node
>> 2, and
>> 2 vpn tunnel have been built between both,(st0.0, st0.1)
>>
>> And the two tunnel works as primary(st0.0) and backup(st0.1).
>>
>> The problem is, when primary down, ssh traffic from NET A to
> NET
>> B, can’t
>> passed, but from NET B to NET A is ok,
>>
>> Show route “NET B”, show route “NET A” commands show both
> of
>> them have
>> learned route from right tunnel (st0.1), ping command in
> bidirection
>> is ok
>> too.
>>
>> Anyone could give any idea?
>>
>>
>>
>> _______________________________________________
>> juniper-nsp mailing list juniper-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
>
>
>
>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
More information about the juniper-nsp
mailing list