[j-nsp] AE vs PT , and OSPF neigh not forming
Ben Dale
bdale at comlinx.com.au
Thu Jan 23 01:06:54 EST 2014
Make sure you have:
host-inbound-traffic protocols ospf
configured under the security zone for your reth interface
On 23 Jan 2014, at 3:58 pm, Samol <molasian at gmail.com> wrote:
> Hi List,
>
> I've got not another problem with ospf neigh. As the topo below, SRX and MX
> can reach each other by ping, but ospf neig can't form.
>
> MX (ae0.88)------------------(pt-1/0/0.0) SRX
>
> I did the investigation on SRX and I found that SRX is sending/receiving
> ospf hello message.
>
> Time Filter Action Interface Protocol Src Addr
> Dest Addr
> 18:37:46 pfe A pt-1/0/0.0 OSPF 172.16.161.1
> 224.0.0.5
> 18:37:44 OSPF-DEBUG A local OSPF 172.16.161.2
> 224.0.0.5
> 18:37:38 pfe A pt-1/0/0.0 OSPF 172.16.161.1
> 224.0.0.5
> 18:37:35 OSPF-DEBUG A local OSPF 172.16.161.2
> 224.0.0.5
> 18:37:29 pfe A pt-1/0/0.0 OSPF 172.16.161.1
> 224.0.0.5
> 18:37:26 OSPF-DEBUG A local OSPF 172.16.161.2
> 224.0.0.5
>
> However, on MX side, It's sending the hello message, but it's not receiving
> hello message that SRX ACKs. that leads to OSPF state in INIT state on SRX
> side, and no neigh status on MX side. Looking in to ae interface statistics
> , get the result as below :
>
> Link:
> ge-1/0/0.88
> Input : 0 0 0 0
> Output: 62551 0 6804562 0
> ge-1/0/1.88
> Input : 882 0 287932 0
> Output: 0 0 0 0
>
> it's using one link to send and another to receive. Surely, OSPF message
> that sending from SRX is being dropped somewhere in the middle, however why
> is it not dropping ICMP message ? Any idea is really appreciated.
>
> Regards,
>
>
>
> --
> Samol Khoeurn
> (855) 077 55 64 02 / (855) 067 41 88 66
> Network Engineer
> Cisco: CCNA/CCNP SP/CCIP/
> Juniper: JNCIA/JNCIS-ENT,SP,SEC/JNCIP-ENT
> www.linkedin.com/in/samolkhoeurn
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
More information about the juniper-nsp
mailing list